Try 2022 Free CCNP Security 300-710 SNCF Exam Questions

test2022-03-04T06:20:32+00:00

Exam (SNCF 300-710) Securing Networks with Cisco Firepower is a 90-minute exam associated with the CCNP Security Certification. This exam tests your knowledge of Cisco Firepower® Threat Defense and Firepower® 7000 and 8000 Series virtual appliances. We have updated Cisco 300-710 SNCF practice exam which include real exam questions and answers to assist you in preparing for the 300-710 exam and get your desired certification.

Try 2022 Free CCNP Security 300-710 SNCF Exam Questions to test yourself!

Page 1 of 5

1. Refer to the exhibit.

An administrator is looking at some of the reporting capabilities for Cisco Firepower and noticed this section of the Network Risk report showing a lot of SSL activity that cloud be used for evasion.

Which action will mitigate this risk?

Use SSL decryption to analyze the packets.

Use encrypted traffic analytics to detect attacks

Use Cisco AMP for Endpoints to block all SSL connection

Use Cisco Tetration to track SSL connections to servers.

2. An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs.

Which two steps must be taken to meet these requirements? (Choose two.)

Modify the system-provided block page result using Python.

Create HTML code with the information for the policies and procedures.

Edit the HTTP request handling in the access control policy to customized block.

Write CSS code with the information for the policies and procedures.

Change the HTTP response in the access control policy to custom.

3. A network administrator notices that inspection has been interrupted on all non-managed interfaces of a device.

What is the cause of this?

The value of the highest MTU assigned to any non-management interface was changed.

The value of the highest MSS assigned to any non-management interface was changed.

A passive interface was associated with a security zone.

Multiple inline interface pairs were added to the same inline interface.

4. A security engineer is configuring an Access Control Policy for multiple branch locations These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location.

What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?

utilizing policy inheritance

utilizing a dynamic ACP that updates from Cisco Talos

creating a unique ACP per device

creating an ACP with an INSIDE_NET network object and object overrides

5. Which action should you take when Cisco Threat Response notifies you that AMP has identified a file as malware?

Add the malicious file to the block list.

Send a snapshot to Cisco for technical support.

Forward the result of the investigation to an external threat-analysis engine.

Wait for Cisco Threat Response to automatically block the malware.

6. An engineer has been tasked with providing disaster recovery for an organization's primary Cisco FMC.

What must be done on the primary and secondary Cisco FMCs to ensure that a copy of the original corporate policy is available if the primary Cisco FMC fails?

Configure high-availability in both the primary and secondary Cisco FMCs

Connect the primary and secondary Cisco FMC devices with Category 6 cables of not more than 10 meters in length.

Place the active Cisco FMC device on the same trusted management network as the standby device

Restore the primary Cisco FMC backup configuration to the secondary Cisco FMC device when the primary device fails

7. IT management is asking the network engineer to provide high-level summary statistics of the Cisco FTD appliance in the network. The business is approaching a peak season so the need to maintain business uptime is high.

Which report type should be used to gather this information?

Malware Report

Standard Report

SNMP Report

Risk Report

8. A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisc FMC generated analert for the malware event, however the user still remained connected.

Which Cisco APM file rule action within the Cisco FMC must be set to resolve this issue?

Detect Files

Malware Cloud Lookup

Local Malware Analysis

Reset Connection

9. A user within an organization opened a malicious file on aworkstation which in turn caused a ransomware attack on the network.

What should be configured within the Cisco FMC to ensure the file is tested for viruses on a sandbox system?

Capacity handling

Local malware analysis

Spere analysis

Dynamic analysis

10. An engineer has been tasked with using Cisco FMC to determine if files being sentthrough the network are malware.

Which two configuration tasks must be performed to achieve this file lookup? (Choose two).

The Cisco FMC needs to include a SSL decryption policy.

The Cisco FMC needs to connect to the Cisco AMP for Endpoints service.

The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing.

The Cisco FMC needs to connect with the FireAMP Cloud.

The Cisco FMC needs to include a file inspection policy for malware lookup.

Page 2 of 5

11. The event dashboard within the Cisco FMC has been inundated with low priority intrusion drop events, which are overshadowing high priority events. An engineer has been tasked with reviewing the policies and reducing the low priority events.

Which action should be configured to accomplish this task?

generate events

drop packet

drop connection

drop and generate

12. What is a valid Cisco AMP file disposition?

non-malicious

malware

known-good

pristine

13. A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash.

Which configuration is needed to mitigate this threat?

Use regular expressions to block the malicious file.

Add the hash from the infected endpoint to the network block list.

Add the hash to the simple custom detection list.

Enable a personal firewall in the infected endpoint.

14. A network administrator reviews the file report for the last month and notices that all file types, except exe. show a disposition of unknown.

What is the cause of this issue?

The malware license has not been applied to the Cisco FT

The Cisco FMC cannot reach the Internet to analyze files.

A file policy has not been applied to the access policy.

Only Spero file analysis is enabled.

15. What is the advantage of having Cisco Firepower devices send events to Cisco Threat Response via the security services exchange portal directly as opposed to using syslog?

All types of Cisco Firepower devices are supported.

An on-premises proxy server does not need to be set up and maintained.

Cisco Firepower devices do not need to be connected to the Internet.

Supports all devices that are running supported versions of Cisco Firepower.

16. An engineer is configuring Cisco FMC and wants to limit the time allowed for processing packets through the interface However if the time is exceeded the configuration must allow packets to bypass detection.

What must be configured on the Cisco FMC to accomplish this task?

Fast-Path Rules Bypass

Cisco ISE Security Group Tag

Inspect Local Traffic Bypass

Automatic Application Bypass

17. Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123?

configure manager local 10.0.0.10 Cisco123

configure manager add Cisco123 10.0.0.10

configure manager local Cisco123 10.0.0.10

configure manager add 10.0.0.10 Cisco123

18. Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)

EIGRP

OSPF

static routing

IS-IS

BGP

19. An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behaviour.

How is this accomplished?

Modify the access control policy to redirect interesting traffic to the engine

Modify the network discovery policy to detect new hosts to inspect

Modify the network analysis policy to process the packets for inspection

Modify the intrusion policy to determine the minimum severity of an event to inspect.

20. Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)

dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.

reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists

network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country

network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country

reputation-based objects, such as URL categories

Page 3 of 5

21. Which command should be used on the Cisco FTD CLIto capture all the packets that hit an interface?

configure coredump packet-engine enable

capture-traffic

capture

capture WORD

22. Within Cisco Firepower Management Center, where does a user add or modify widgets?

dashboard

reporting

context explorer

summary tool

23. An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ.

Which action should the engineer take to troubleshoot this issue using the real DNS packets?

Use the Connection Events dashboard to check the block reason and adjust the inspection policy as needed.

Use the packet capture tool to check where the traffic is being blocked and adjust the access control or intrusion policy as needed.

Use the packet tracer tool to determine at which hop the packet is being dropped.

Use the show blocks command in the Threat Defense CLI tool and create a policy to allow the blocked traffic.

24. A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash.

Which configuration is needed to mitigate this threat?

Add the hash to the simple custom deletion list.

Use regular expressions to block the malicious file.

Enable a personal firewall in the infected endpoint.

Add the hash from the infected endpoint to the network block list.

25. Which two considerations must be made when deleting and re-adding devices while managing them via Cisco FMC (Choose two).

Before re-adding the device In Cisco FMC, the manager must be added back.

The Cisco FMC web interface prompts users to re-apply access control policies.

Once a device has been deleted, It must be reconfigured before it is re-added to the Cisco FM

An option to re-apply NAT and VPN policies during registration is available, so users do not need to re-apply the polices after registration is completed.

There is no option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

26. Whichreport template field format is available in Cisco FMC?

box lever chart

arrow chart

bar chart

benchmark chart

27. A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet.

How is this accomplished on an FTD device in routed mode?

by leveraging the ARP to direct traffic through the firewall

by assigning an inline set interface

by using a BVI and create a BVI IP address in the same subnet as the user segment

by bypassing protocol inspection by leveraging pre-filter rules

28. An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs Each DMZ has a unique private IP subnet range.

How is this requirement satisfied?

Deploy the firewall in transparent mode with access control policies.

Deploy the firewall in routed mode with access control policies.

Deploy the firewall in routed mode with NAT configured.

Deploy the firewall in transparent mode with NAT configured.

29. What is the maximum SHA level of filtering that Threat Intelligence Director supports?

SHA-1024

SHA-4096

SHA-512

SHA-256

30. Which feature within the Cisco FMC web interface allows for detecting, analyzing and blocking malware in network traffic?

intrusion and fileevents

Cisco AMP for Endpoints

Cisco AMP for Networks

file policies

Page 4 of 5

31. An engineer is troubleshooting application failures through a FTD deployment. While using the FMC CLI. it has been determined that the traffic in question is not matching the desired policy.

What should be done to correct this?

Use the system support firewall-engine-debug command to determine which rules the traffic matching and modify the rule accordingly

Use the system support application-identification-debug command to determine which rules the traffic matching and modify the rule accordingly

Use the system support firewall-engine-dump-user-f density-data command to change the policy and allow the application through the firewall.

