Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Cisco
  3. CCNP Security
  4. 300-710
  5. Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Pass the Cisco CCNP Security 300-710 Questions and answers with CertsForce

 Cisco Exams      Go to Exam Detail      Get Premium Access
Viewing page 5 out of 12 pages
Viewing questions 41-50 out of questions
Questions # 41:

Due to an Increase in malicious events, a security engineer must generate a threat report to include intrusion in events, malware events, and security intelligence events. How Is this information collected in a single report?

Options:
A.

Run the default Firepower report.

B.

Export the Attacks Risk report.

C.

Generate a malware report.

D.

Create a Custom report.

Expert Solution
Questions # 42:

A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. Which technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?

Options:
A.

utilizing a dynamic Access Control Policy that updates from Cisco Talos

B.

utilizing policy inheritance

C.

creating a unique Access Control Policy per device

D.

creating an Access Control Policy with an INSIDE_NET network object and object overrides

Expert Solution
Questions # 43:

An engineer wants to change an existing transparent Cisco FTD to routed mode.

The device controls traffic between two network segments. Which action is mandatory to allow hosts to reestablish communication between these two segments after the change?

Options:
A.

remove the existing dynamic routing protocol settings.

B.

configure multiple BVIs to route between segments.

C.

assign unique VLAN IDs to each firewall interface.

D.

implement non-overlapping IP subnets on each segment.

Expert Solution
Questions # 44:

An engineer wants to add an additional Cisco FTD Version 6.2.3 device to their current 6.2.3 deployment to create a high availability pair.

The currently deployed Cisco FTD device is using local management and identical hardware including the available port density to enable the failover and stateful links required in a proper high availability deployment. Which action ensures that the environment is ready to pair the new Cisco FTD with the old one?

Options:
A.

Change from Cisco FDM management to Cisco FMC management on both devices and register them to FMC.

B.

Ensure that the two devices are assigned IP addresses from the 169 254.0.0/16 range for failoverinterfaces.

C.

Factory reset the current Cisco FTD so that it can synchronize configurations with the new Cisco FTDdevice.

D.

Ensure that the configured DNS servers match on the two devices for name resolution.

Expert Solution
Questions # 45:

Question # 45

Question # 45

Question # 45

Refer to the exhibit. An engineer analyzes a Cisco Firepower Management Center dashboard. Which action must be taken by the user to decrease the risk of data loss?

Options:
A.

Stop all URLs that have an unknown reputation.

B.

Block the use of Dropbox.

C.

Stop all the URLs that are uncategorized.

D.

Block all the BitTorrent applications.

Expert Solution
Questions # 46:

An engineer is configuring two new Cisco FTD devices to replace the existing high availability firewall pair in a highly secure environment. The information exchanged between the FTD devices over the failover link must be encrypted. Which protocol supports this on the Cisco FTD?

Options:
A.

IPsec

B.

SSH

C.

SSL

D.

MACsec

Expert Solution
Questions # 47:

Which firewall design allows a firewall to forward traffic at layer 2 and layer 3 for the same subnet?

Options:
A.

Cisco Firepower Threat Defense mode

B.

transparent mode

C.

routed mode

D.

integrated routing and bridging

Expert Solution
Questions # 48:

Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

Options:
A.

The BVI IP address must be in a separate subnet from the connected network.

B.

Bridge groups are supported in both transparent and routed firewall modes.

C.

Bridge groups are supported only in transparent firewall mode.

D.

Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

E.

Each directly connected network must be on the same subnet.

Expert Solution
Questions # 49:

An engineer is configuring a Cisco Secure Firewall Threat Defense device and warns to create a new intrusion rule based on the detection of a specific pattern in the data payload for a new zero-day exploit. Which keyword type must be used to add a Line that identifies the author of the rule and the date it was created?

Options:
A.

metadata

B.

content

C.

reference

D.

gtp_info

Expert Solution
Questions # 50:

A security engineer manages a firewall console and an endpoint console and finds it challenging and the consuming to review events and modify blocking of specific files in both consoles. Which action must the engineer take to streamline this process?

Options:
A.

From the Secure FMC. create a Cisco Secure Endpoint object and reference the object in the Cisco Secure Endpoint console.

B.

From the Cisco Secure Endpoint console, Croats and copy an API key and paste into the Cisco Secure AMP tab

C.

initiate the integration between Secure FMC and Cisco Secure Endpoint from the Secure FMC using the AMP tab

D.

Within the Cisco Secure Endpoint console, copy the connector GUID and paste into the Cisco Secure Firewall Management Center (FMC) AMP tab.

Expert Solution
Viewing page 5 out of 12 pages
Viewing questions 41-50 out of questions