Practice Exams:

Free 300-710 Exam Braindumps

Pass your Securing Networks with Cisco Firepower (SNCF) exam with these free Questions and Answers

Page 14 of 52
PDF with 260 Questions
QUESTION 61

- (Exam Topic 5)
A network administrator configured a NAT policy that translates a public IP address to an internal web server IP address. An access policy has also been created that allows any source to reach the public IP address on port 80. The web server is still not reachable from the Internet on port 80. Which configuration change is needed?

  1. A. The intrusion policy must be disabled for port 80.
  2. B. The access policy rule must be configured for the action trust.
  3. C. The NAT policy must be modified to translate the source IP address as well as destination IP address.
  4. D. The access policy must allow traffic to the internal web server IP address.

Correct Answer: D

QUESTION 62

- (Exam Topic 3)
Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.
300-710 dumps exhibit
Solution:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/firepower_management_center_high_availability.html#id_32288

Does this meet the goal?

  1. A. Yes
  2. B. No

Correct Answer: A

QUESTION 63

- (Exam Topic 3)
Which two statements about deleting and re-adding a device to Cisco FMC are true? (Choose two.)

  1. A. An option to re-apply NAT and VPN policies during registration is available, so users do not need to re- apply the policies after registration is completed.
  2. B. Before re-adding the device in Cisco FMC, you must add the manager back in the device.
  3. C. No option to delete and re-add a device is available in the Cisco FMC web interface.
  4. D. The Cisco FMC web interface prompts users to re-apply access control policies.
  5. E. No option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

Correct Answer: DE
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide- v60/Device_Management_Basics.html

QUESTION 64

- (Exam Topic 5)
An administrator is configuring their transparent Cisco FTD device to receive ERSPAN traffic from multiple switches on a passive port, but the Cisco FTD is not processing the traffic. What is the problem?

  1. A. The switches do not have Layer 3 connectivity to the FTD device for GRE traffic transmission.
  2. B. The switches were not set up with a monitor session ID that matches the flow ID defined on the CiscoFTD.
  3. C. The Cisco FTD must be in routed mode to process ERSPAN traffic.
  4. D. The Cisco FTD must be configured with an ERSPAN port not a passive port.

Correct Answer: C

QUESTION 65

- (Exam Topic 5)
An engineer wants to connect a single IP subnet through a Cisco FTD firewall and enforce policy. There is a requirement to present the internal IP subnet to the outside as a different IP address. What must be configured to meet these requirements?

  1. A. Configure the downstream router to perform NAT.
  2. B. Configure the upstream router to perform NAT.
  3. C. Configure the Cisco FTD firewall in routed mode with NAT enabled.
  4. D. Configure the Cisco FTD firewall in transparent mode with NAT enabled.

Correct Answer: C

Page 14 of 52
PDF with 260 Questions

Post your Comments and Discuss Cisco 300-710 exam with other Community members: