Practice Exams:

Free 300-710 Exam Braindumps

Pass your Securing Networks with Cisco Firepower (SNCF) exam with these free Questions and Answers

Page 4 of 52
PDF with 260 Questions
QUESTION 11

- (Exam Topic 1)
Within an organization's high availability environment where both firewalls are passing traffic, traffic must be segmented based on which department it is destined for. Each department is situated on a different LAN. What must be configured to meet these requirements?

  1. A. span EtherChannel clustering
  2. B. redundant interfaces
  3. C. high availability active/standby firewalls
  4. D. multi-instance firewalls

Correct Answer: D

QUESTION 12

- (Exam Topic 2)
A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it What is the reason for this issue?

  1. A. A manual NAT exemption rule does not exist at the top of the NAT table.
  2. B. An external NAT IP address is not configured.
  3. C. An external NAT IP address is configured to match the wrong interface.
  4. D. An object NAT exemption rule does not exist at the top of the NAT table.

Correct Answer: A
https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212702-configure-and-verif

QUESTION 13

- (Exam Topic 1)
On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?

  1. A. transparent inline mode
  2. B. TAP mode
  3. C. strict TCP enforcement
  4. D. propagate link state

Correct Answer: D
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config- guide-v64/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html

QUESTION 14

- (Exam Topic 5)
An engineer is troubleshooting HTTP traffic to a web server using the packet capture tool on Cisco FMC. When reviewing the captures, the engineer notices that there are a lot of packets that are not sourced from or destined to the web server being captured. How can the engineer reduce the strain of capturing packets for irrelevant traffic on the Cisco FTD device?

  1. A. Use the host filter in the packet capture to capture traffic to or from a specific host.
  2. B. Redirect the packet capture output to a .pcap file that can be opened with Wireshark.
  3. C. Use the -c option to restrict the packet capture to only the first 100 packets.
  4. D. Use an access-list within the packet capture to permit only HTTP traffic to and from the web server.

Correct Answer: A

QUESTION 15

- (Exam Topic 5)
An administrator is setting up Cisco Firepower to send data to the Cisco Stealthwatch appliances. The NetFlow_Set_Parameters object is already created, but NetFlow is not being sent to the flow collector. What must be done to prevent this from occurring?

  1. A. Add the NetFlow_Send_Destination object to the configuration
  2. B. Create a Security Intelligence object to send the data to Cisco Stealthwatch
  3. C. Create a service identifier to enable the NetFlow service
  4. D. Add the NetFlow_Add_Destination object to the configuration

Correct Answer: B

Page 4 of 52
PDF with 260 Questions

Post your Comments and Discuss Cisco 300-710 exam with other Community members: