Practice Test for 300-710 Certification Real 2023 Mock Exam [Q126-Q151]

Practice Test for 300-710 Certification Real 2023 Mock Exam

Prepare For Realistic 300-710 Dumps PDF - 100% Passing Guarantee

NEW QUESTION # 126
An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware. Which two configuration takes must be performed to achieve this file lookup? (Choose two.)

• A. The Cisco FMC needs to include a file inspection policy for malware lookup.
• B. The Cisco FMC needs to connect with the FireAMP Cloud.
• C. The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing.
• D. The Cisco FMC needs to include a SSL decryption policy.
• E. The Cisco FMC needs to connect to the Cisco AMP for Endpoints service.

Answer: A,E

NEW QUESTION # 127
Within an organization's high availability environment where both firewalls are passing traffic, traffic must be segmented based on which department it is destined for. Each department is situated on a different LAN. What must be configured to meet these requirements?

• A. high availability active/standby firewalls
• B. span EtherChannel clustering
• C. redundant interfaces
• D. multi-instance firewalls

Answer: D

NEW QUESTION # 128
A network administrator configured a NAT policy that translates a public IP address to an internal web server IP address. An access policy has also been created that allows any source to reach the public IP address on port 80. The web server is still not reachable from the Internet on port 80. Which configuration change is needed?

• A. The NAT policy must be modified to translate the source IP address as well as destination IP address.
• B. The access policy rule must be configured for the action trust.
• C. The intrusion policy must be disabled for port 80.
• D. The access policy must allow traffic to the internal web server IP address.

Answer: D

NEW QUESTION # 129

Refer to the exhibit. An engineer is analyzing the Attacks Risk Report and finds that there are over 300 instances of new operating systems being seen on the network. How is the Firepower configuration updated to protect these new operating systems?

• A. The administrator manually updates the policies.
• B. Cisco Firepower gives recommendations to update the policies.
• C. The administrator requests a Remediation Recommendation Report from Cisco Firepower.
• D. Cisco Firepower automatically updates the policies.

Answer: B

Explanation:
Section: Management and Troubleshooting

NEW QUESTION # 130
Which two actions can be used in an access control policy rule? (Choose two.)

• A. Block ALL
• B. Block with Reset
• C. Analyze
• D. Discover
• E. Monitor

Answer: B,E

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/AC-Rules-Tuning-Overview.html#71854

NEW QUESTION # 131
An administrator must use Cisco FMC to install a backup route within the Cisco FTD to route traffic in case of a routing failure with the primary route. Which action accomplishes this task?

• A. Configure EIGRP routing on the FMC to ensure that dynamic routes are always updated.
• B. Use a default route on the FMC instead of having multiple routes contending for priority.
• C. Create the backup route and use route tracking on both routes to a destination IP address in the network.
• D. Install the static backup route and modify the metric to be less than the primary route.

Answer: C

NEW QUESTION # 132
Which Cisco Firepower rule action displays an HTTP warning page?

• A. Monitor
• B. Allow with Warning
• C. Block
• D. Interactive Block

Answer: D

Explanation:
Section: Configuration
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System- UserGuide-v5401/AC-Rules-Tuning-Overview.html#76698

NEW QUESTION # 133
An engineer has been asked to show application usages automatically on a monthly basis and send the information to management What mechanism should be used to accomplish this task?

• A. dashboards
• B. event viewer
• C. reports
• D. context explorer

Answer: C

NEW QUESTION # 134
Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.

Answer:

Explanation:

NEW QUESTION # 135
An engineer is creating an URL object on Cisco FMC How must it be configured so that the object will match for HTTPS traffic in an access control policy?

• A. Use the subject common name from the website certificate
• B. Define the path to the individual webpage that uses HTTPS.
• C. Specify the protocol to match (HTTP or HTTPS).
• D. Use the FQDN including the subdomain for the website

Answer: D

NEW QUESTION # 136
Which interface type allows packets to be dropped?

• A. TAP
• B. passive
• C. inline
• D. ERSPAN

Answer: C

Explanation:
Reference:
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuring-firepower-threat-defense-int.html

NEW QUESTION # 137
An analyst is investigating a potentially compromised endpoint within the network and pulls a host report for the endpoint in question to collect metrics and documentation. What information should be taken from this report for the investigation?

• A. client applications by user, web applications, and user connections
• B. number of attacked machines, sources of the attack, and traffic patterns
• C. intrusion events, host connections, and user sessions
• D. threat detections over time and application protocols transferring malware

Answer: C

NEW QUESTION # 138
A network administrator is migrating from a Cisco ASA to a Cisco FTD.
EIGRP is configured on the Cisco ASA but it is not available in the Cisco FMC.
Which action must the administrator take to enable this feature on the Cisco FTD?

• A. Add the command feature eigrp via the FTD CLI.
• B. Configure EIGRP parameters using FlexConfig objects.
• C. Create a custom variable set and enable the feature in the variable set.
• D. Enable advanced configuration options in the FMC.

Answer: B

NEW QUESTION # 139
An administrator is attempting to remotely log into a switch in the data centre using SSH and is unable to connect. How does the administrator confirm that traffic is reaching the firewall?

• A. by performing a packet capture on the firewall.
• B. by attempting to access it from a different workstation.
• C. by running a packet tracer on the firewall.
• D. by running Wireshark on the administrator's PC

Answer: A

NEW QUESTION # 140
After using Firepower for some time and learning about how it interacts with the network, an administrator is trying to correlate malicious activity with a user Which widget should be configured to provide this visibility on the Cisco Firepower dashboards?

• A. Current Sessions
• B. Custom Analysis
• C. Correlation Events
• D. Current Status

Answer: C

NEW QUESTION # 141
An analyst using the security analyst account permissions is trying to view the Correlations Events Widget but is not able to access it. However, other dashboards are accessible. Why is this occurring?

• A. The security analyst role does not have permission to view this widget.
• B. The widget is configured to display only when active events are present.
• C. An API restriction within the Cisco FMC is preventing the widget from displaying.
• D. The widget is not configured within the Cisco FMC.

Answer: D

NEW QUESTION # 142
An engineer defines a new rule while configuring an Access Control Policy. After deploying the policy, the rule is not working as expected and the hit counters associated with the rule are showing zero. What is causing this error?

• A. The rule was not enabled after being created.
• B. An incorrect application signature was used in the rule.
• C. The wrong source interface for Snort was selected in the rule.
• D. Logging is not enabled for the rule.

Answer: A

NEW QUESTION # 143
A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?

• A. The destination MAC address is optional if a VLAN ID value is entered
• B. Only the UDP packet type is supported
• C. The output format option for the packet logs unavailable
• D. The VLAN ID and destination MAC address are optional

Answer: A

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/troubleshooting_the_system.html

NEW QUESTION # 144
Which group within Cisco does the Threat Response team use for threat analysis and research?

• A. Cisco Deep Analytics
• B. Cisco Talos
• C. Cisco Network Response
• D. OpenDNS Group

Answer: B

Explanation:
Reference: https://www.cisco.com/c/en/us/products/security/threat-response.html#~benefits

NEW QUESTION # 145
While integrating Cisco Umbrella with Cisco Threat Response, a network security engineer wants to automatically push blocking of domains from the Cisco Threat Response interface to Cisco Umbrell a. Which API meets this requirement?

• A. reporting
• B. investigate
• C. enforcement
• D. REST

Answer: C

NEW QUESTION # 146
What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

• A. VPN connections can be re-established only if the failed master unit recovers.
• B. Only established VPN connections are maintained when a new master unit is elected.
• C. VPN connections must be re-established when a new master unit is elected.
• D. Smart License is required to maintain VPN connections simultaneously across all cluster units.

Answer: C

NEW QUESTION # 147
An administrator is adding a new URL-based category feed to the Cisco FMC for use within the policies. The intelligence source does not use STIX. but instead uses a .txt file format. Which action ensures that regular updates are provided?

• A. Add a TAXII feed source and input the URL for the feed.
• B. Add a URL source and select the flat file type within Cisco FMC.
• C. Upload the .txt file and configure automatic updates using the embedded URL.
• D. Convert the .txt file to STIX and upload it to the Cisco FMC.

Answer: A

NEW QUESTION # 148
What is the maximum bit size that Cisco FMC supports for HTTPS certificates?

• A. 0
• B. 1
• C. 2
• D. 3

Answer: B

NEW QUESTION # 149
After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file?

• A. system/etc/DCEALERT.MIB
• B. /etc/sf/DCEALERT.MIB
• C. /sf/etc/DCEALERT.MIB
• D. /etc/sf/DCMIB.ALERT

Answer: B

Explanation:
Section: Management and Troubleshooting
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa- firepower-module-user-guide-v541/Intrusion-External-Responses.pdf

NEW QUESTION # 150
Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.

Answer:

Explanation:

Explanation

Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/firepower_management_center_high_availability.html#id_32288

NEW QUESTION # 151
......

Download 300-710 Exam Dumps Questions to get 100% Success: https://www.passtorrent.com/300-710-latest-torrent.html

Check the Available 300-710 Exam Dumps with 261 QA's: https://drive.google.com/open?id=1SsMzEDcZm_yWJ4REOUTxDK0rPgz8m9sC