Practice Free 300-710 Exam Online Questions
A software development company hosts the website http:dev.company.com for contractors to share code for projects they are working on with internal developers. The web server is on premises and is protected by a Cisco Secure Firewall Threat Defense appliance. The network administrator is worried about someone trying to transmit infected files to internal users via this site.
Which type of policy must be able associated with an access control policy to enable Cisco Secure Firewall Malware Defense to detect and block malware?
- A . SSL policy
- B . Prefilter policy
- C . File policy
- D . Network discovery policy
An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behaviour.
How is this accomplished?
- A . Modify the access control policy to redirect interesting traffic to the engine
- B . Modify the network discovery policy to detect new hosts to inspect
- C . Modify the network analysis policy to process the packets for inspection
- D . Modify the intrusion policy to determine the minimum severity of an event to inspect.
An organization recently implemented a transparent Cisco FTD in their network.
They must ensure that the device does not respond to insecure SSL/TLS protocols.
Which action accomplishes the task?
- A . Modify the device’s settings using the device management feature within Cisco FMC to force only secure protocols.
- B . Use the Cisco FTD platform policy to change the minimum SSL version on the device to TLS 1.2.
- C . Enable the UCAPL/CC compliance on the device to support only the most secure protocols available.
- D . Configure a FlexConfig object to disable any insecure TLS protocols on the Cisco FTD device.
What is a limitation to consider when running a dynamic routing protocol on a Cisco FTD device in IRB mode?
- A . Only link-stale routing protocols are supported.
- B . Only distance vector routing protocols are supported.
- C . Only EtherChannel interfaces are supposed.
- D . Only nonbridge interfaces are supported.
A network engineer must provide redundancy between two Cisco FTD devices. The redundancy configuration must include automatic configuration, translation, and connection updates.
After the initial configuration of the two appliances, which two steps must be taken to proceed with the redundancy configuration? (Choose two.)
- A . Configure the virtual MAC address on the failover link.
- B . Disable hellos on the inside interface.
- C . Configure the standby IP addresses.
- D . Ensure the high availability license is enabled.
- E . Configure the failover link with stateful properties.
Which two solutions are used to access and view aggregated log data from the firewalls using Cisco Security Analytics and Logging? (Choose two.)
- A . Cisco Secure Network Analytics
- B . Cisco Defense Orchestrator
- C . Cisco Catalyst Center
- D . Secure Cloud Analytics
- E . Cisco Prime Infrastructure
Upon detecting a flagrant threat on an endpoint, which two technologies instruct Cisco Identity Services Engine to contain the infected endpoint either manually or automatically? (Choose two.)
- A . Cisco ASA 5500 Series
- B . Cisco FMC
- C . Cisco AMP
- D . Cisco Stealthwatch
- E . Cisco ASR 7200 Series
Which Cisco Firepower rule action displays an HTTP warning page?
- A . Monitor
- B . Block
- C . Interactive Block
- D . Allow with Warning
An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching.
Which action must be taken to meet these requirements?
- A . Configure an IPS policy and enable per-rule logging.
- B . Disable the default IPS policy and enable global logging.
- C . Configure an IPS policy and enable global logging.
- D . Disable the default IPS policy and enable per-rule logging.
Which feature within the Cisco FMC web interface allows for detecting, analyzing and blocking malware in network traffic?
- A . intrusion and file events
- B . Cisco AMP for Endpoints
- C . Cisco AMP for Networks
- D . file policies