CCNP Security Cisco Firepower SNCF 300-710 Test Questions

The Securing Networks with Cisco Firepower v1.0 (SNCF 300-710) exam is a 90-minute exam associated with the CCNP Security, and Cisco Certified Specialist – Network Security Firepower certifications. This exam tests a candidate’s knowledge of Cisco Firepower® Threat Defense and Firepower®, including policy configurations, integrations, deployments, management and troubleshooting.

With the help of actual CCNP Security Cisco Firepower SNCF 300-710 Test Questions provided by our experts at PassQuestion, you can now pass the Securing Networks with Cisco Firepower exam without any hassle. You can easily pass CCNP Security 300-710 exam with the help of the CCNP Security Cisco Firepower SNCF 300-710 Test Questions provided by our experts. We are continuously working hard to create up to date 300-710 practice exam questions for passing Cisco CCNP Security Certification exam.

CCNP Security Cisco Firepower SNCF 300-710 Test Questions

1. What is a result of enabling Cisco FTD clustering?

For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.

Integrated Routing and Bridging is supported on the master unit.

Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.

All Firepower appliances can support Cisco FTD clustering.

2. Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

The units must be the same version

Both devices can be part of a different group that must be in the same domain when configured within the FMC.

The units must be different models if they are part of the same series.

The units must be configured only for firewall routed mode.

The units must be the same model.

3. On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?

transparent inline mode

TAP mode

strict TCP enforcement

propagate link state

4. What are the minimum requirements to deploy a managed device inline?

inline interfaces, security zones, MTU, and mode

passive interface, MTU, and mode

inline interfaces, MTU, and mode

passive interface, security zone, MTU, and mode

5. What is the difference between inline and inline tap on Cisco Firepower?

Inline tap mode can send a copy of the traffic to another device.

Inline tap mode does full packet capture.

Inline mode cannot do SSL decryption.

Inline mode can drop malicious traffic.

6. With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?

inline set

passive

routed

inline tap

7. Which two deployment types support high availability? (Choose two.)

transparent

routed

clustered

intra-chassis multi-instance

virtual appliance in public cloud

8. Which protocol establishes network redundancy in a switched Firepower device deployment?

STP

HSRP

GLBP

VRRP

9. Which interface type allows packets to be dropped?

passive

inline

ERSPAN

TAP

10. Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)

Redundant Interface

EtherChannel

Speed

Media Type

Duplex

11. Which two deployment types support high availability? (Choose two.)

transparent

routed

clustered

intra-chassis multi-instance

virtual appliance in public cloud

12. Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

The units must be the same version

Both devices can be part of a different group that must be in the same domain when configured within the FM

The units must be different models if they are part of the same series.

The units must be configured only for firewall routed mode.

The units must be the same model.

13. Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?

a default DMZ policy for which only a user can change the IP addresses.

deny ip any

no policy rule is included

permit ip any

14. What is a result of enabling Cisco FTD clustering?

For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.

Integrated Routing and Bridging is supported on the master unit.

Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.

All Firepower appliances can support Cisco FTD clustering.

15. Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)

EIGRP

OSPF

static routing

IS-IS

BGP

16. What is the difference between inline and inline tap on Cisco Firepower?

Inline tap mode can send a copy of the traffic to another device.

Inline tap mode does full packet capture.

Inline mode cannot do SSL decryption.

Inline mode can drop malicious traffic.

17. Which interface type allows packets to be dropped?

passive

inline

ERSPAN

TAP

18. Which protocol establishes network redundancy in a switched Firepower device deployment?

STP

HSRP

GLBP

VRRP

19. On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?

transparent inline mode

TAP mode

strict TCP enforcement

propagate link state

20. Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)

Redundant Interface

EtherChannel

Speed

Media Type

Duplex

21. With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?

inline set

passive

routed

inline tap

22. What are the minimum requirements to deploy a managed device inline?

inline interfaces, security zones, MTU, and mode

passive interface, MTU, and mode

inline interfaces, MTU, and mode

passive interface, security zone, MTU, and mode

23. What are two application layer preprocessors? (Choose two.)

CIFS

IMAP

SSL

DNP3

ICMP

24. Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

The BVI IP address must be in a separate subnet from the connected network.

Bridge groups are supported in both transparent and routed firewall modes.

Bridge groups are supported only in transparent firewall mode.

Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

Each directly connected network must be on the same subnet.

