1. Home
  2. Cisco
  3. CCNP Security
  4. 300-710
  5. Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Pass the Cisco CCNP Security 300-710 Questions and answers with CertsForce

 Cisco Exams      Go to Exam Detail      Get Premium Access
Viewing page 7 out of 10 pages
Viewing questions 61-70 out of questions
Questions # 61:

Question # 61

Refer to the exhibit. Users attempt to connect to numerous external resources on various TCP ports. If the users mistype the port, their connection closes immediately, and it takes more than one minute before the connection is torn down. An engineer manages to capture both types of connections as shown in the exhibit. What must the engineer configure to lower the timeout values for the second group of connections and resolve the user issues?

Options:
A.

outbound access rule that allows the entire ICMP protocol suite

B.

inbound access rule that allows ICMP Type 3 from outside

C.

inbound access rule that allows TCP reset packets from outside

D.

outbound access rule with the Block with reset action

Expert Solution
Questions # 62:

An engineer must integrate a third-party security intelligence feed with Cisco Secure Firewall Management Center. Secure Firewall Management Center is running Version 6.2.3 and has 8

GB of memory. Which two actions must be taken to implement Threat Intelligence Director? (Choose two.)

Options:
A.

Enable REST API access.

B.

Add a TAXII server.

C.

Add the URL of the TAXII server.

D.

Upgrade to version 6.6.

E.

Add 7 GB of memory.

Expert Solution
Questions # 63:

An administrator must use Cisco FMC to install a backup route within the Cisco FTD to route traffic in case of a routing failure with the primary route. Which action accomplishes this task?

Options:
A.

Install the static backup route and modify the metric to be less than the primary route.

B.

Configure EIGRP routing on the FMC to ensure that dynamic routes are always updated.

C.

Use a default route on the FMC instead of having multiple routes contending for priority.

D.

Create the backup route and use route tracking on both routes to a destination IP address in the network.

Expert Solution
Questions # 64:

A security engineer manages a firewall console and an endpoint console and finds it challenging and the consuming to review events and modify blocking of specific files in both consoles. Which action must the engineer take to streamline this process?

Options:
A.

From the Secure FMC. create a Cisco Secure Endpoint object and reference the object in the Cisco Secure Endpoint console.

B.

From the Cisco Secure Endpoint console, Croats and copy an API key and paste into the Cisco Secure AMP tab

C.

initiate the integration between Secure FMC and Cisco Secure Endpoint from the Secure FMC using the AMP tab

D.

Within the Cisco Secure Endpoint console, copy the connector GUID and paste into the Cisco Secure Firewall Management Center (FMC) AMP tab.

Expert Solution
Questions # 65:

Refer to the exhibit.

An engineer is modifying an access control policy to add a rule to Inspect all DNS traffic that passes it making the change and deploying the policy, they see that DNS traffic Is not being Inspected by the Snort engine. What is......

Options:
A.

The action of the rule is set to trust instead of allow.

B.

The rule must specify the security zone that originates the traffic.

C.

The rule Is configured with the wrong setting for the source port.

D.

The rule must define the source network for inspection as well as the port.

Expert Solution
Questions # 66:

An engineer is configuring Cisco FMC and wants to limit the time allowed for processing packets through the interface However if the time is exceeded the configuration must allow packets to bypass detection What must be configured on the Cisco FMC to accomplish this task?

Options:
A.

Fast-Path Rules Bypass

B.

Cisco ISE Security Group Tag

C.

Inspect Local Traffic Bypass

D.

Automatic Application Bypass

Expert Solution
Questions # 67:

An engineer must implement static route tracking on a Cisco Secure Firewall Threat Defense appliance. Static route and IP SLA operation has already been configured. Static route must be removed from the routing table if the tracked object is unreachable. Which action must the engineer take next to meet the requirement?

Options:
A.

Implement a secondary route that has a higher precedence.

B.

Enable the IP SLA Responder on the backup path interface.

C.

Assign a tracking object to the static route and the IP SLA operation.

D.

Enable an ICMP redirect message on the interface connected to the backup path.

Expert Solution
Questions # 68:

Which feature sets up multiple interfaces on a Cisco Secure Firewall Threat Defense to be on the same subnet?

Options:
A.

EtherChannel

B.

SVI

C.

BVI

D.

security levels

Expert Solution
Questions # 69:

A network administrator is troubleshooting access to a website hosted behind a Cisco FTD device External clients cannot access the web server via HTTPS The IP address configured on the web server is 192 168 7.46 The administrator is running the command capture CAP interface outside match ip any 192.168.7.46 255.255.255.255 but cannot see any traffic in the capture Why is this occurring?

Options:
A.

The capture must use the public IP address of the web server.

B.

The FTD has no route to the web server.

C.

Theaccess policy is blocking the traffic.

D.

The packet capture shows only blocked traffic

Expert Solution
Questions # 70:

Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

Options:
A.

The units must be the same version

B.

Both devices can be part of a different group that must be in the same domain when configured within the FMC.

C.

The units must be different models if they are part of the same series.

D.

The units must be configured only for firewall routed mode.

E.

The units must be the same model.

Expert Solution
Viewing page 7 out of 10 pages
Viewing questions 61-70 out of questions