Practice Exams:

Free 300-710 Exam Braindumps

Pass your Securing Networks with Cisco Firepower (SNCF) exam with these free Questions and Answers

Page 3 of 52
PDF with 260 Questions
QUESTION 6

- (Exam Topic 5)
An organization is implementing Cisco FTD using transparent mode in the network. Which rule in the default Access Control Policy ensures that this deployment does not create a loop in the network?

  1. A. ARP inspection is enabled by default.
  2. B. Multicast and broadcast packets are denied by default.
  3. C. STP BPDU packets are allowed by default.
  4. D. ARP packets are allowed by default.

Correct Answer: B

QUESTION 7

- (Exam Topic 5)
A security engineer must deploy a Cisco FTD appliance as a bump in the wire to detect intrusion events without disrupting the flow of network traffic. Which two features must be configured to accomplish the task? (Choose two.)

  1. A. inline set pair
  2. B. transparent mode
  3. C. tapemode
  4. D. passive interfaces
  5. E. bridged mode

Correct Answer: BC

QUESTION 8

- (Exam Topic 5)
Which process should be checked when troubleshooting registration issues between Cisco FMC and managed devices to verify that secure communication is occurring?

  1. A. fpcollect
  2. B. dhclient
  3. C. sfmgr
  4. D. sftunnel

Correct Answer: D

QUESTION 9

- (Exam Topic 5)
An engineer is troubleshooting application failures through a FTD deployment. While using the FMC CLI. it has been determined that the traffic in question is not matching the desired policy. What should be done to correct this?

  1. A. Use the system support firewall-engine-debug command to determine which rules the traffic matching and modify the rule accordingly
  2. B. Use the system support application-identification-debug command to determine which rules the traffic matching and modify the rule accordingly
  3. C. Use the system support firewall-engine-dump-user-f density-data command to change the policy and allow the application through the firewall.
  4. D. Use the system support network-options command to fine tune the policy.

Correct Answer: A

QUESTION 10

- (Exam Topic 5)
A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet How is this accomplished on an FTD device in routed mode?

  1. A. by leveraging the ARP to direct traffic through the firewall
  2. B. by assigning an inline set interface
  3. C. by using a BVI and create a BVI IP address in the same subnet as the user segment
  4. D. by bypassing protocol inspection by leveraging pre-filter rules

Correct Answer: C
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/trans

Page 3 of 52
PDF with 260 Questions

Post your Comments and Discuss Cisco 300-710 exam with other Community members: