Spring Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Cisco CCNP Security 300-710 Questions and answers with Dumpstech

Exam 300-710 Premium Access

View all detail and faqs for the 300-710 exam

Go to Exam
Practice at least 50% of the questions to maximize your chances of passing.
Viewing page 3 out of 12 pages
Viewing questions 21-30 out of questions
Questions # 21:

An administrator must use Cisco FMC to install a backup route within the Cisco FTD to route traffic in case of a routing failure with the primary route. Which action accomplishes this task?

Options:

A.

Install the static backup route and modify the metric to be less than the primary route.

B.

Configure EIGRP routing on the FMC to ensure that dynamic routes are always updated.

C.

Use a default route on the FMC instead of having multiple routes contending for priority.

D.

Create the backup route and use route tracking on both routes to a destination IP address in the network.

Questions # 22:

Network traffic coining from an organization's CEO must never be denied. Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic?

Options:

A.

Configure firewall bypass.

B.

Change the intrusion policy from security to balance.

C.

Configure a trust policy for the CEO.

D.

Create a NAT policy just for the CEO.

Questions # 23:

A network engineer must configure an existing firewall to have a NAT configuration. The now configuration must support more than two interlaces per context. The firewall has previously boon operating transparent mode. The Cisco Secure Firewall Throat Defense (FTD) device has been deregistered from Cisco Secure Firewall Management Center (FMC). Which set of configuration actions must the network engineer take next to meet the requirements?

Options:

A.

Run the configure manager add routed command from the Secure FTD device CL1, and reregister with Secure FMC.

B.

Run the configure firewall routed command from the Secure FTD device CD, and reregister with Secure FMC.

C.

Run the configure manager add routed command from the Secure FMC CLI. and reregister with Secure FMC.

D.

Run the configure firewall routed command from the Secure FMC CLI. and reregister with Secure FMC.

Questions # 24:

An engineer must configure a Cisco FMC dashboard in a child domain. Which action must be taken so that the dashboard is visible to the parent domain?

Options:

A.

Add a separate tab.

B.

Adjust policy inheritance settings.

C.

Add a separate widget.

D.

Create a copy of the dashboard.

Questions # 25:

A network administrator is trying to configure an access rule to allow access to a specific banking site over HTTPS. Which method must the administrator use to meet the requirement?

Options:

A.

Enable SSL decryption and specify the URL.

B.

Define the URL to be blocked and set the application to HTTP.

C.

Define the URL to be blocked and disable SSL inspection.

D.

Block the category of banking and define the application of WWW.

Questions # 26:

A network administrator is implementing an active/passive high availability Cisco FTD pair.

When adding the high availability pair, the administrator cannot select the secondary peer.

What is the cause?

Options:

A.

The second Cisco FTD is not the same model as the primary Cisco FTD.

B.

An high availability license must be added to the Cisco FMC before adding the high availability pair.

C.

The failover link must be defined on each Cisco FTD before adding the high availability pair.

D.

Both Cisco FTD devices are not at the same software Version

Questions # 27:

A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet How is this accomplished on an FTD device in routed mode?

Options:

A.

by leveraging the ARP to direct traffic through the firewall

B.

by assigning an inline set interface

C.

by using a BVI and create a BVI IP address in the same subnet as the user segment

D.

by bypassing protocol inspection by leveraging pre-filter rules

Questions # 28:

What are two application layer preprocessors? (Choose two.)

Options:

A.

CIFS

B.

IMAP

C.

SSL

D.

DNP3

E.

ICMP

Questions # 29:

Question # 29

Refer to the exhibit. Users attempt to connect to numerous external resources on various TCP ports. If the users mistype the port, their connection closes immediately, and it takes more than one minute before the connection is torn down. An engineer manages to capture both types of connections as shown in the exhibit. What must the engineer configure to lower the timeout values for the second group of connections and resolve the user issues?

Options:

A.

Outbound access rule with the Block with reset action

B.

Outbound access rule that allows the entire ICMP protocol suite

C.

Inbound access rule that allows TCP reset packets from outside

Questions # 30:

A security engineer must create a malware and file policy on a Cisco Secure Firewall Threat Defense device. The solution must ensure that PDF. DOCX, and XLSX files are not sent lo Cisco Secure Malware analytics. What must do configured to meet the requirements''

Options:

A.

capacity handling

B.

Spero analysis

C.

dynamic analysis

D.

local malware analysis

Viewing page 3 out of 12 pages
Viewing questions 21-30 out of questions