Practice Free 300-710 Exam Online Questions
An engineer is configuring a cisco FTD appliance in IPS-only mode and needs to utilize fail-to-wire interfaces.
Which interface mode should be used to meet these requirements?
- A . transparent
- B . routed
- C . passive
- D . inline set
An engineer must permit SSH on the inside interface of a Cisco Secure Firewall Threat Defense device. SSH is currently permitted only on the management interface.
Which type of policy must the engineer configure?
- A . platform policy
- B . access control policy
- C . NAT policy
- D . intrusion policy
Refer to the exhibit.
A Cisco Secure Firewall Management Center, 7.0 device fails to receive intelligence feed updates. The Cisco Secure Firewall Management Center is configured to use a proxy server that performs SSL inspection.
Which action allows the Cisco Secure Firewall Management Center device to download the intelligence feed updates?
- A . Install a self-signed certificate on the proxy server for intelligence.sourcefire.com.
- B . Verify that the proxy server can use HTTPS to communicate to the internet.
- C . Ensure that proxy authentication is disabled for the Cisco Secure Firewall Management Center device.
- D . Bypass the proxy server for intelligence.sourcefire.com.
Refer to the exhibit.
An engineer must import three network objects into the Cisco Secure Firewall Management Center by using a CSV file.
Which header must be configured in the CSV file to accomplish the task?
- A . NAME; DESCRIPTION; TYPE; VALUE; LOOKUP;
- B . Name; Description; Type; Value; Lookup;
- C . Name; Description; Type; Value; DN;
- D . NAME; DESCRIPTION; TYPE; VALUE; DN;
An organization has a compliancy requirement to protect servers from clients, however, the clients and servers all reside on the same Layer 3 network Without readdressing IP subnets for clients or servers, how is segmentation achieved?
- A . Deploy a firewall in transparent mode between the clients and servers.
- B . Change the IP addresses of the clients, while remaining on the same subnet.
- C . Deploy a firewall in routed mode between the clients and servers
- D . Change the IP addresses of the servers, while remaining on the same subnet
An engineer is working on a LAN switch and has noticed that its network connection to the mime Cisco IPS has gone down Upon troubleshooting it is determined that the switch is working as expected.
What must have been implemented for this failure to occur?
- A . The upstream router has a misconfigured routing protocol
- B . Link-state propagation is enabled
- C . The Cisco IPS has been configured to be in fail-open mode
- D . The Cisco IPS is configured in detection mode
An engineer is reviewing a ticket that requests to allow traffic for some devices that must connect to a server over 8699/udp. The request mentions only one IP address, 172.16.18.15, but the requestor asked for the engineer to open the port for all machines that have been trying to connect to it over the last week.
Which action must the engineer take to troubleshoot this issue?
- A . Use the context explorer to see the application blocks by protocol.
- B . Use the context explorer to see the destination port blocks
- C . Filter the connection events by the source port 8699/udp.
- D . Filter the connection events by the destination port 8699/udp.
Refer to the exhibit.
A client that has IP address 192.168.67.102 reports issues when connecting to a remote server.
Based on the topology and output of packet tracer tool, which action resolves the connectivity issue?
- A . Add the route to the destination.
- B . Unblock the access rule on FTDv.
- C . Restart the client-side application.
- D . Reconfigure NAT on FTDv.
What is an attribute of the risk reporting capability in Cisco Secure Firewall Management Center?
- A . Includes all domains in a multidomain system
- B . Uses the same templates available to standard reports
- C . Includes the current domain in a multidomain system
- D . Uses the XML format to export all reporting
Which CLI command is used to control special handling of client Hello messages?
- A . system support ssl-client-hello-tuning
- B . system support ssl-client-hello-display
- C . system support ssl-client-hello-force-reset
- D . system support ssl-client-hello-reset