25. In which two places can thresholding settings be configured? (Choose two.)

on each IPS rule

globally, within the network analysis policy

globally, per intrusion policy

on each access control rule

per preprocessor, within the network analysis policy

26. Which two actions can be used in an access control policy rule? (Choose two.)

Block with Reset

Monitor

Analyze

Discover

Block ALL

27. Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)

BGPv6

ECMP with up to three equal cost paths across multiple interfaces

ECMP with up to three equal cost paths across a single interface

BGPv4 in transparent firewall mode

BGPv4 with nonstop forwarding

28. What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?

The rate-limiting rule is disabled.

Matching traffic is not rate limited.

The system rate-limits all traffic.

The system repeatedly generates warnings.

29. In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.)

Traffic inspection can be interrupted temporarily when configuration changes are deployed.

The system performs intrusion inspection followed by file inspection.

They can block traffic based on Security Intelligence data.

File policies use an associated variable set to perform intrusion prevention.

The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters.

30. Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)

OSPFv2 with IPv6 capabilities

virtual links

SHA authentication to OSPF packets

area boundary router type 1 LSA filtering

MD5 authentication to OSPF packets

31. When creating a report template, how can the results be limited to show only the activity of a specific subnet?

Create a custom search in Firepower Management Center and select it in each section of the report.

Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/I

Add a Table View section to the report with the Search field defined as the network in CIDR format.

Select IP Address as the X-Axis in each section of the report.

32. Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123?

configure manager local 10.0.0.10 Cisco123

configure manager add Cisco123 10.0.0.10

configure manager local Cisco123 10.0.0.10

configure manager add 10.0.0.10 Cisco123

33. Which Cisco Firepower rule action displays an HTTP warning page?

Monitor

Block

Interactive Block

Allow with Warning

34. Which object type supports object overrides?

time range

security group tag

network object

DNS server group

35. Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)

dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.

reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists

network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country

network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country

reputation-based objects, such as URL categories

36. Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?

FlexConfig

BDI

SGT

IRB

37. What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

VPN connections can be re-established only if the failed master unit recovers.

Smart License is required to maintain VPN connections simultaneously across all cluster units.

VPN connections must be re-established when a new master unit is elected.

Only established VPN connections are maintained when a new master unit is elected.

38. Which command is run at the CLI when logged in to an FTD unit, to determine whether the unit is managed locally or by a remote FMC server?

system generate-troubleshoot

show configuration session

show managers

show running-config | include manager

39. Which group within Cisco does the Threat Response team use for threat analysis and research?

Cisco Deep Analytics

OpenDNS Group

Cisco Network Response

Cisco Talos

40. What is the maximum bit size that Cisco FMC supports for HTTPS certificates?

1024

8192

4096

2048

41. What is a behavior of a Cisco FMC database purge?

User login and history data are removed from the database if the User Activity check box is selected.

Data can be recovered from the device.

The appropriate process is restarted.

The specified data is removed from Cisco FMC and kept for two weeks.

42. What is a functionality of port objects in Cisco FMC?

to mix transport protocols when setting both source and destination port conditions in a rule

to represent protocols other than TCP, UDP, and ICMP

to represent all protocols in the same way

to add any protocol other than TCP or UDP for source port conditions in access control rules.

43. Which command must be run to generate troubleshooting files on an FTD?

system support view-files

sudo sf_troubleshoot.pl

system generate-troubleshoot all

show tech-support

44. Which report template field format is available in Cisco FMC?

box lever chart

arrow chart

bar chart

benchmark chart

45. Which limitation applies to Cisco Firepower Management Center dashboards in a multidomain environment?

Child domains can view but not edit dashboards that originate from an ancestor domain.

Child domains have access to only a limited set of widgets from ancestor domains.

Only the administrator of the top ancestor domain can view dashboards.

Child domains cannot view dashboards that originate from an ancestor domain.

46. Within Cisco Firepower Management Center, where does a user add or modify widgets?

dashboard

reporting

context explorer

summary tool

47. How many report templates does the Cisco Firepower Management Center support?

unlimited

48. Which two statements about deleting and re-adding a device to Cisco FMC are true? (Choose two.)

An option to re-apply NAT and VPN policies during registration is available, so users do not need to re-apply the policies after registration is completed.

Before re-adding the device in Cisco FMC, you must add the manager back in the device.

No option to delete and re-add a device is available in the Cisco FMC web interface.

