300-710 Online Practice Questions and Answers

With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?

A. inline set

B. passive

C. routed

D. inline tap

Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)

A. BGPv6

B. ECMP with up to three equal cost paths across multiple interfaces

C. ECMP with up to three equal cost paths across a single interface

D. BGPv4 in transparent firewall mode

E. BGPv4 with nonstop forwarding

Which group within Cisco does the Threat Response team use for threat analysis and research?

A. Cisco Deep Analytics

B. OpenDNS Group

C. Cisco Network Response

D. Cisco Talos

With Cisco Firepower Threat Defense software, which interface mode do you configure for an IPS deployment, where traffic passes through the appliance but does not require VLAN rewriting?

A. inline set

B. passive

C. inline tap

D. routed

E. transparent

A security engineer found a suspicious file from an employee email address and is trying to upload it for analysis, however the upload is failing. The last registration status is still active. What is the cause for this issue?

A. Cisco AMP for Networks is unable to contact Cisco Threat Grid on premise.

B. Cisco AMP for Networks is unable to contact Cisco Threat Grid Cloud.

C. There is a host limit set.

D. The user agent status is set to monitor.

An organization has a compliancy requirement to protect servers from clients, however, the clients and servers all reside on the same Layer 3 network. Without readdressing IP subnets for clients or servers, how is segmentation achieved?

A. Change the IP addresses of the servers, while remaining on the same subnet.

B. Deploy a firewall in routed mode between the clients and servers.

C. Change the IP addresses of the clients, while remaining on the same subnet.

D. Deploy a firewall in transparent mode between the clients and servers.

An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?

A. Modify the Cisco ISE authorization policy to deny this access to the user

B. Modify Cisco ISE to send only legitimate usernames to the Cisco FTD

C. Add the unknown user in the Access Control Policy in Cisco FTD

D. Add the unknown user in the Malware and File Policy in Cisco FTD

A network administrator cannot select the link to be used for failover when configuring an active/passive HA Cisco FTD pair. Which configuration must be changed before setting up the high availability pair?

A. An IP address in the same subnet must be added to each Cisco FTD on the interface.

B. The interface name must be removed from the interface on each Cisco FTD.

C. The name Failover must be configured manually on the interface on each Cisco FTD.

D. The interface must be configured as part of a LACP Active/Active EtherChannel.

An engineer is creating an URL object on Cisco FMC. How must it be configured so that the object will match for HTTPS traffic in an access control policy?

A. Specify the protocol to match (HTTP or HTTPS).

B. Use the FQDN including the subdomain for the website.

C. Use the subject common name from the website certificate.

D. Define the path to the individual webpage that uses HTTPS.

Refer to the exhibit.

A Cisco Secure Firewall Threat Defense (FTD) device is deployed in inline mode with an inline set. The network engineer wants router R2 to remove the directly connected route M 68.1.0/24 from its routing table when the cable between routed R1 and the Secure FTD device Is disconnected. Which action must the engineer take?

A. Implement the Propagate Link Stale option on the Secure FTD device

B. Establish a routing protocol between R1 and R2.

C. Disable hardware bypass on the Secure FTD device.

D. Implement autostate functionality on the Gi0/2 interface of R2