Spring Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Cisco CCNP Security 300-710 Questions and answers with Dumpstech

Home
Cisco
CCNP Security
300-710
300-710 Questions and Answers

Exam 300-710 Premium Access

View all detail and faqs for the 300-710 exam

Go to Exam

Practice at least 50% of the questions to maximize your chances of passing.

Viewing page 4 out of 12 pages

Viewing questions 31-40 out of questions

Questions # 31:

A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?

Options:

The destination MAC address is optional if a VLAN ID value is entered

Only the UDP packet type is supported

The output format option for the packet logs unavailable

The VLAN ID and destination MAC address are optional

Answer

Questions # 32:

What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?

Options:

The rate-limiting rule is disabled.

Matching traffic is not rate limited.

The system rate-limits all traffic.

The system repeatedly generates warnings.

Answer

Explanation

[Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/quality_of_service_qos.pdf, , ]

Questions # 33:

There is an increased amount of traffic on the network and for compliance reasons, management needs visibility into the encrypted traffic What is a result of enabling TLS'SSL decryption to allow this visibility?

Options:

It prompts the need for a corporate managed certificate

It has minimal performance impact

It is not subject to any Privacy regulations

It will fail if certificate pinning is not enforced

Answer

Questions # 34:

Which component is needed to perform rapid threat containment with Cisco FMC?

Options:

ISE

RESTful API

SIEM

DDI

Answer

Explanation

To perform rapid threat containment with Cisco FMC, the necessary component is Cisco Identity Services Engine (ISE). ISE integrates with FMC to provide dynamic network access control and enforcement, allowing for quick isolation of compromised endpoints based on security events detected by FMC.

Steps:

Integrate FMC with ISE by configuring the necessary settings in both platforms.

Define security policies in FMC that trigger rapid threat containment actions via ISE.

When a threat is detected, FMC can instruct ISE to isolate the affected endpoint, limiting its access to the network.

This integration enables automated and efficient threat containment, reducing the response time and mitigating the impact of security incidents.

[References:Cisco Secure Firewall Management Center Integration Guide, Chapter on ISE Integration for Rapid Threat Containment., , , ]

Questions # 35:

An organization wants to secure traffic from their branch office to the headquarter building using Cisco Firepower devices, They want to ensure that their Cisco Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements?

Options:

Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies

Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic

Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic.

Tune the intrusion policies in order to allow the VPN traffic through without inspection

Answer

Explanation

When you configure the Cisco Firepower devices to bypass the access control policies for VPN traffic, the devices will not inspect the VPN traffic and thus will not waste resources on it. This is the best option to ensure that the VPN traffic is not wasting resources on the Cisco Firepower devices.

[Reference:https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/219759-configure-bypass-policies-on-the-cisco-firepow.html, , , , ]

Questions # 36:

A security engineer found a suspicious file from an employee email address and is trying to upload it for analysis, however the upload is failing. The last registration status is still active. What is the cause for this issue?

Options:

Cisco AMP for Networks is unable to contact Cisco Threat Grid on premise.

Cisco AMP for Networks is unable to contact Cisco Threat Grid Cloud.

There is a host limit set.

The user agent status is set to monitor.

Answer

Questions # 37:

What is the maximum SHA level of filtering that Threat Intelligence Director supports?

Options:

SHA-1024

SHA-4096

SHA-512

SHA-256

Answer

Explanation

[Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/cisco_threat_intelligence_directortid_.html, , , , ]

Questions # 38:

A network engineer is configuring URL Filtering on Firepower Threat Defense. Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)

Options:

outbound port TCP/443

inbound port TCP/80

outbound port TCP/8080

inbound port TCP/443

outbound port TCP/80

Answer

A, E

Explanation

[Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/SecurityInternet_Accessand_Communication_Ports.html, , , ]

Questions # 39:

A network administrator is configuring Snort inspection policies and is seeing failed deployment messages in Cisco FMC. What information should the administrator generate for Cisco TAC to help troubleshoot?

Options:

A "show tech" file for the device in question.

A "troubleshoot" file for the device in question.

A "troubleshoot" file for the Cisco FMC.

A "show tech" for the Cisco FMC.

Answer

Questions # 40:

Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

Options:

The BVI IP address must be in a separate subnet from the connected network.

Bridge groups are supported in both transparent and routed firewall modes.

Bridge groups are supported only in transparent firewall mode.

Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

Each directly connected network must be on the same subnet.

Answer

B, E

Explanation

[Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html, , ]

Viewing page 4 out of 12 pages

Viewing questions 31-40 out of questions

Modal title

Registered Required

In order to participate in the comments you need to be logged-in.
You can sign-up or login (it's free).