1. Home
  2. Cisco
  3. CCNP Security
  4. 300-710
  5. Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Pass the Cisco CCNP Security 300-710 Questions and answers with CertsForce

 Cisco Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 10 pages
Viewing questions 1-10 out of questions
Questions # 1:

Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?

Options:
A.

FlexConfig

B.

BDI

C.

SGT

D.

IRB

Expert Solution
Questions # 2:

Which Cisco Firepower rule action displays an HTTP warning page?

Options:
A.

Monitor

B.

Block

C.

Interactive Block

D.

Allow with Warning

Expert Solution
Questions # 3:

A network administrator reviews the file report for the last month and notices that all file types, except exe. show a disposition of unknown. What is the cause of this issue?

Options:
A.

The malware license has not been applied to the Cisco FTD.

B.

The Cisco FMC cannot reach the Internet to analyze files.

C.

A file policy has not been applied to the access policy.

D.

Only Spero file analysis is enabled.

Expert Solution
Questions # 4:

An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?

Options:
A.

Modify the Cisco ISE authorization policy to deny this access to the user.

B.

Modify Cisco ISE to send only legitimate usernames to the Cisco FTD.

C.

Add the unknown user in the Access Control Policy in Cisco FTD.

D.

Add the unknown user in the Malware & File Policy in Cisco FTD.

Expert Solution
Questions # 5:

Which two actions can be used in an access control policy rule? (Choose two.)

Options:
A.

Block with Reset

B.

Monitor

C.

Analyze

D.

Discover

E.

Block ALL

Expert Solution
Questions # 6:

In which two places can thresholding settings be configured? (Choose two.)

Options:
A.

on each IPS rule

B.

globally, within the network analysis policy

C.

globally, per intrusion policy

D.

on each access control rule

E.

per preprocessor, within the network analysis policy

Expert Solution
Questions # 7:

A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it What is the reason for this issue?

Options:
A.

A manual NAT exemption rule does not exist at the top of the NAT table.

B.

An external NAT IP address is not configured.

C.

An external NAT IP address is configured to match the wrong interface.

D.

An object NAT exemption rule does not exist at the top of the NAT table.

Expert Solution
Questions # 8:

What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?

Options:
A.

The rate-limiting rule is disabled.

B.

Matching traffic is not rate limited.

C.

The system rate-limits all traffic.

D.

The system repeatedly generates warnings.

Expert Solution
Questions # 9:

Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

Options:
A.

The BVI IP address must be in a separate subnet from the connected network.

B.

Bridge groups are supported in both transparent and routed firewall modes.

C.

Bridge groups are supported only in transparent firewall mode.

D.

Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

E.

Each directly connected network must be on the same subnet.

Expert Solution
Questions # 10:

An engineer is using the configure manager add Cisc402098527 command to add a new Cisco FTD device to the Cisco FMC; however, the device is not being added. Why Is this occurring?

Options:
A.

The NAT ID is required since the Cisco FMC is behind a NAT device.

B.

The IP address used should be that of the Cisco FTD. not the Cisco FMC.

C.

DONOTRESOLVE must be added to the command

D.

The registration key is missing from the command

Expert Solution
Viewing page 1 out of 10 pages
Viewing questions 1-10 out of questions