The Cisco FMC web interface prompts users to re-apply access control policies.

No option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

49. What is the benefit of selecting the trace option for packet capture?

The option indicates whether the packet was dropped or successful.

The option indicated whether the destination host responds through a different path.

The option limits the number of packets that are captured.

The option captures details of each packet.

50. A network engineer is configuring URL Filtering on Firepower Threat Defense.

Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)

outbound port TCP/443

inbound port TCP/80

outbound port TCP/8080

inbound port TCP/443

outbound port TCP/80

51. Which command-line mode is supported from the Cisco Firepower Management Center CLI?

privileged

user

configuration

admin

52. Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high-availability?

configure high-availability resume

configure high-availability disable

system support network-options

configure high-availability suspend

53. Which CLI command is used to control special handling of ClientHello messages?

system support ssl-client-hello-tuning

system support ssl-client-hello-display

system support ssl-client-hello-force-reset

system support ssl-client-hello-enabled

54. Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface?

configure coredump packet-engine enable

capture-traffic

capture

capture WORD

55. Which Cisco Firepower feature is used to reduce the number of events received in a period of time?

rate-limiting

suspending

correlation

thresholding

56. DRAG DROP

Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.

57. Which action should be taken after editing an object that is used inside an access control policy?

Delete the existing object in use.

Refresh the Cisco FMC GUI for the access control policy.

Redeploy the updated configuration.

Create another rule using a different object name.

58. Which two packet captures does the FTD LINA engine support? (Choose two.)

Layer 7 network ID

source IP

application ID

dynamic firewall importing

protocol

59. Which CLI command is used to generate firewall debug messages on a Cisco Firepower?

system support firewall-engine-debug

system support ssl-debug

system support platform

system support dump-table

60. After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file?

/etc/sf/DCMI

ALERT

/sf/etc/DCEALER

MIB

/etc/sf/DCEALER

MIB

system/etc/DCEALER

MIB

61. Which CLI command is used to control special handling of Client Hello messages?

system support ssl-client-hello-tuning

system support ssl-client-hello-force-reset

system support ssl-client-hello-display

system support ssl-client-hello-reset

62. A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet.

How is this accomplished on an FTD device in routed mode?

by assigning an inline set interface

by leveraging the ARP to direct traffic through the firewall

by bypassing protocol inspection by leveraging pre-filter rules

by using a BVl and create a BVl IP address in the same subnet as the user segment

63. An engineer is implementing Cisco FTD in the network and is determining which Firepower mode to use the organization needs to have multiple virtual Firepower devices working separately inside the FTD application to provide traffic segmentation.

Which deployment mode should be configured in the Cisco Firepower Management Console to support these requirements?

single-context

single deployment

multiple deployment

multi-instance

64. An engineer is troubleshooting application failures through a FTD deployment While using the FMC CLI, it has been determined that the traffic in question is not matching the desired policy.

What should be done to correct this?

Use the system support firewall-engine-dump-user-identity-data command to change the policy and allow the application through the firewall

Use the system support application-identification-debug command to determine which rules the traffic matching and modify the rule accordingly

Use the system support network-options command to fine tune the policy

Use the system support firewall-engine-debug command to determine which rules the traffic matching and modify the rule accordingly

65. What is the benefit of selecting the trace option for packet capture?

The option indicates whether the destination host responds through a different path

The option limits the number of packets that are captured

The option captures details of each packet

The option indicates whether the packet was dropped or successful

66. An engineer is setting up a new Firepower deployment and is looking at the default FMC policies to start the implementation. During the initial trial phase, the organization wants to test some common Snort rules while still allowing the majority of network traffic to pass.

Which default policy should be used?

Security Over Connectivity

Maximum Detection

Balanced Security and Connectivity

Connectivity Over Security

67. Which two types of objects are reusable and supported by Cisco FMC? (Choose two)

reputation-based objects, such as URL categories

dynamic key mapping objects that help ink HTTP and HTTPS GET requests to Layer 7 application protocols

reputation-based objects that represent Security Intelligence feeds and lists, application filers based on category and reputation, and file lists

network-based objects that represent FODN mappings and networks, port/protocol pairs,VXLAN tags, security zones, and origin/destination country

network-based objects that represent IP addresses and networks, port/protocol pairs,VLAN tags, security zones, and origin/destination country

68. An engineer currently has a Cisco FTD device registered to the Cisco FMC and is assigned the address of 10.10.50.12. The organization is upgrading the addressing schemes and there is a requirement to convert the addresses to a format that provides an adequate amount of addresses on the network.

What should the engineer do to ensure that the new addressing takes effect and can be used for the Cisco FTD to Cisco FMC connection?

Delete and reregister the device to Cisco FMC

Cisco FMC does not support devices that use 1Pv4 P addresses

Update the IP addresses from Pv4 to IPv6 without deleting the device from Cisco FMC

Format and reregister the device to Cisco FM

69. An engineer is configuring a Cisco FTD appliance in IPS-only mode and needs to utilize fail-to-wire interfaces.

Which interface mode should be used to meet these requirements?

inline set

passive

routed

transparent

70. An organization has noticed that malware was downloaded from a website that does not currently have a known bad reputation.

How will this issue be addressed globally in the quickest way possible and with the least amount of impact?

by denying outbound web access

by creating a URL object in the policy to block the website

by isolating the endpoint

Cisco Talos will automatically update the polices.

71. Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)

virtual link

area boundary router type1 LSA filtering

MD5 authentication to OSPF packets

SHA authentication to OSPF packets

OSPFV2 with IPv6 capabilities

72. An engineer is troubleshooting a device that cannot connect to a web server. The connection is initiated from the Cisco FTD inside interface and attempting to reach 10.0. 1.100 over the non-standard port of 9443. The host the engineer is attempting the connection from is at the IP address of 10.20.10.20.

in order to determine what is happening to the packets on the network, the engineer decides to use the FTD packet capture tool.

Which capture configuration should be used to gather the information needed to troubleshoot this issue?

A)

Option A

Option B

Option C

Option D

73. Refer to the exhibit.

An organization has an access control rule with the intention of sending all social media traffic for inspection. After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed.

What must be done to address this issue?

Change the intrusion policy to connectivity over security

Add the social network URLS to the block list

Modify the rule action from trust to allow

74. An engineer is attempting to create a new dashboard within the Cisco FMC to have a single view with widgets from many of the other dashboards. The goal is to have a mixture of threat and security related widgets along with Cisco Firepower device health information.

Which two widgets must be configured to provide this information? (Choose two.)

Appliance Status

Current Sessions

Intrusion Events

Correlation Information

Network Compliance

75. Refer to the exhibit.

An administrator is looking at some of the reporting capabilities for Cisco Firepower and noticed this section of the Network Risk Report showing a lot of SSL activity that could be used for evasion.

Which action will mitigate this risk?

Use Cisco AMP for Endpoints to block all SSL connection.

Use encrypted traffic analytics to detect attacks

Use SSL decryption to analyze the packets

Use Cisco Tetration to track SSL connections to servers

76. A network administrator is seeing an unknown verdict for a file detected by Cisco FTD.

Which malware policy configuration option must be selected in order to further analyze the file in the Talos cloud?

Spero analysis

sandbox analysis

dynamic analysis

malware analysis

77. With Cisco FTD software, which interface mode must be configured to passively receive traffic that passes through the appliance?

firewall

ERSPAN

IPS-only

tap

78. An organization has seen a lot of traffic congestion on their links going out to the interanet. There is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving the enterprise.

How is the congestion alleviated? so that legitimate business traffic reaches the destination?

Create a VPN policy so that direct tunnels are established to the business applications

Create a Qos policy rate-limiting high bandwidth application

Create a NAT policy so that the Cisco Firepower device does not have to translate as many addresses

Create a flexconfig policy to use WCCP for application aware bandwidth limiting

79. Network traffic coming from an organization’s CEO must never be denied

Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic?

Configure a trust policy for the CEO

Create a NAT Policy just for the CEO

Change the intrusion policy from security to balance.

Configure firewall bypass

80. An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events are filing the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of ts operating system in a short period of time.

What configuration change must be made to alleviate this issue?

Change the method to TCP/SYN

Leave default networks.

Exclude load balancers and NAT devices

Increase the number of entries on the NAT device

81. Which two deployment types support high availability? (Choose two.)

transparent

routed

clustered

intra-chassis multi-instance

virtual appliance in public cloud

82. What are two application layer preprocessors? (Choose two.)

CIFS

IMAP

SSL

DNP3

ICMP

83. Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?

a default DMZ policy for which only a user can change the IP addresses.

deny ip any

no policy rule is included

permit ip any

84. Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

The units must be the same version

Both devices can be part of a different group that must be in the same domain when configured within the FM

The units must be different models if they are part of the same series.

