최신 300-710 무료덤프 - Cisco Securing Networks with Cisco Firepower

문제1

An engineer must configure high availability on two Cisco Secure Firewall Threat Defense appliances. Drag and drop the configuration steps from the left into the sequence on the right.

정답:

Explanation:
Step 1(Configure the primary unit for high availability),
Step 2(Configure the secondary unit for high availability),
Step 3(Configure the two units for high availability),
Step 4(Configure failover criteria for health monitoring)

문제2

Which two packet captures does the FTD LINA engine support? (Choose two.)

A. protocol

B. source IP

C. dynamic firewall importing

D. application ID

E. Layer 7 network ID

정답: A,B

설명: (DumpTOP 회원만 볼 수 있음)

문제3

A security engineer must improve security in an organization and is producing a risk mitigation strategy to present to management for approval. Which action must the security engineer take based on this Attacks Risk Report?

A. Inspect DNS traffic

B. Block Internal Explorer

C. Block NetBIOS.

D. Inspect TCP port 80 traffic

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제4

An engineer is configuring two new Cisco Secure Firewall Threat Defense devices to replace the existing firewalls. Network traffic must be analyzed for intrusion events without impacting the traffic. What must the engineer implement next to accomplish the goal?

A. ERSPAN Passive mode

B. Inline Pair mode

C. Inline Pair in Tap mode

D. Passive mode

정답: D

문제5

An organization wants to secure traffic from their branch office to the headquarter building using Cisco Firepower devices, They want to ensure that their Cisco Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements?

A. Tune the intrusion policies in order to allow the VPN traffic through without inspection

B. Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic

C. Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic.

D. Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제6

Refer to the exhibit.

A Cisco Secure Firewall Threat Defense (FTD) device is deployed in inline mode with an inline set. The network engineer wants router R2 to remove the directly connected route M 68.1.0/24 from its routing table when the cable between routed R1 and the Secure FTD device Is disconnected. Which action must the engineer take?
1

A. Establish a routing protocol between R1 and R2.

B. Implement autostate functionality on the Gi0/2 interface of R2

C. Implement the Propagate Link Stale option on the Secure FTD device

D. Disable hardware bypass on the Secure FTD device.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제7

What is a feature of Cisco AMP private cloud?

A. It supports security intelligence filtering.

B. It supports anonymized retrieval of threat intelligence

C. It performs dynamic analysis

D. It disables direct connections to the public cloud.

정답: D

문제8

An engineer is creating an URL object on Cisco FMC How must it be configured so that the object will match for HTTPS traffic in an access control policy?

A. Specify the protocol to match (HTTP or HTTPS).

B. Define the path to the individual webpage that uses HTTPS.

C. Use the FQDN including the subdomain for the website

D. Use the subject common name from the website certificate

정답: C

문제9

Which object type supports object overrides?

A. security group tag

B. DNS server group

C. network object

D. time range

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제10

In which two places can thresholding settings be configured? (Choose two.)

A. globally, per intrusion policy

B. per preprocessor, within the network analysis policy

C. on each IPS rule

D. on each access control rule

E. globally, within the network analysis policy

정답: A,C

설명: (DumpTOP 회원만 볼 수 있음)

문제11

When creating a report template, how can the results be limited to show only the activity of a specific subnet?

A. Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/IP.

B. Add a Table View section to the report with the Search field defined as the network in CIDR format.

C. Create a custom search in Firepower Management Center and select it in each section of the report.

D. Select IP Address as the X-Axis in each section of the report.

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

문제12

An engineer must investigate a connectivity issue and decides to use the packet capture feature on Cisco FTD.
The goal is to see the real packet going through the Cisco FTD device and see the Snort detection actions as a part of the output. After the capture-traffic command is issued, only the packets are displayed. Which action resolves this issue?

A. Use the verbose option as a part of the capture-traffic command

B. Use the capture command and specify the trace option to get the required information.

C. Specify the trace using the -T option after the capture-traffic command.

D. Perform the trace within the Cisco FMC GUI instead of the Cisco FTD CLI.

정답: B

문제13

After using Firepower for some time and learning about how it interacts with the network, an administrator is trying to correlate malicious activity with a user Which widget should be configured to provide this visibility on the Cisco Firepower dashboards?

A. Current Sessions

B. Correlation Events

C. Current Status

D. Custom Analysis

정답: D

문제14

Which command is run at the CLI when logged in to an FTD unit, to determine whether the unit is managed locally or by a remote FMC server?

A. show managers

B. system generate-troubleshoot

C. show configuration session

D. show running-config | include manager

정답: A

설명: (DumpTOP 회원만 볼 수 있음)

최신 300-710 무료덤프 - Cisco Securing Networks with Cisco Firepower

우리와 연락하기

유용한 링크

최신 업데이트