Practice Exams:

Free 300-710 Exam Braindumps

Pass your Securing Networks with Cisco Firepower (SNCF) exam with these free Questions and Answers

Page 5 of 52
PDF with 260 Questions
QUESTION 16

- (Exam Topic 5)
An engineer is configuring Cisco FMC and wants to limit the time allowed for processing packets through the interface However if the time is exceeded the configuration must allow packets to bypass detection What must be configured on the Cisco FMC to accomplish this task?

  1. A. Fast-Path Rules Bypass
  2. B. Cisco ISE Security Group Tag
  3. C. Inspect Local Traffic Bypass
  4. D. Automatic Application Bypass

Correct Answer: D

QUESTION 17

- (Exam Topic 5)
An engineer must build redundancy into the network and traffic must continuously flow if a redundant switch in front of the firewall goes down. What must be configured to accomplish this task?

  1. A. redundant interfaces on the firewall cluster mode and switches
  2. B. redundant interfaces on the firewall noncluster mode and switches
  3. C. vPC on the switches to the interface mode on the firewall duster
  4. D. vPC on the switches to the span EtherChannel on the firewall cluster

Correct Answer: D
Reference: https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKSEC-2020.pdf

QUESTION 18

- (Exam Topic 1)
What are the minimum requirements to deploy a managed device inline?

  1. A. inline interfaces, security zones, MTU, and mode
  2. B. passive interface, MTU, and mode
  3. C. inline interfaces, MTU, and mode
  4. D. passive interface, security zone, MTU, and mode

Correct Answer: C
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config- guide-v65/ips_device_deployments_and_configuration.html

QUESTION 19

- (Exam Topic 5)
A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address https:///capture/CAPI/pcap/test.pcap. an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?

  1. A. Disable the HTTPS server and use HTTP instead.
  2. B. Enable the HTTPS server for the device platform policy.
  3. C. Disable the proxy setting on the browser.
  4. D. Use the Cisco FTD IP address as the proxy server setting on the browser.

Correct Answer: B

QUESTION 20

- (Exam Topic 5)
Network traffic coining from an organization's CEO must never be denied. Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic?

  1. A. Configure firewall bypass.
  2. B. Change the intrusion policy from security to balance.
  3. C. Configure a trust policy for the CEO.
  4. D. Create a NAT policy just for the CEO.

Correct Answer: C

Page 5 of 52
PDF with 260 Questions

Post your Comments and Discuss Cisco 300-710 exam with other Community members: