300-710 Exam Questions
437 real 300-710 exam questions with expert-verified answers and explanations. Page 5 of 9.
- Question #203Configuration
A network administrator cannot select the link to be used for failover when configuring an active/passive HA Cisco FTD pair. Which configuration must be changed before setting up t...
FTD High Availability (HA)Failover LinkInterface NamingHA Prerequisites - Question #204Configuration
An organization recently implemented a transparent Cisco FTD in their network. They must ensure that the device does not respond to insecure SSL/TLS protocols. Which action accompl...
Cisco FTDCisco FMCPlatform PolicyDevice Management Security - Question #205Configuration
A network administrator is migrating from a Cisco ASA to a Cisco FTD. EIGRP is configured on the Cisco ASA but it is not available in the Cisco FMC. Which action must the administr...
Cisco FTDCisco FMCFlexConfigEIGRP - Question #206Management and Troubleshooting
The CIO asks a network administrator to present to management a dashboard that shows custom analysis tables for the top DNS queries URL category statistics, and the URL reputation...
DashboardsCustom AnalysisReportingTraffic Analysis - Question #207Management and Troubleshooting
Which Cisco FMC report gives the analyst information about the ports and protocols that are related to the configured sensitive network for analysis?
Cisco FMCReportingNetwork MonitoringPorts and Protocols - Question #208Management and Troubleshooting
An engineer is investigating connectivity problems on Cisco Firepower for a specific SGT. Which command allows the engineer to capture real packets that pass through the firewall u...
Cisco FirepowerPacket CaptureSGTTroubleshooting - Question #209Configuration
A company is in the process of deploying intrusion protection with Cisco FTDs managed by a Cisco FMC. Which action must be selected to enable fewer rules detect only critical condi...
Cisco FTDCisco FMCIPS PolicyFalse Positive Reduction - Question #210Deployment
An engineer wants to add an additional Cisco FTD Version 6.2.3 device to their current 6.2.3 deployment to create a high availability pair. The currently deployed Cisco FTD device...
Cisco FTDHigh Availability (HA)FMC ManagementFDM Limitations - Question #211Management and Troubleshooting
Refer to the exhibit. What is the effect of the existing Cisco FMC configuration?
FMCFTDDevice ManagementManagement Connection - Question #212Configuration
An administrator Is setting up a Cisco PMC and must provide expert mode access for a security engineer. The engineer Is permitted to use only a secured out-of-band network workstat...
Cisco FMCSSHAccess Control ListRemote Access - Question #213Configuration
An engainer must add DNS-specific rules to me Cisco FTD intrusion policy. The engineer wants to use the rules currently in the Cisco FTD Snort database that are not already enabled...
Cisco FTDIntrusion PolicySnort RulesRule Configuration - Question #214Configuration
A network administrator is trying to convert from LDAP to LDAPS for VPN user authentication on a Cisco FTD. Which action must be taken on the Cisco FTD objects to accomplish this t...
LDAPSCertificate ManagementCisco FTDVPN Authentication - Question #215Integration
What is the RTC workflow when the infected endpoint is identified?
Rapid Threat ContainmentCisco FMCCisco ISESecurity Integration - Question #216Configuration
Which feature is supported by IRB on Cisco FTD devices?
FTD InterfacesIntegrated Routing and Bridging (IRB)Redundant InterfacesHigh Availability - Question #217Configuration
A security engineer is deploying a pair of primary and secondary Cisco FMC devices. The secondary must also receive updates from Cisco Talos. Which action achieves this goal?
Cisco FMCHigh AvailabilityCisco TalosRule Updates - Question #218Configuration
Refer to the exhibit. A systems administrator conducts a connectivity test to their SCCM server from a host machine and gets no response from the server. Which action ensures that...
Access Control PolicyICMPFirewall RulesConnectivity Troubleshooting - Question #219Configuration
A security engineer must configure a Cisco FTD appliance to inspect traffic coming from the internet. The Internet traffic will be mirrored from the Cisco Catalyst 9300 Switch. Whi...
Cisco FTDInterface ConfigurationPassive ModeTraffic Monitoring - Question #220Configuration
The network administrator wants to enhance the network security posture by enabling machine learning tor malware detection due to a concern with suspicious Microsoft executable fil...
SperoMalware DetectionMachine LearningCisco Firepower - Question #221Configuration
A network administrator is configuring a Cisco AMP public cloud instance and wants to capture infections and polymorphic variants of a threat to help detect families of malware. Wh...
Cisco AMPMalware DetectionPolymorphic ThreatsSecurity Engines - Question #222Configuration
A network engineer must provide redundancy between two Cisco FTD devices. The redundancy configuration must include automatic configuration, translation, and connection updates. Af...
Cisco FTDFailoverHigh AvailabilityStateful Failover - Question #223Configuration
A network administrator is configuring an FTD in transparent mode. A bridge group is set up and an access policy has been set up to allow all IP traffic. Traffic is not passing thr...
FTD Transparent ModeBridge GroupBVI ConfigurationFirewall Configuration - Question #224Configuration
A network administrator registered a new FTD to an existing FMC. The administrator cannot place the FTD in transparent mode. Which action enables transparent mode?
FTD transparent modeFMC device managementCLI configurationFTD registration - Question #225Deployment
A security engineer must deploy a Cisco FTD appliance as a bump in the wire to detect intrusion events without disrupting the flow of network traffic. Which two features must be co...
FTD Deployment ModesIntrusion DetectionInline vs. PassiveTraffic Monitoring - Question #226Management and Troubleshooting
Due to an Increase in malicious events, a security engineer must generate a threat report to include intrusion events, malware events, and security intelligence events. How Is this...
