Renew 300-710 Training Materials For Securing Networks With Cisco Firepower (SNCF) Certification

NEW QUESTION 1

A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic. Which action accomplishes this task?

• A. Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.
• B. Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.
• C. Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.
• D. Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.

Answer: A

NEW QUESTION 2

An administrator is working on a migration from Cisco ASA to the Cisco FTD appliance and needs to test the rules without disrupting the traffic. Which policy type should be used to configure the ASA rules during this phase of the migration?

• A. identity
• B. Intrusion
• C. Access Control
• D. Prefilter

Answer: C

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide/ASA2FTD-with-FP-M

NEW QUESTION 3

An engineer is configuring a cisco FTD appliance in IPS-only mode and needs to utilize fail-to-wire interfaces. Which interface mode should be used to meet these requirements?

• A. transparent
• B. routed
• C. passive
• D. inline set

Answer: D

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/inline

NEW QUESTION 4

An administrator Is setting up a Cisco PMC and must provide expert mode access for a security engineer. The engineer Is permitted to use only a secured out-of-band network workstation with a static IP address to access the Cisco FMC. What must be configured to enable this access?

• A. Enable SSH and define an access list.
• B. Enable HTTP and define an access list.
• C. Enable SCP under the Access List section.
• D. Enable HTTPS and SNMP under the Access List section.

Answer: A

NEW QUESTION 5

What is a result of enabling Cisco FTD clustering?

• A. For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.
• B. Integrated Routing and Bridging is supported on the master unit.
• C. Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.
• D. All Firepower appliances can support Cisco FTD clustering.

Answer: C

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config- guide-v64/clustering_for_the_firepower_threat_defense.html

NEW QUESTION 6

Which firewall design allows a firewall to forward traffic at layer 2 and layer 3 for the same subnet?

• A. Cisco Firepower Threat Defense mode
• B. transparent mode
• C. routed mode
• D. integrated routing and bridging

Answer: B

NEW QUESTION 7

Which action must be taken on the Cisco FMC when a packet bypass is configured in case the Snort engine is down or a packet takes too long to process?

• A. Enable Inspect Local Router Traffic
• B. Enable Automatic Application Bypass
• C. Configure Fastpath rules to bypass inspection
• D. Add a Bypass Threshold policy for failures

Answer: B

NEW QUESTION 8

An administrator is adding a new URL-based category feed to the Cisco FMC for use within the policies. The intelligence source does not use STIX. but instead uses a .txt file format. Which action ensures that regular updates are provided?

• A. Add a URL source and select the flat file type within Cisco FMC.
• B. Upload the .txt file and configure automatic updates using the embedded URL.
• C. Add a TAXII feed source and input the URL for the feed.
• D. Convert the .txt file to STIX and upload it to the Cisco FMC.

Answer: A

NEW QUESTION 9

Which group within Cisco does the Threat Response team use for threat analysis and research?

• A. Cisco Deep Analytics
• B. OpenDNS Group
• C. Cisco Network Response
• D. Cisco Talos

Answer: D

Explanation:
Reference: https://www.cisco.com/c/en/us/products/security/threat-response.html#~benefits

NEW QUESTION 10

A network administrator notices that inspection has been interrupted on all non-managed interfaces of a device. What is the cause of this?

• A. The value of the highest MTU assigned to any non-management interface was changed.
• B. The value of the highest MSS assigned to any non-management interface was changed.
• C. A passive interface was associated with a security zone.
• D. Multiple inline interface pairs were added to the same inline interface.

Answer: A

NEW QUESTION 11

What is the role of the casebook feature in Cisco Threat Response?

• A. sharing threat analysts
• B. pulling data via the browser extension
• C. triage automaton with alerting
• D. alert prioritization

Answer: A

Explanation:
The casebook and pivot menu are widgets available in Cisco Threat Response. Casebook - It is used to record, organize, and share sets of observables of interest primarily during an investigation and threat analysis. You can use a casebook to get the current verdicts or dispositions on the observables.
https://www.cisco.com/c/en/us/td/docs/se curity/ces/user_guide/esa_user_guide_13-5-1/b_ESA_Admin_Guide_ces
_13-5-1/b_ESA_Admin_Guide_13-0_chapter_0110001.pdf

NEW QUESTION 12

An organization is installing a new Cisco FTD appliance in the network. An engineer is tasked with configuring access between two network segments within the same IP subnet. Which step is needed to accomplish this task?

• A. Assign an IP address to the Bridge Virtual Interface.
• B. Permit BPDU packets to prevent loops.
• C. Specify a name for the bridge group.
• D. Add a separate bridge group for each segment.

Answer: A

NEW QUESTION 13

A network administrator is trying to convert from LDAP to LDAPS for VPN user authentication on a Cisco FTD. Which action must be taken on the Cisco FTD objects to accomplish this task?

• A. Add a Key Chain object to acquire the LDAPS certificate.
• B. Create a Certificate Enrollment object to get the LDAPS certificate needed.
• C. Identify the LDAPS cipher suite and use a Cipher Suite List object to define the Cisco FTD connection requirements.
• D. Modify the Policy List object to define the session requirements for LDAPS.

Answer: B

NEW QUESTION 14

What must be implemented on Cisco Firepower to allow multiple logical devices on a single physical device to have access to external hosts?

• A. Add at least two container instances from the same module.
• B. Set up a cluster control link between all logical devices
• C. Add one shared management interface on all logical devices.
• D. Define VLAN subinterfaces for each logical device.

Answer: C

NEW QUESTION 15

Which two routing options are valid with Cisco FTD? (Choose Two)

• A. BGPv6
• B. ECMP with up to three equal cost paths across multiple interfaces
• C. ECMP with up to three equal cost paths across a single interface
• D. BGPv4 in transparent firewall mode
• E. BGPv4 with nonstop forwarding

Answer: AC

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config- guide-v601/fpmc-config-guide-v60_chapter_01100011.html#ID-2101-0000000e

NEW QUESTION 16

An engineer is configuring a Cisco IPS to protect the network and wants to test a policy before deploying it. A copy of each incoming packet needs to be monitored while traffic flow remains constant. Which IPS mode should be implemented to meet these requirements?

• A. Inline tap
• B. passive
• C. transparent
• D. routed

Answer: A

NEW QUESTION 17

A security engineer needs to configure a network discovery policy on a Cisco FMC appliance and prevent excessive network discovery events from overloading the FMC database? Which action must be taken to accomplish this task?

• A. Change the network discovery method to TCP/SYN.
• B. Configure NetFlow exporters for monitored networks.
• C. Monitor only the default IPv4 and IPv6 network ranges.
• D. Exclude load balancers and NAT devices in the policy.

Answer: D

NEW QUESTION 18

Which Cisco Advanced Malware Protection for Endpoints policy is used only for monitoring endpoint actively?

• A. Windows domain controller
• B. audit
• C. triage
• D. protection

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/214933-amp-for-endpoints- deployment-methodology.html

NEW QUESTION 19

An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching. Which action must be taken to meet these requirements?

• A. Configure an IPS policy and enable per-rule logging.
• B. Disable the default IPS policy and enable global logging.
• C. Configure an IPS policy and enable global logging.
• D. Disable the default IPS policy and enable per-rule logging.

Answer: C

NEW QUESTION 20
......