최신 300-710 무료덤프 - Cisco Securing Networks with Cisco Firepower

문제1

A network administrator is seeing an unknown verdict for a file detected by Cisco FTD. Which malware policy configuration option must be selected in order to further analyse the file in the Talos cloud?

A. Malware analysis

B. Sandbox analysis

C. Spero analysis

D. Dynamic analysis

정답: A

문제2

Which Cisco FMC report gives the analyst information about the ports and protocols that are related to the configured sensitive network for analysis?

A. Firepower Report

B. Host Report

C. Network Report

D. Malware Report

정답: C

문제3

What must be implemented on Cisco Firepower to allow multiple logical devices on a single physical device to have access to external hosts?

A. Add one shared management interface on all logical devices.

B. Add at least two container instances from the same module.

C. Set up a cluster control link between all logical devices

D. Define VLAN subinterfaces for each logical device.

정답: A

문제4

What is a limitation to consider when running a dynamic routing protocol on a Cisco FTD device in IRB mode?

A. Only EtherChannel interfaces are supposed.

B. Only link-stale routing protocols are supported.

C. Only nonbridge interfaces are supported.

D. Only distance vector routing protocols are supported.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

문제5

An organization is installing a new Cisco FTD appliance in the network. An engineer is tasked with configuring access between two network segments within the same IP subnet. Which step is needed to accomplish this task?

A. Add a separate bridge group for each segment.

B. Assign an IP address to the Bridge Virtual Interface.

C. Permit BPDU packets to prevent loops.

D. Specify a name for the bridge group.

정답: B

문제6

An organization has a Cisco IPS running in inline mode and is inspecting traffic for malicious activity. When traffic is received by the Cisco IRS, if it is not dropped, how does the traffic get to its destination?

A. The packets are duplicated and a copy is sent to the destination.

B. It is retransmitted from the Cisco IPS inline set.

C. It is routed back to the Cisco ASA interfaces for transmission.

D. It is transmitted out of the Cisco IPS outside interface.

정답: B

문제7

An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects. What is the reason for this failure?

A. The administrator is adding an interface that is in multiple zones.

B. The interfaces are being used for NAT for multiple networks.

C. The administrator is adding interfaces of multiple types.

D. The interfaces belong to multiple interface groups.

정답: D

설명: (DumpTOP 회원만 볼 수 있음)

문제8

A network administrator is concerned about (he high number of malware files affecting users' machines. What must be done within the access control policy in Cisco FMC to address this concern?

A. Create a file policy and set the access control policy to allow.

B. Create an intrusion policy and set the access control policy to allow.

C. Create a file policy and set the access control policy to block.

D. Create an intrusion policy and set the access control policy to block.

정답: C

문제9

An engineer must deploy a Cisco FTD appliance via Cisco FMC to span a network segment to detect malware and threats. When setting the Cisco FTD interface mode, which sequence of actions meets this requirement?

A. Set to none, and configure an access control policy with a prefilter policy defined

B. Set to none, and configure an access control policy with an intrusion policy and a file policy defined

C. Set to passive, and configure an access control policy with a prefilter policy defined

D. Set to passive, and configure an access control policy with an intrusion policy and a file policy defined

정답: D

문제10

Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

A. Bridge groups are supported only in transparent firewall mode.

B. Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

C. Each directly connected network must be on the same subnet.

D. Bridge groups are supported in both transparent and routed firewall modes.

E. The BVI IP address must be in a separate subnet from the connected network.

정답: C,D

설명: (DumpTOP 회원만 볼 수 있음)

문제11

An administrator needs to configure Cisco FMC to send a notification email when a data transfer larger than
10 MB is initiated from an internal host outside of standard business hours. Which Cisco FMC feature must be configured to accomplish this task?

A. correlation policy

B. application detector

C. file and malware policy

D. intrusion policy

정답: C

문제12

An engineer defines a new rule while configuring an Access Control Policy. After deploying the policy, the rule is not working as expected and the hit counters associated with the rule are showing zero. What is causing this error?

A. An incorrect application signature was used in the rule.

B. The wrong source interface for Snort was selected in the rule.

C. The rule was not enabled after being created.

D. Logging is not enabled for the rule.

정답: C

문제13

What is the difference between inline and inline tap on Cisco Firepower?

A. Inline tap mode does full packet capture.

B. Inline tap mode can send a copy of the traffic to another device.

C. Inline mode can drop malicious traffic.

D. Inline mode cannot do SSL decryption.

정답: B

문제14

A network administrator is configuring an FTD in transparent mode. A bridge group is set up and an access policy has been set up to allow all IP traffic. Traffic is not passing through the FTD. What additional configuration is needed?

A. A mac-access control list must be added to allow all MAC addresses.

B. An IP address must be assigned to the BVI.

C. The security levels of the interfaces must be set.

D. A default route must be added to the FTD.

정답: B

문제15

A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash. Which configuration is needed to mitigate this threat?

A. Add the hash from the infected endpoint to the network block list.

B. Enable a personal firewall in the infected endpoint.

C. Add the hash to the simple custom deletion list.

D. Use regular expressions to block the malicious file.

정답: C

문제16

Which file format can standard reports from Cisco Secure Firewall Management Center be downloaded in?

A. xis

B. csv

C. doc

D. ppt

정답: B

설명: (DumpTOP 회원만 볼 수 있음)

문제17

An engineer has been tasked with providing disaster recovery for an organization's primary Cisco FMC. What must be done on the primary and secondary Cisco FMCs to ensure that a copy of the original corporate policy is available if the primary Cisco FMC fails?

A. Configure high-availability in both the primary and secondary Cisco FMCs.

B. Connect the primary and secondary Cisco FMC devices with Category 6 cables of not more than 10 meters in length.

C. Place the active Cisco FMC device on the same trusted management network as the standby device.

D. Restore the primary Cisco FMC backup configuration to the secondary Cisco FMC device when the primary device fails.

정답: D

문제18

Network users are experiencing Intermittent issues with internet access. An engineer ident med mat the issue Is being caused by NAT exhaustion. How must the engineer change the dynamic NAT configuration to provide internet access for more users without running out of resources?

A. Add an identity NAT rule to handle the overflow of users.

B. Define an additional static NAT for the network object in use.

C. Configure fallthrough to interface PAT on 'he Advanced tab.

D. Convert the dynamic auto NAT rule to dynamic manual NAT.

정답: C

설명: (DumpTOP 회원만 볼 수 있음)

최신 300-710 무료덤프 - Cisco Securing Networks with Cisco Firepower

우리와 연락하기

유용한 링크

최신 업데이트