Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home Cisco® 300-710

Cisco® 300-710 Exam Practice Questions (P. 4)

  • Full Access (360 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #31
A hospital network needs to upgrade their Cisco FMC managed devices and needs to ensure that a disaster recovery process is in place. What must be done in order to minimize downtime on the network?
  1. A
    Configure a second circuit to an ISP for added redundancy.
  2. B
    Keep a copy of the current configuration to use as backup.
  3. C
    Configure the Cisco FMCs for failover.
  4. D
    Configure the Cisco FMC managed devices for clustering.

Correct Answer:
C
chatbot-img GPT-4o - Answer
Good job spotting the importance of minimizing network downtime during upgrades by employing Cisco FMC managed devices for failover. Failover configuration allows the network to continue functioning without interruption by automatically switching to a backup system upon detecting a failure of the main system. This capability is crucial in ensuring that network operations do not halt during critical updates or unexpected outages, particularly in a sensitive environment like a hospital. This approach maintains operational consistency and protects against potential data loss or service disruption during system upgrades.

Question #32
An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behavior. How is this accomplished?
  1. A
    Modify the network discovery policy to detect new hosts to inspect.
  2. B
    Modify the access control policy to redirect interesting traffic to the engine.
  3. C
    Modify the intrusion policy to determine the minimum severity of an event to inspect.
  4. D
    Modify the network analysis policy to process the packets for inspection.

Correct Answer:
D
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/670/fdm/fptd-fdm-config-guide-670/fptd-fdm-intrusion.html

Question #33
An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs. Each DMZ has a unique private IP subnet range. How is this requirement satisfied?
  1. A
    Deploy the firewall in transparent mode with access control policies
  2. B
    Deploy the firewall in routed mode with access control policies
  3. C
    Deploy the firewall in routed mode with NAT configured
  4. D
    Deploy the firewall in transparent mode with NAT configured

Correct Answer:
C
Reference:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/intro-fw.html

Question #34
An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment?
  1. A
    in active/active mode
  2. B
    in a cluster span EtherChannel
  3. C
    in active/passive mode
  4. D
    in cluster interface mode

Correct Answer:
C
chatbot-img GPT-4o - Answer
For configuring high availability in Cisco Firepower, when you cannot use two devices to pass traffic concurrently, the correct setup is the active/passive mode. In this configuration, one device actively manages traffic, while the other remains in a standby mode, ready to take over if the primary device fails. This approach ensures continuous traffic flow without requiring simultaneous traffic handling by both devices, aligning with network topologies that do not support concurrent device traffic.

Question #35
When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance. Which deployment mode meets the needs of the organization?
  1. A
    inline tap monitor-only mode
  2. B
    passive monitor-only mode
  3. C
    passive tap monitor-only mode
  4. D
    inline mode

Correct Answer:
B
chatbot-img GPT-4o - Answer
The passive monitor-only mode is indeed the best fit when the focus is on monitoring traffic without direct interaction with the flow itself, making it non-intrusive and ideal for the specified context of not affecting the network. However, some points were raised about the possible limitation in passive monitor-only mode when multiple instances are involved. This should be fact-checked against the most current Cisco documentation, as configurations and capabilities may evolve over software versions or through specific deployment details not covered fully here.

Question #36
An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighboring Cisco devices or use multicast in their environment. What must be done to resolve this issue?
  1. A
    Create a firewall rule to allow CDP traffic
  2. B
    Create a bridge group with the firewall interfaces
  3. C
    Change the firewall mode to transparent
  4. D
    Change the firewall mode to routed

Correct Answer:
D
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/ transparent_or_routed_firewall_mode_for_firepower_threat_defense.html

Question #37
A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire. How should this be implemented?
  1. A
    Specify the BVI IP address as the default gateway for connected devices
  2. B
    Enable routing on the Cisco Firepower
  3. C
    Add an IP address to the physical Cisco Firepower interfaces
  4. D
    Configure a bridge group in transparent mode

Correct Answer:
D
chatbot-img GPT-4o - Answer
The proper deployment of Cisco Firepower in transparent mode, acting as "a bump in the wire," is through configuring a bridge group in transparent mode. This setup allows the unit to monitor and control the data passing through without being detected by connected devices, hence not affecting the network topology. The bridge group manages the traffic between internal and external interfaces using bridging techniques while maintaining all standard firewall functionalities, elevating network security without disruption. This method is crucial for environments needing seamless and non-disruptive security measures.

Question #38
Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.)
  1. A
    same flash memory size
  2. B
    same NTP configuration
  3. C
    same DHCP/PPoE configuration
  4. D
    same host name
  5. E
    same number of interfaces

Correct Answer:
BE

Question #39
An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching. Which action must be taken to meet these requirements?
  1. A
    Configure an IPS policy and enable per-rule logging
  2. B
    Disable the default IPS policy and enable global logging
  3. C
    Configure an IPS policy and enable global logging
  4. D
    Disable the default IPS policy and enable per-rule logging

Correct Answer:
A

Question #40
Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)
  1. A
    OSPFv2 with IPv6 capabilities
  2. B
    virtual links
  3. C
    SHA authentication to OSPF packets
  4. D
    area boundary router type 1 LSA filtering
  5. E
    MD5 authentication to OSPF packets

Correct Answer:
BE
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/ospf_for_firepower_threat_defense.html

Previous Questions Next Questions

All Pages