The units must be configured only for firewall routed mode.

The units must be the same model.

85. What are the minimum requirements to deploy a managed device inline?

inline interfaces, security zones, MTU, and mode

passive interface, MTU, and mode

inline interfaces, MTU, and mode

passive interface, security zone, MTU, and mode

86. What is a result of enabling Cisco FTD clustering?

For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.

Integrated Routing and Bridging is supported on the master unit.

Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.

All Firepower appliances can support Cisco FTD clustering.

87. Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)

Redundant Interface

EtherChannel

Speed

Media Type

Duplex

88. Which protocol establishes network redundancy in a switched Firepower device deployment?

STP

HSRP

GLBP

VRRP

89. With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?

inline set

passive

routed

inline tap

90. On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?

transparent inline mode

TAP mode

strict TCP enforcement

propagate link state

91. Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)

EIGRP

OSPF

static routing

IS-IS

BGP

92. Which interface type allows packets to be dropped?

passive

inline

ERSPAN

TAP

93. What is the difference between inline and inline tap on Cisco Firepower?

Inline tap mode can send a copy of the traffic to another device.

Inline tap mode does full packet capture.

Inline mode cannot do SSL decryption.

Inline mode can drop malicious traffic.

94. Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?

FlexConfig

BDI

SGT

IRB

95. Which object type supports object overrides?

time range

security group tag

network object

DNS server group

96. Which two actions can be used in an access control policy rule? (Choose two.)

Block with Reset

Monitor

Analyze

Discover

Block ALL

97. Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

The BVI IP address must be in a separate subnet from the connected network.

Bridge groups are supported in both transparent and routed firewall modes.

Bridge groups are supported only in transparent firewall mode.

Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

Each directly connected network must be on the same subnet.

98. What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

VPN connections can be re-established only if the failed master unit recovers.

Smart License is required to maintain VPN connections simultaneously across all cluster units.

VPN connections must be re-established when a new master unit is elected.

Only established VPN connections are maintained when a new master unit is elected.

99. Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)

dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.

reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists

network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country

network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country

reputation-based objects, such as URL categories

100. Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)

OSPFv2 with IPv6 capabilities

virtual links

SHA authentication to OSPF packets

area boundary router type 1 LSA filtering

MD5 authentication to OSPF packets

101. When creating a report template, how can the results be limited to show only the activity of a specific subnet?

Create a custom search in Firepower Management Center and select it in each section of the report.

Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/I

Add a Table View section to the report with the Search field defined as the network in CIDR format.

Select IP Address as the X-Axis in each section of the report.

102. Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)

BGPv6

ECMP with up to three equal cost paths across multiple interfaces

ECMP with up to three equal cost paths across a single interface

BGPv4 in transparent firewall mode

BGPv4 with nonstop forwarding

103. Which Cisco Firepower rule action displays an HTTP warning page?

Monitor

Block

Interactive Block

Allow with Warning

104. What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?

The rate-limiting rule is disabled.

Matching traffic is not rate limited.

The system rate-limits all traffic.

The system repeatedly generates warnings.

105. In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.)

Traffic inspection can be interrupted temporarily when configuration changes are deployed.

The system performs intrusion inspection followed by file inspection.

They can block traffic based on Security Intelligence data.

File policies use an associated variable set to perform intrusion prevention.

The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters.

106. In which two places can thresholding settings be configured? (Choose two.)

on each IPS rule

globally, within the network analysis policy

globally, per intrusion policy

on each access control rule

per preprocessor, within the network analysis policy

107. Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123?

configure manager local 10.0.0.10 Cisco123

configure manager add Cisco123 10.0.0.10

configure manager local Cisco123 10.0.0.10

configure manager add 10.0.0.10 Cisco123

108. Which Cisco Firepower feature is used to reduce the number of events received in a period of time?

rate-limiting

suspending

correlation

thresholding

109. Which command must be run to generate troubleshooting files on an FTD?

system support view-files

sudo sf_troubleshoot.pl

system generate-troubleshoot all

show tech-support

110. What is the maximum bit size that Cisco FMC supports for HTTPS certificates?

1024

8192

4096

2048

CCNP Security Cisco Firepower SNCF 300-710 Test Questions

CCNP Security Cisco Firepower SNCF 300-710 Test Questions

Leave a Reply Cancel reply