Practice Exams:

Free 300-710 Exam Braindumps

Pass your Securing Networks with Cisco Firepower (SNCF) exam with these free Questions and Answers

Page 15 of 52
PDF with 260 Questions
QUESTION 66

- (Exam Topic 5)
An engineer attempts to pull the configuration for a Cisco FTD sensor to review with Cisco TAC but does not have direct access to the CU for the device. The CLl for the device is managed by Cisco FMC to which the engineer has access. Which action in Cisco FMC grants access to the CLl for the device?

  1. A. Export the configuration using the Import/Export tool within Cisco FMC.
  2. B. Create a backup of the configuration within the Cisco FMC.
  3. C. Use the show run all command in the Cisco FTD CLI feature within Cisco FMC.
  4. D. Download the configuration file within the File Download section of Cisco FMC.

Correct Answer: A

QUESTION 67

- (Exam Topic 1)
With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?

  1. A. inline set
  2. B. passive
  3. C. routed
  4. D. inline tap

Correct Answer: B
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config- guide-v64/interface_overview_for_firepower_threat_defense.html

QUESTION 68

- (Exam Topic 5)
300-710 dumps exhibit
Refer to the exhibit An engineer is modifying an access control pokey to add a rule to inspect all DNS traffic that passes through the firewall After making the change and deploying the pokey they see that DNS traffic is not bang inspected by the Snort engine What is the problem?

  1. A. The rule must specify the security zone that originates the traffic
  2. B. The rule must define the source network for inspection as well as the port
  3. C. The action of the rule is set to trust instead of allow.
  4. D. The rule is configured with the wrong setting for the source port

Correct Answer: C

QUESTION 69

- (Exam Topic 5)
An engineer is investigating connectivity problems on Cisco Firepower that is using service group tags.
Specific devices are not being tagged correctly, which is preventing clients from using the proper policies when going through the firewall How is this issue resolved?

  1. A. Use traceroute with advanced options.
  2. B. Use Wireshark with an IP subnet filter.
  3. C. Use a packet capture with match criteria.
  4. D. Use a packet sniffer with correct filtering

Correct Answer: C

QUESTION 70

- (Exam Topic 3)
Which Cisco Firepower feature is used to reduce the number of events received in a period of time?

  1. A. rate-limiting
  2. B. suspending
  3. C. correlation
  4. D. thresholding

Correct Answer: D
Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa- firepower-module-user-guide-v541/Intrusion-Global-Threshold.html

Page 15 of 52
PDF with 260 Questions

Post your Comments and Discuss Cisco 300-710 exam with other Community members: