Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Cisco® 300-710

Cisco® 300-710 Exam Practice Questions (P. 3)

  • Full Access (360 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #21
An engineer is configuring a second Cisco FMC as a standby device but is unable to register with the active unit. What is causing this issue?
  1. A
    The code versions running on the Cisco FMC devices are different.
  2. B
    The licensing purchased does not include high availability.
  3. C
    The primary FMC currently has devices connected to it.
  4. D
    There is only 10 Mbps of bandwidth between the two devices.

Correct Answer:
A
chatbot-img GPT-4o - Answer
Absolutely, if you're setting up a standby Cisco FMC and facing issues with registration, make sure both the primary and secondary FMCs are running identical software versions. This alignment is a key requirement and often a common stumbling block if overlooked. Always double-check the version numbers as this can prevent successful registration and further complications in your HA setup.

Question #22
While configuring FTD, a network engineer wants to ensure that traffic passing though the appliance does not require routing or VLAN rewriting. Which interface mode should the engineer implement to accomplish this task?
  1. A
    inline set
  2. B
    passive
  3. C
    transparent
  4. D
    inline tap

Correct Answer:
B
chatbot-img GPT-4o - Answer
Passive interface mode is appropriate when traffic monitoring without alteration is needed. This mode receives packets copied from a switch via a SPAN or mirror port, which means it does not handle actual traffic flow through the device and does not require routing or VLAN rewriting. Thus, for scenarios where the primary objective is to observe or analyze the traffic without impacting the flow, passive mode is suitable. It's crucial to remember that while passive interfaces do not directly interact with live traffic, they allow comprehensive visibility for security and monitoring purposes.

Question #23
A mid-sized company is experiencing higher network bandwidth utilization due to a recent acquisition. The network operations team is asked to scale up their one
Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth. Which design option should be used to accomplish this goal?
  1. A
    Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance.
  2. B
    Deploy multiple Cisco FTD appliances in firewall clustering mode to increase performance.
  3. C
    Deploy multiple Cisco FTD appliances using VPN load-balancing to scale performance.
  4. D
    Deploy multiple Cisco FTD HA pairs to increase performance.

Correct Answer:
B
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-cluster-solution.html#concept_C8502505F840451C9E600F1EED9BC18E

Question #24
In a multi-tenant deployment where multiple domains are in use, which update should be applied outside of the Global Domain?
  1. A
    minor upgrade
  2. B
    local import of intrusion rules
  3. C
    Cisco Geolocation Database
  4. D
    local import of major upgrade

Correct Answer:
C
chatbot-img GPT-4o - Answer
The Cisco Geolocation Database is typically considered a global item, updated within the global domain to maintain uniformity across all tenant domains. The local import of intrusion rules (option B), however, is plausible if domain-specific rule customization is required. Always check for the most recent guidelines in the Cisco documentation on multidomain environments and software updates.

Question #25
An organization has a compliancy requirement to protect servers from clients, however, the clients and servers all reside on the same Layer 3 network. Without readdressing IP subnets for clients or servers, how is segmentation achieved?
  1. A
    Change the IP addresses of the servers, while remaining on the same subnet.
  2. B
    Deploy a firewall in routed mode between the clients and servers.
  3. C
    Change the IP addresses of the clients, while remaining on the same subnet.
  4. D
    Deploy a firewall in transparent mode between the clients and servers.

Correct Answer:
B
chatbot-img GPT-4o - Answer
For segmenting networks without changing IP addressing, deploying a firewall in routed mode (Answer B) is indeed feasible. A routed mode firewall examines traffic between different segments by utilizing L3 information, effectively enforcing separation even within the same Layer 3 domain but different subnets, which aligns with meeting compliance requirements to protect servers from clients on the same network layer. This solution doesn't require readdressing, as it can work with existing subnet configurations, making B the accurate choice for this scenario.

Question #26
Network traffic coming from an organization's CEO must never be denied. Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic?
  1. A
    Change the intrusion policy from security to balance.
  2. B
    Configure a trust policy for the CEO.
  3. C
    Configure firewall bypass.
  4. D
    Create a NAT policy just for the CEO.

Correct Answer:
B
chatbot-img GPT-4o - Answer
The most pertinent and effective solution for ensuring that traffic from the organization's CEO is never denied, without creating a rule to allow all traffic, is to configure a trust policy. A trust policy is designed to exempt specified traffic from usual security checks, hence guaranteeing uninterrupted access for trusted sources. In this scenario, designating a trust policy specifically for the CEO's traffic ensures that it bypasses regular intrusion policies, which could potentially block or restrict the flow. This targeted approach maintains security integrity while prioritizing critical business communications. Thus, configuring a trust policy addresses both the requirement for uninterrupted access and strict security measures.

Question #27
What is a characteristic of bridge groups on a Cisco FTD?
  1. A
    In routed firewall mode, routing between bridge groups is supported.
  2. B
    Routing between bridge groups is achieved only with a router-on-a-stick configuration on a connected router.
  3. C
    In routed firewall mode, routing between bridge groups must pass through a routed interface.
  4. D
    In transparent firewall mode, routing between bridge groups is supported.

Correct Answer:
A
Reference:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/general/asa-97-general-config/intro-fw.pdf

Question #28
A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface. What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?
  1. A
    The output format option for the packet logs is unavailable.
  2. B
    Only the UDP packet type is supported.
  3. C
    The destination MAC address is optional if a VLAN ID value is entered.
  4. D
    The VLAN ID and destination MAC address are optional.

Correct Answer:
C
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/troubleshooting_the_system.html

Question #29
With Cisco FTD software, which interface mode must be configured to passively receive traffic that passes through the appliance?
  1. A
    ERSPAN
  2. B
    firewall
  3. C
    tap
  4. D
    IPS-only

Correct Answer:
A
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/ interface_overview_for_firepower_threat_defense.html

Question #30
An engineer is monitoring network traffic from their sales and product development departments, which are on two separate networks. What must be configured in order to maintain data privacy for both departments?
  1. A
    Use passive IDS ports for both departments.
  2. B
    Use a dedicated IPS inline set for each department to maintain traffic separation.
  3. C
    Use 802.1Q inline set Trunk interfaces with VLANs to maintain logical traffic separation.
  4. D
    Use one pair of inline set in TAP mode for both departments.

Correct Answer:
D
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/ inline_sets_and_passive_interfaces_for_firepower_threat_defense.html

Previous Questions Next Questions

All Pages