Use the system support network-options command to fine tune the policy.

32. Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)

OSPFv2 with IPv6 capabilities

virtual links

SHA authentication to OSPF packets

area boundary router type 1 LSA filtering

MD5 authentication to OSPF packets

33. An analyst using the security analyst account permissions is trying to view theCorrelations Events Widget but is not able to access it. However, other dashboards are accessible.

Why is this occurring?

An API restriction within the Cisco FMC is preventing the widget from displaying.

The widget is configured to display only when active events are present.

The widget is not configured within the Cisco FM

The security analyst role does not have permission to view this widget.

34. Which two statements about deleting and re-adding a device to Cisco FMC are true? (Choose two.)

An option to re-apply NAT and VPN policies during registration is available, so users do not need to re-apply the policies after registration is completed.

Before re-adding the device in Cisco FMC, you must add the manager back in the device.

No option to delete and re-add a device is available in the Cisco FMC web interface.

The Cisco FMC web interface prompts users to re-apply access control policies.

No option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

35. Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.)

same flash memory size

same NTP configuration

same DHCP/PPoE configuration

same host name

same number of interfaces

36. An engineer is configuring a Cisco IPS to protect the network and wants to test a policy before deploying it. A copy of each incoming packet needs to be monitored while traffic flow remains constant.

Which IPS mode should be implemented to meet these requirements?

Inline tap

passive

transparent

routed

37. What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

VPN connections can be re-established only if the failed master unit recovers.

Smart License is required to maintain VPN connections simultaneously across all cluster units.

VPN connections must be re-established when a new master unit is elected.

Only established VPN connections are maintained when a new master unit is elected.

38. 16.18.15, but the requestor asked for the engineer to open the port for all machines that have been trying to connect to it over the last week.

Which action must the engineer take to troubleshoot this issue?

Use the context explorer to see the application blocks by protocol.

Use the context explorer to see the destination port blocks

Filter the connection events by the source port 8699/udp.

Filter the connection events by the destination port8699/udp.

39. Which CLI command is used to control special handling of clientHello messages?

system supportssl-client-hello-tuning

system support ssl-client-hello-display

system support ssl-client-hello-force-reset

system support ssl-client-hello-reset

40. An administrator is working on a migration from Cisco ASA to the Cisco FTD appliance and needs to test the rules without disrupting the traffic.

Which policy type should be used to configure the ASA rules during this phase of the migration?

identity

Intrusion

Access Control

Prefilter

Page 5 of 5

41. With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?

inline set

passive

routed

inline tap

42. Which two actions can be used in an access control policy rule? (Choose two.)

Block with Reset

Monitor

Analyze

Discover

Block ALL

43. What is the difference between inline and inline tap on Cisco Firepower?

Inline tap mode can send a copy of the traffic to another device.

Inline tap mode does full packet capture.

Inline mode cannot do SSL decryption.

Inline mode can drop malicious traffic.

44. When creating a report template, how can the results be limited to show only the activity of a specific subnet?

Create acustom search in Firepower Management Center and select it in each section of the report.

Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/I

Add a Table View section to the report with the Search field defined as the network in CIDR format.

Select IP Address as the X-Axis in each section of the report.

45. With a recent summer time change, system logs are showing activity that occurred to be an hour behind real time.

Which action should be taken to resolve this issue?

Manually adjust the time to the correct hour on all managed devices

Configure the system clock settings to use NTP with Daylight Savings checked

Manually adjust the time to the correct hour on the Cisco FM

Configure the system clock settings to use NTP

46. Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

The BVI IP address must be in a separate subnet from the connected network.

Bridge groups are supported in both transparent and routed firewall modes.

Bridge groups are supported only in transparent firewall mode.

Bidirectional Forwarding Detection echo packets are allowed through the FTD when usingbridge-group members.

Each directly connected network must be on the same subnet.

47. An engineer is investigating connectivity problems on Cisco Firepower that is using service group tags. Specific devices are not being tagged correctly, which is preventing clients from using the proper policies when going through the firewall.

How is this issue resolved?

Use traceroute with advanced options.

Use Wireshark with an IP subnet filter.

Use a packet capture with match criteria.

Use a packet sniffer with correct filtering

48. An organization has noticed that malware was downloaded from a website that does not currently have a known bad reputation.

How will this issue be addresses globally in the quickest way possible and with the least amount of impact?

by denying outbound web access

Cisco Talos will automatically update the policies.

by Isolating the endpoint

by creating a URL object in the policy to block the website