300-710 by Cisco Actual Free Exam Questions And Answers

Question 1

An organization is installing a new Cisco FTD appliance in the network. An engineer is tasked with configuring access between two network segments within the same IP subnet. Which step is needed to accomplish this task?

A. Add a separate bridge group for each segment.

B. Permit BPDU packets to prevent loops.

C. Assign an IP address to the Bridge Virtual Interface.

D. Specify a name for the bridge group.

Discussion 0

Correct Answer: C Vote an answer

Question 2

Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface?

A. configure coredump packet-engine enable

B. capture-traffic

C. capture WORD

D. capture

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 3

An engineer must implement Cisco Secure Firewall transparent mode due to a new server recently being added that must communicate with an existing server that is currently separated by the firewall. Which implementation action must be taken next by the engineer to accomplish the goal?

A. Enable both servers to share the same VXLAN segment.

B. Configure the same default gateway for both servers.

C. Ensure that both servers are in the same bridge domain.

D. Assign the same subnet to both servers.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 4

What is an advantage of adding multiple inline interface pairs to the same inline interface set when deploying an asynchronous routing configuration?

A. The interfaces are automatically configured as a media-independent interface crossover.

B. Allows traffic inspection to continue without interruption during the Snort process restart.

C. The interfaces disable autonegotiation and interface speed is hard coded set to 1000 Mbps.

D. Allows the IPS to identify inbound and outbound traffic as part of the same traffic flow.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 5

A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface.
What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?

A. Only the UDP packet type is supported

B. The destination MAC address is optional if a VLAN ID value is entered

C. The output format option for the packet logs unavailable

D. The VLAN ID and destination MAC address are optional

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

Refer to exhibit. Which two descriptions of the configurations of the Cisco FirePOWER Services module are true? (Choose two)

A. The module is operating in IPS mode

B. Traffic continues to flow if the module fails

C. Traffic is blocked if the module fails

D. The module is operating in IDS mode

E. The module tails to receive redirected traffic

Discussion 0

Correct Answer: B,D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 7

A network engineer must configure an existing firewall to have a NAT configuration. The new configuration must support more than two interfaces per context. The firewall has previously been operating in transparent mode. The Cisco Secure Firewall Threat Defense (FTD) device has been deregistered from Cisco Secure Firewall Management Center (FMC). Which set of configuration actions must the network engineer take next to meet the requirements?

A. Run the configure firewall routed command from the Secure FTD device CLI, and reregister with Secure FMC.

B. Run the configure firewall routed command from the Secure FMC CLI. and reregister with Secure FMC.

C. Run the configure manager add routed command from the Secure FMC CLI. and reregister with Secure FMC.

D. Run the configure manager add routed command from the Secure FTD device CLI, and reregister with Secure FMC.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 8

An engineer must replace a Cisco Secure Firewall high-availability device due to a failure. When the replacement device arrives, the engineer must separate the high-availability pair from Cisco Secure Firewall Management Center. Which action must the engineer take first to restore high availability?

A. Configure NTP time synchronization.

B. Force a break between the devices.

C. Unregister the secondary device.

D. Register the secondary device

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 9

An engineer is configuring Cisco Secure Firewall Threat Defense managed by a Secure Firewall Management Center appliance. The company wants remote access VPN users to be reachable from the inside network. What must the engineer configure to meet the requirements?

A. manual NAT exemption rule at the top of the NAT policy

B. auto NAT exemption rule at the bottom of the NAT policy

C. auto NAT exemption rule at the top of the NAT policy

D. manual NAT exemption rule at the bottom of the NAT policy

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 10

What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?

A. The system repeatedly generates warnings.

B. The system rate-limits all traffic.

C. Matching traffic is not rate limited.

D. The rate-limiting rule is disabled.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 11

Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

A. Bridge groups are supported only in transparent firewall mode.

B. Each directly connected network must be on the same subnet.

C. The BVI IP address must be in a separate subnet from the connected network.

D. Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge- group members.

E. Bridge groups are supported in both transparent and routed firewall modes.

Discussion 0

Correct Answer: B,E Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 12

An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching.
Which action must be taken to meet these requirements?

A. Configure an IPS policy and enable per-rule logging.

B. Disable the default IPS policy and enable per-rule logging.

C. Configure an IPS policy and enable global logging.

D. Disable the default IPS policy and enable global logging.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 13

Which action must be taken to permit communication between a bridge group and routed interface on Cisco Secure Firewall?

A. Create an ACL for the bridge group.

B. Create an access rule to allow the traffic.

C. Define a source NAT address.

D. Enable split tunneling.

Discussion 0

Correct Answer: B Vote an answer

Question 14

A user within an organization opened a malicious file on a workstation which in turn caused a ransomware attack on the network.
What should be configured within the Cisco FMC to ensure the file is tested for viruses on a sandbox system?

A. Capacity handling

B. Spere analysis

C. Local malware analysis

D. Dynamic analysis

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 15

An administrator Is setting up a Cisco PMC and must provide expert mode access for a security engineer. The engineer Is permitted to use only a secured out-of-band network workstation with a static IP address to access the Cisco FMC. What must be configured to enable this access?

A. Enable SCP under the Access List section.

B. Enable SSH and define an access list.

C. Enable HTTPS and SNMP under the Access List section.

D. Enable HTTP and define an access list.

Discussion 0

Correct Answer: B Vote an answer

Cisco Securing Networks with Cisco Firepower - 300-710 Exam Practice Test

Contact Us

Useful Links

Latest Updated