Practice Exams:

Free 300-710 Exam Braindumps

Pass your Securing Networks with Cisco Firepower (SNCF) exam with these free Questions and Answers

Page 11 of 52
PDF with 260 Questions
QUESTION 46

- (Exam Topic 5)
An organization has a compliancy requirement to protect servers from clients, however, the clients and servers all reside on the same Layer 3 network Without readdressing IP subnets for clients or servers, how is segmentation achieved?

  1. A. Deploy a firewall in transparent mode between the clients and servers.
  2. B. Change the IP addresses of the clients, while remaining on the same subnet.
  3. C. Deploy a firewall in routed mode between the clients and servers
  4. D. Change the IP addresses of the servers, while remaining on the same subnet

Correct Answer: A

QUESTION 47

- (Exam Topic 1)
An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment?

  1. A. in active/active mode
  2. B. in a cluster span EtherChannel
  3. C. in active/passive mode
  4. D. in cluster interface mode

Correct Answer: C

QUESTION 48

- (Exam Topic 3)
What is the maximum bit size that Cisco FMC supports for HTTPS certificates?

  1. A. A.-1024B.8192C.4096D.2048

Correct Answer: C
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config- guide-v61/system_configuration.html

QUESTION 49

- (Exam Topic 5)
An engineer is monitoring network traffic from their sales and product development departments, which are on two separate networks What must be configured in order to maintain data privacy for both departments?

  1. A. Use a dedicated IPS inline set for each department to maintain traffic separation
  2. B. Use 802 1Q mime set Trunk interfaces with VLANs to maintain logical traffic separation
  3. C. Use passive IDS ports for both departments
  4. D. Use one pair of inline set in TAP mode for both departments

Correct Answer: B

QUESTION 50

- (Exam Topic 5)
A network engineer is tasked with minimising traffic interruption during peak traffic limes. When the SNORT inspection engine is overwhelmed, what must be configured to alleviate this issue?

  1. A. Enable IPS inline link state propagation
  2. B. Enable Pre-filter policies before the SNORT engine failure.
  3. C. Set a Trust ALL access control policy.
  4. D. Enable Automatic Application Bypass.

Correct Answer: D

Page 11 of 52
PDF with 260 Questions

Post your Comments and Discuss Cisco 300-710 exam with other Community members: