CCNP Security Cisco Firepower SNCF 300-710 Test Questions

The Securing Networks with Cisco Firepower v1.0 (SNCF 300-710) exam is a 90-minute exam associated with the CCNP Security, and Cisco Certified Specialist – Network Security Firepower certifications. This exam tests a candidate’s knowledge of Cisco Firepower® Threat Defense and Firepower®, including policy configurations, integrations, deployments, management and troubleshooting.

With the help of actual CCNP Security Cisco Firepower SNCF 300-710 Test Questions provided by our experts at PassQuestion, you can now pass the Securing Networks with Cisco Firepower exam without any hassle. You can easily pass CCNP Security 300-710 exam with the help of the CCNP Security Cisco Firepower SNCF 300-710 Test Questions provided by our experts. We are continuously working hard to create up to date 300-710 practice exam questions for passing Cisco CCNP Security Certification exam.

CCNP Security Cisco Firepower SNCF 300-710 Test Questions

1. What is a result of enabling Cisco FTD clustering?

 
 
 
 

2. Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

 
 
 
 
 

3. On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?

 
 
 
 

4. What are the minimum requirements to deploy a managed device inline?

 
 
 
 

5. What is the difference between inline and inline tap on Cisco Firepower?

 
 
 
 

6. With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?

 
 
 
 

7. Which two deployment types support high availability? (Choose two.)

 
 
 
 
 

8. Which protocol establishes network redundancy in a switched Firepower device deployment?

 
 
 
 

9. Which interface type allows packets to be dropped?

 
 
 
 

10. Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)

 
 
 
 
 

11. Which CLI command is used to control special handling of Client Hello messages?

 
 
 
 

12. A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet.

How is this accomplished on an FTD device in routed mode?

 
 
 
 

13. An engineer is implementing Cisco FTD in the network and is determining which Firepower mode to use the organization needs to have multiple virtual Firepower devices working separately inside the FTD application to provide traffic segmentation.

Which deployment mode should be configured in the Cisco Firepower Management Console to support these requirements?

 
 
 
 

14. An engineer is troubleshooting application failures through a FTD deployment While using the FMC CLI, it has been determined that the traffic in question is not matching the desired policy.

What should be done to correct this?

 
 
 
 

15. What is the benefit of selecting the trace option for packet capture?

 
 
 
 

16. An engineer is setting up a new Firepower deployment and is looking at the default FMC policies to start the implementation. During the initial trial phase, the organization wants to test some common Snort rules while still allowing the majority of network traffic to pass.

Which default policy should be used?

 
 
 
 

17. Which two types of objects are reusable and supported by Cisco FMC? (Choose two)

 
 
 
 
 

18. An engineer currently has a Cisco FTD device registered to the Cisco FMC and is assigned the address of 10.10.50.12. The organization is upgrading the addressing schemes and there is a requirement to convert the addresses to a format that provides an adequate amount of addresses on the network.

What should the engineer do to ensure that the new addressing takes effect and can be used for the Cisco FTD to Cisco FMC connection?

 
 
 
 

19. An engineer is configuring a Cisco FTD appliance in IPS-only mode and needs to utilize fail-to-wire interfaces.

Which interface mode should be used to meet these requirements?

 
 
 
 

20. An organization has noticed that malware was downloaded from a website that does not currently have a known bad reputation.

How will this issue be addressed globally in the quickest way possible and with the least amount of impact?

 
 
 
 

21. Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)

 
 
 
 
 

22. An engineer is troubleshooting a device that cannot connect to a web server. The connection is initiated from the Cisco FTD inside interface and attempting to reach 10.0. 1.100 over the non-standard port of 9443. The host the engineer is attempting the connection from is at the IP address of 10.20.10.20.

in order to determine what is happening to the packets on the network, the engineer decides to use the FTD packet capture tool.

Which capture configuration should be used to gather the information needed to troubleshoot this issue?

A)

B)

C)

D)

 
 
 
 

23. Refer to the exhibit.

An organization has an access control rule with the intention of sending all social media traffic for inspection. After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed.

What must be done to address this issue?

 
 
 

24. An engineer is attempting to create a new dashboard within the Cisco FMC to have a single view with widgets from many of the other dashboards. The goal is to have a mixture of threat and security related widgets along with Cisco Firepower device health information.

Which two widgets must be configured to provide this information? (Choose two.)

 
 
 
 
 

25. Refer to the exhibit.

An administrator is looking at some of the reporting capabilities for Cisco Firepower and noticed this section of the Network Risk Report showing a lot of SSL activity that could be used for evasion.

Which action will mitigate this risk?

 
 
 
 

26. A network administrator is seeing an unknown verdict for a file detected by Cisco FTD.

Which malware policy configuration option must be selected in order to further analyze the file in the Talos cloud?

 
 
 
 

27. With Cisco FTD software, which interface mode must be configured to passively receive traffic that passes through the appliance?

 
 
 
 

28. An organization has seen a lot of traffic congestion on their links going out to the interanet. There is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving the enterprise.

How is the congestion alleviated? so that legitimate business traffic reaches the destination?

 
 
 
 

29. Network traffic coming from an organization’s CEO must never be denied

Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic?

 
 
 
 

30. An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events are filing the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of ts operating system in a short period of time.

What configuration change must be made to alleviate this issue?

 
 
 
 

31. Which two deployment types support high availability? (Choose two.)

 
 
 
 
 

32. What are two application layer preprocessors? (Choose two.)

 
 
 
 
 

33. Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?

 
 
 
 

34. Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

 
 
 
 
 

35. What are the minimum requirements to deploy a managed device inline?

 
 
 
 

36. What is a result of enabling Cisco FTD clustering?

 
 
 
 

37. Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)

 
 
 
 
 

38. Which protocol establishes network redundancy in a switched Firepower device deployment?

 
 
 
 

39. With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?

 
 
 
 

40. On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?

 
 
 
 

41. Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)

 
 
 
 
 

42. Which interface type allows packets to be dropped?

 
 
 
 

43. What is the difference between inline and inline tap on Cisco Firepower?

 
 
 
 

44. Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?

 
 
 
 

45. Which object type supports object overrides?

 
 
 
 

46. Which two actions can be used in an access control policy rule? (Choose two.)

 
 
 
 
 

47. Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

 
 
 
 
 

48. What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

 
 
 
 

49. Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)

 
 
 
 
 

50. Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)

 
 
 
 
 

51. When creating a report template, how can the results be limited to show only the activity of a specific subnet?

 
 
 
 

52. Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)

 
 
 
 
 

53. Which Cisco Firepower rule action displays an HTTP warning page?

 
 
 
 

54. What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?

 
 
 
 

55. In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.)

 
 
 
 
 

56. In which two places can thresholding settings be configured? (Choose two.)

 
 
 
 
 

57. Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123?

 
 
 
 

58. Which Cisco Firepower feature is used to reduce the number of events received in a period of time?

 
 
 
 

59. Which command must be run to generate troubleshooting files on an FTD?

 
 
 
 

60. What is the maximum bit size that Cisco FMC supports for HTTPS certificates?

 
 
 
 

Cisco CCNP Collaboration 300-820 CLCEI Exam Questions
CCNP Security 300-720 SESA Exam Questions - Securing Email with Cisco Email Security Appliance

Leave a Reply

Your email address will not be published. Required fields are marked *