Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Cisco® 300-710

Cisco® 300-710 Exam Practice Questions (P. 2)

  • Full Access (360 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #11
Which two dynamic routing protocols are supported in Cisco FTD without using FlexConfig? (Choose two.)
  1. A
    EIGRP
  2. B
    OSPF
  3. C
    static routing
  4. D
    IS-IS
  5. E
    BGP

Correct Answer:
CE
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-routing.html

Question #12
Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?
  1. A
    a default DMZ policy for which only a user can change the IP addresses.
  2. B
    deny ip any
  3. C
    no policy rule is included
  4. D
    permit ip any

Correct Answer:
C
chatbot-img GPT-4o - Answer
During the initial deployment of a Cisco NGFW using the Cisco FMC GUI, there indeed is no policy rule specifically included for the DMZ. Initially, the administrator must manually designate an interface for DMZ traffic and establish respective security zones. From there, configuring access control policies specific to the DMZ becomes necessary for managing the traffic. This highlights the importance of a custom setup for traffic management in such scenarios, emphasizing the need for manual intervention post the generic initial setup.

Question #13
What are two application layer preprocessors? (Choose two.)
  1. A
    CIFS
  2. B
    IMAP
  3. C
    SSL
  4. D
    DNP3
  5. E
    ICMP

Correct Answer:
BC
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Application_Layer_Preprocessors.html

Question #14
An engineer is implementing Cisco FTD in the network and is determining which Firepower mode to use. The organization needs to have multiple virtual
Firepower devices working separately inside of the FTD appliance to provide traffic segmentation. Which deployment mode should be configured in the Cisco
Firepower Management Console to support these requirements?
  1. A
    multi-instance
  2. B
    multiple deployment
  3. C
    single deployment
  4. D
    single-context

Correct Answer:
A
chatbot-img GPT-4o - Answer
The correct deployment mode needed when setting up multiple separate virtual environments within a single Cisco FTD appliance to ensure traffic segmentation is the multi-instance mode. This method allows you to maintain distinct operational domains, each with its configuration and management, which aligns perfectly with the need for segmented traffic handling in complex network environments.

Question #15
A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet. How is this accomplished on an
FTD device in routed mode?
  1. A
    by assigning an inline set interface
  2. B
    by using a BVI and creating a BVI IP address in the same subnet as the user segment
  3. C
    by leveraging the ARP to direct traffic through the firewall
  4. D
    by bypassing protocol inspection by leveraging pre-filter rules

Correct Answer:
A
chatbot-img GPT-4o - Answer
Correct, an inline set interface is best suited for extending a user segment through an FTD device in routed mode without creating a new IP subnet. Inline sets operate at layer 2, behaving much like a bump in the wire, allowing traffic inspection and control without the need for additional IP addresses or subnet modifications. This makes inline sets particularly useful in scenarios where network topology changes must be minimized but security inspection capabilities are necessary. This setup ensures seamless traffic inspection while maintaining the existing network structure.

Question #16
An engineer is configuring a Cisco FTD appliance in IPS-only mode and needs to utilize fail-to-wire interfaces. Which interface mode should be used to meet these requirements?
  1. A
    passive
  2. B
    routed
  3. C
    transparent
  4. D
    inline set

Correct Answer:
D
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/ inline_sets_and_passive_interfaces_for_firepower_threat_defense.html

Question #17
An organization has noticed that malware was downloaded from a website that does not currently have a known bad reputation. How will this issue be addressed globally in the quickest way possible and with the least amount of impact?
  1. A
    by creating a URL object in the policy to block the website.
  2. B
    Cisco Talos will automatically update the policies.
  3. C
    by denying outbound web access
  4. D
    by isolating the endpoint

Correct Answer:
B
chatbot-img GPT-4o - Answer
Cisco Talos, renowned for its timely updates to security databases, provides a real advantage in dealing with newly identified threats quickly and with minimal disruption. By updating policies automatically, Talos ensures that all associated systems are protected without requiring manual intervention, thereby swiftly and effectively mitigating threats on a global scale. This approach is particularly useful in scenarios where malware comes from sources that are not yet widely recognized as harmful.

Question #18
The event dashboard within the Cisco FMC has been inundated with low priority intrusion drop events, which are overshadowing high priority events. An engineer has been tasked with reviewing the policies and reducing the low priority events. Which action should be configured to accomplish this task?
  1. A
    drop packet
  2. B
    generate events
  3. C
    drop connection
  4. D
    drop and generate

Correct Answer:
B
Referenceג€
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/working_with_intrusion_events.html

Question #19
With Cisco FTD integrated routing and bridging, which interface does the bridge group use to communicate with a routed interface?
  1. A
    subinterface
  2. B
    switch virtual
  3. C
    bridge virtual
  4. D
    bridge group member

Correct Answer:
C
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/ transparent_or_routed_firewall_mode_for_firepower_threat_defense.html

Question #20
An engineer is setting up a new Firepower deployment and is looking at the default FMC policies to start the implementation. During the initial trial phase, the organization wants to test some common Snort rules while still allowing the majority of network traffic to pass. Which default policy should be used?
  1. A
    Balanced Security and Connectivity
  2. B
    Security Over Connectivity
  3. C
    Maximum Detection
  4. D
    Connectivity Over Security

Correct Answer:
D
chatbot-img GPT-4o - Answer
The correct choice, "Connectivity Over Security," is specifically suited for scenarios where minimal obstruction to network traffic is desired, allowing for the majority of traffic flow while applying fewer intrusion detection rules. This approach aligns with the scenario's requirement to test common Snort rules while maintaining high connectivity, which is essential during initial testing phases. It’s crucial, though, to remember that this policy compromises security to some extent. For long-term implementation, switching to a more security-focused policy post-testing is advisable to ensure enhanced protection.

Previous Questions Next Questions

All Pages