1. Home
  2. Cisco
  3. CCNP Security
  4. 300-710
  5. Securing Networks with Cisco Firepower (300-710 SNCF) Questions and Answers

Pass the Cisco CCNP Security 300-710 Questions and answers with CertsForce

 Cisco Exams      Go to Exam Detail      Get Premium Access
Viewing page 8 out of 10 pages
Viewing questions 71-80 out of questions
Questions # 71:

An administrator is optimizing the Cisco FTD rules to improve network performance, and wants to bypass inspection for certain traffic types to reduce the load on the Cisco FTD. Which policy must be configured to accomplish this goal?

Options:
A.

prefilter

B.

intrusion

C.

identity

D.

URL filtering

Expert Solution
Questions # 72:

Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)

Options:
A.

EIGRP

B.

OSPF

C.

static routing

D.

IS-IS

E.

BGP

Expert Solution
Questions # 73:

Which firewall design allows a firewall to forward traffic at layer 2 and layer 3 for the same subnet?

Options:
A.

Cisco Firepower Threat Defense mode

B.

transparent mode

C.

routed mode

D.

integrated routing and bridging

Expert Solution
Questions # 74:

Which two deployment types support high availability? (Choose two.)

Options:
A.

transparent

B.

routed

C.

clustered

D.

intra-chassis multi-instance

E.

virtual appliance in public cloud

Expert Solution
Questions # 75:

An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighbouring Cisco devices or use multicast in their environment. What must be done to resolve this issue?

Options:
A.

Create a firewall rule to allow CDP traffic.

B.

Create a bridge group with the firewall interfaces.

C.

Change the firewall mode to transparent.

D.

Change the firewall mode to routed.

Expert Solution
Questions # 76:

What is a result of enabling Cisco FTD clustering?

Options:
A.

For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.

B.

Integrated Routing and Bridging is supported on the master unit.

C.

Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.

D.

All Firepower appliances can support Cisco FTD clustering.

Expert Solution
Questions # 77:

Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.)

Options:
A.

same flash memory size

B.

same NTP configuration

C.

same DHCP/PPoE configuration

D.

same host name

E.

same number of interfaces

Expert Solution
Questions # 78:

What are two application layer preprocessors? (Choose two.)

Options:
A.

CIFS

B.

IMAP

C.

SSL

D.

DNP3

E.

ICMP

Expert Solution
Questions # 79:

An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching. Which action must be taken to meet these requirements?

Options:
A.

Configure an IPS policy and enable per-rule logging.

B.

Disable the default IPS policy and enable global logging.

C.

Configure an IPS policy and enable global logging.

D.

Disable the default IPS policy and enable per-rule logging.

Expert Solution
Questions # 80:

An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment?

Options:
A.

in active/active mode

B.

in a cluster span EtherChannel

C.

in active/passive mode

D.

in cluster interface mode

Expert Solution
Viewing page 8 out of 10 pages
Viewing questions 71-80 out of questions