Spring Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Cisco CCNP Security 300-710 Questions and answers with Dumpstech

Home
Cisco
CCNP Security
300-710
300-710 Questions and Answers

Exam 300-710 Premium Access

View all detail and faqs for the 300-710 exam

Go to Exam

Practice at least 50% of the questions to maximize your chances of passing.

Viewing page 8 out of 12 pages

Viewing questions 71-80 out of questions

Questions # 71:

An engineer runs the command restore remote-manager-backup location 2.2.2.2 admin /Volume/home/admin FTD408566513.zip on a Cisco FMC. After connecting to the repository, the Cisco FTD device is unable to accept the backup file. What is the reason for this failure?

Options:

The backup file is not in .cfg format.

The wrong IP address is used.

The backup file extension was changed from .tar to .zip.

The directory location is incorrect.

Answer

Explanation

[Reference:https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2019/pdf/BRKSEC-3455.pdf, , , , ]

Questions # 72:

An engineer is configuring two new Cisco Secure Firewall Threat Defense devices to replace the existing firewalls. Network traffic must be analyzed for intrusion events without impacting the traffic. What must the engineer implement next to accomplish the goal?

Options:

Passive mode

Inline Pair in Tap mode

ERSPAN Passive mode

Inline Pair mode

Answer

Questions # 73:

Which Cisco Rapid Threat Containment mitigation action is enabled by integrating pxGrid Adaptive Network Control with Cisco ISE and Cisco Secure Firewall Management Center?

Options:

Block

Terminate

Suspend

Reject

Answer

Questions # 74:

An engineer is configuring Cisco FMC and wants to allow multiple physical interfaces to be part of the same VLAN. The managed devices must be able to perform Layer 2 switching between interfaces, including sub-interfaces. What must be configured to meet these requirements?

Options:

interface-based VLAN switching

inter-chassis clustering VLAN

integrated routing and bridging

Cisco ISE Security Group Tag

Answer

Questions # 75:

A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash. Which configuration is needed to mitigate this threat?

Options:

Add the hash to the simple custom deletion list.

Use regular expressions to block the malicious file.

Enable a personal firewall in the infected endpoint.

Add the hash from the infected endpoint to the network block list.

Answer

Questions # 76:

A network administrator is trying to configure Active Directory authentication for VPN authentication to a Cisco Secure Firewall Threat Defence instance that is registered with Cisco Secure Firewall Management Center. Which system settings must be configured first in Secure Firewall Management Center to accomplish the goal?

Options:

Device, Remote Access VPN

System, Realms

Policies, Authentication

Authentication, Device

Answer

Explanation

To configure Active Directory authentication for VPN authentication on a Cisco Secure Firewall Threat Defense (FTD) instance registered with Cisco Secure Firewall Management Center (FMC), the administrator needs to configure Realms in the System settings of the FMC. Realms in FMC are used to define the directory servers (e.g., Active Directory) and how they are used for user authentication.

Steps to configure this in FMC:

Navigate toSystem > Integration > Realms and Directory.

Add a new realm and configure the necessary details such as the directory server type (e.g., Active Directory), server address, and bind credentials.

Test the connection to ensure it works correctly.

This setup allows the FMC to authenticate VPN users against the Active Directory, thereby enabling secure access control for VPN connections.

[References:Cisco Secure Firewall Management Center Administrator Guide, Chapter on Realms Configuration., , , ]

Questions # 77:

An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware. Which two configuration takes must be performed to achieve this file lookup? (Choose two.)

Options:

The Cisco FMC needs to include a SSL decryption policy.

The Cisco FMC needs to connect to the Cisco AMP for Endpoints service.

The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing.

The Cisco FMC needs to connect with the FireAMP Cloud.

The Cisco FMC needs to include a file inspection policy for malware lookup.

Answer

D, E

Questions # 78:

A network administrator needs to create a policy on Cisco Firepower to fast-path traffic to avoid Layer 7 inspection. The rate at which traffic is inspected must be optimized. What must be done to achieve this goal?

Options:

Enable lhe FXOS for multi-instance.

Configure a prefilter policy.

Configure modular policy framework.

Disable TCP inspection.

Answer

Questions # 79:

A network engineer must configure IPS mode on a Cisco Secure firewall Threat Defense device to inspect traffic and act as an IDS. The engineer already configured the passive-interface on the secure firewall threat Defence device and SPAN on the switch. What must be configured next by the engineer?

Options:

intrusion policy on the Secure Firewall Threat Defense device

active Interface on me Secure Firewall threat Defense device

DHCP on the switch

active SPAN port on the switch

Answer

Explanation

To configure IPS mode on a Cisco Secure Firewall Threat Defense (FTD) device to inspect traffic and act as an IDS, the network engineer must configure an intrusion policy on the FTD device. The passive-interface and SPAN on the switch have already been configured, which means the traffic is being mirrored to the FTD. The next step is to set up an intrusion policy that defines the rules and actions for detecting and responding to malicious traffic.

Steps:

In FMC, navigate toPolicies > Intrusion.

Create a new intrusion policy or edit an existing one.

Define the rules and actions for detecting threats.

Apply the intrusion policy to the relevant interfaces or access control policies.

This configuration enables the FTD to inspect the mirrored traffic and take appropriate actions based on the defined intrusion policy.

[References:Cisco Secure Firewall Management Center Administrator Guide, Chapter on Intrusion Policies., , , ]

Questions # 80:

A network administrator is migrating from a Cisco ASA to a Cisco FTD.

EIGRP is configured on the Cisco ASA but it is not available in the Cisco FMC.

Which action must the administrator take to enable this feature on the Cisco FTD?

Options:

Configure EIGRP parameters using FlexConfig objects.

Add the command feature eigrp via the FTD CLI.

Create a custom variable set and enable the feature in the variable set.

Enable advanced configuration options in the FMC.

Answer

Viewing page 8 out of 12 pages

Viewing questions 71-80 out of questions

Modal title

Registered Required

In order to participate in the comments you need to be logged-in.
You can sign-up or login (it's free).