Practice Free 300-710 Exam Online Questions
A network administrator is implementing an active/passive high availability Cisco FTD pair.
When adding the high availability pair, the administrator cannot select the secondary peer.
What is the cause?
- A . The second Cisco FTD is not the same model as the primary Cisco FTD.
- B . An high availability license must be added to the Cisco FMC before adding the high availability pair.
- C . The failover link must be defined on each Cisco FTD before adding the high availability pair.
- D . Both Cisco FTD devices are not at the same software Version
An engineer must investigate a connectivity issue by using Cisco Secure Firewall Management Center to access the Packet Capture feature on a Cisco Secure Firewall Threat Defense device. The engineer must see a real packet going through the Secure Firewall Threat Defense device and the Snort detection actions. While reviewing the packet capture, the engineer discovers that the Snort detection actions are missing.
Which action must the engineer take to resolve the issue?
- A . Specify the packet size.
- B . Specify the buffer size.
- C . Enable the Continuous Capture option.
- D . Enable the Trace option.
A security analyst must create a new report within Cisco FMC to show an overview of the daily attacks, vulnerabilities, and connections. The analyst wants to reuse specific dashboards from other reports to create this consolidated one.
Which action accomplishes this task?
- A . Create a new dashboard object via Object Management to represent the desired views.
- B . Modify the Custom Workflows within the Cisco FMC to feed the desired data into the new report.
- C . Copy the Malware Report and modify the sections to pull components from other reports.
- D . Use the import feature in the newly created report to select which dashboards to add.
What is the result when two users modify a VPN policy at the same lime on a Cisco Secure Firewall Management Center managed device?
- A . Both users can edit the policy arid the last saved configuration persists.
- B . The first user locks the configuration when selecting edit on the policy.
- C . The changes from both users will be merged together into the policy.
- D . The system prevents modifications to the policy by multiple users.
An engineer is troubleshooting application failures through a FTD deployment. While using the FMC CLI. it has been determined that the traffic in question is not matching the desired policy.
What should be done to correct this?
- A . Use the system support firewall-engine-debug command to determine which rules the traffic matching and modify the rule accordingly
- B . Use the system support application-identification-debug command to determine which rules the traffic matching and modify the rule accordingly
- C . Use the system support firewall-engine-dump-user-f density-data command to change the policy and allow the application through the firewall.
- D . Use the system support network-options command to fine tune the policy.
The network administrator wants to enhance the network security posture by enabling machine learning tor malware detection due to a concern with suspicious Microsoft executable file types that were seen while creating monthly security reports for the CIO.
Which feature must be enabled to accomplish this goal?
- A . Spero
- B . dynamic analysis
- C . static analysis
- D . Ethos
A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic.
Which action accomplishes this task?
- A . Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.
- B . Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.
- C . Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.
- D . Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.
A cisco Secure firewall Threat Defence device is configured in inline IPS mode to inspect all traffic that passes through the interfaces in the inline set.
Which setting in the inline set configuration must be connected to allow traffic to pass through uninterrupted when VDB updates are being applied?
- A . Propagate Link State
- B . Short Fall Open
- C . Strict TCP Enforcement
- D . Tap Mode
A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface.
What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?
- A . Only the UDP packet type is supported.
- B . The output format option for the packet logs is unavailable.
- C . The destination MAC address is optional if a VLAN ID value is entered.
- D . The VLAN ID and destination MAC address are optional.
A security engineer is configuring a remote Cisco FTD that has limited resources and internet bandwidth.
Which malware action and protection option should be configured to reduce the requirement for cloud lookups?
- A . Malware Cloud Lookup and dynamic analysis
- B . Block Malware action and dynamic analysis
- C . Block Malware action and local malware analysis
- D . Block File action and local malware analysis