Security ReportingCustom ReportsThreat AnalysisEvent Correlation - Question #227Management and Troubleshooting
An engineer attempts to pull the configuration for a Cisco FTD sensor to review with Cisco TAC but does not have direct access to the CU for the device. The CLl for the device is m...
Cisco FMCCisco FTDCLI accessConfiguration retrieval - Question #228Deployment
An administrator is attempting to add a new FTD device to their FMC behind a NAT device with a NAT ID of NAT001 and a password of Cisco0420l06525. The private IP address of the FMC...
FTD Device RegistrationFMC ManagementNAT ConfigurationCisco Firepower - Question #229Management and Troubleshooting
A security analyst must create a new report within Cisco FMC to show an overview of the daily attacks, vulnerabilities, and connections. The analyst wants to reuse specific dashboa...
Cisco FMCReport ManagementDashboard CustomizationSecurity Monitoring - Question #230Management and Troubleshooting
A network administrator has converted a Cisco FTD from using LDAP to LDAPS for VPN authentication. The Cisco FMC can connect to the LDAPS server, but the Cisco FTD is not connectin...
LDAPSAuthenticationDNSTroubleshooting - Question #231Deployment
Which description of a passive interface on a Cisco Firepower NGFW is true?
Passive InterfaceFirepower NGFWNGIPSTraffic Monitoring - Question #232Deployment
An engineer is deploying AMP for the first time and cannot afford any interrupted to network traffic. Which policy types does NOT disrupted the network?
AMPPolicy TypesNon-disruptive DeploymentCisco Firepower - Question #233Deployment
Which Cisco deployment architectures support Clustering? (Choose 2).
ClusteringHigh AvailabilityCisco FTDCisco ASA - Question #234Deployment
An engineer is deploying the Cisco Firepower NGIPSv for vMware. Which two aspects are unsupported during this deployment? (Choose two.)
Firepower NGIPSvVMware DeploymentVirtual machine cloningBackup and restore - Question #235Configuration
What is a purpose of the network analysis policy on a Cisco Firepower NGIPS?
Cisco FirepowerNGIPSNetwork Analysis PolicyTraffic Preprocessing - Question #236Deployment
Which two descriptions of a Cisco Firepower NGIPS deployment that uses an Inline Pair interface in tap mode are true? (Choose two )
Firepower NGIPSDeployment ModesInline Tap ModeInterface Configuration - Question #237Management and Troubleshooting
Which option is the main function of Cisco Firepower impact flags?
Cisco FirepowerImpact FlagsThreat CorrelationVulnerability Data - Question #238Deployment
Refer to exhibit. Which two descriptions of the configurations of the Cisco FirePOWER Services module are true? (Choose two)
Cisco FirePOWERIDS vs IPSFail-open behaviorDeployment modes - Question #239Management and Troubleshooting
On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?
FMC Health PolicyDevice MonitoringHealth Alerts - Question #240Deployment
Which CLI command is used to register a Cisco FirePOWER sensor to Firepower Management Center?
Firepower Management CenterSensor registrationCLI commandsFirepower deployment - Question #241Configuration
Which two tasks can the network discovery feature perform? (Choose two)
Network DiscoveryCisco FirepowerHost IdentificationUser Identification - Question #242Management and Troubleshooting
Which description of the file trajectory feature in Cisco AMP is true?
Cisco AMPFile TrajectorySecurity MonitoringIncident Response - Question #243Configuration
Which access control policy action must be selected to inspect traffic for malware using cisco AMP for Networks?
Cisco AMP for NetworksAccess Control PolicyMalware InspectionFirepower FTD - Question #244Configuration
Which Cisco AMP for Endpoints, what is meant by simple custom detection?
Cisco AMP for EndpointsCustom DetectionSHA-256Malware Detection - Question #245Management and Troubleshooting
With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in your environment?
Cisco AMPEndpoint SecurityThreat VisibilityFile Tracking - Question #246Management and Troubleshooting
When using Cisco Threat Response, which phase of the Intelligence Cycle publishes the results of the investigation?
Cisco Threat ResponseIntelligence CycleDissemination - Question #247Integration
A security engineer must integrate an external feed containing STIX/TAXII data with Cisco FMC. Which feature must be enabled on the Cisco FMC to support this connection?
Threat IntelligenceCisco FMCSTIX/TAXIIIntegration - Question #248Configuration
and all subdomains while ensuring no packets from any internal client are sent to that site. Which type of policy must the network administrator use to accomplish this goal?
DNS PolicyTraffic FilteringAccess Control PolicyURL Filtering - Question #249Configuration
An organization is configuring a new Cisco Firepower High Availability deployment. Which action must be taken to ensure that failover is as seamless as possible to end users?
Firepower HAHigh AvailabilityFailoverVirtual MAC - Question #250Deployment
An engineer must deploy a Cisco FTD appliance via Cisco FMC to span a network segment to detect malware and threats. When setting the Cisco FTD interface mode, which sequence of ac...
FTD Interface ModesPassive DeploymentAccess Control PolicyThreat Detection - Question #251Management and Troubleshooting
Refer to the exhibit. An engineer is analyzing a Network Risk Report from Cisco FMC. Which application must the engineer take immediate action against to prevent unauthorized netwo...
Network SecurityCisco FMCApplication ControlRisk Management - Question #252Management and Troubleshooting
An engineer wants to perform a packet capture on the Cisco FTD to confirm that the host using IP address 192.168.100.100 has the MAC address of 1234.5678.901 to help troubleshoot a...
tcpdumpPacket CaptureTroubleshootingCisco FTD