Free 300-710 Exam Braindumps

- (Exam Topic 5)
An organization wants to secure traffic from their branch office to the headquarter building using Cisco Firepower devices, They want to ensure that their Cisco Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements?

1. A. Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies
2. B. Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic
3. C. Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic.
4. D. Tune the intrusion policies in order to allow the VPN traffic through without inspection

Correct Answer: C
When you configure the Cisco Firepower devices to bypass the access control policies for VPN traffic, the devices will not inspect the VPN traffic and thus will not waste resources on it. This is the best option to ensure that the VPN traffic is not wasting resources on the Cisco Firepower devices.
Reference:
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/219759-configure-bypass-policies-on-the

- (Exam Topic 5)
A security engineer must configure a Cisco FTD appliance to inspect traffic coming from the internet. The Internet traffic will be mirrored from the Cisco Catalyst 9300 Switch. Which configuration accomplishes the task?

1. A. Set interface configuration mode to none.
2. B. Set the firewall mode to transparent.
3. C. Set the firewall mode to routed.
4. D. Set interface configuration mode to passive.

Correct Answer: D

- (Exam Topic 3)
Which command is run at the CLI when logged in to an FTD unit, to determine whether the unit is managed locally or by a remote FMC server?

1. A. system generate-troubleshoot
2. B. show configuration session
3. C. show managers
4. D. show running-config | include manager

Correct Answer: C
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/c_3.html

- (Exam Topic 2)
A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that will be generated. Which configuration addresses this concern?

1. A. Send Cisco FTD connection events and security events directly to SIEM system for storage and analysis.
2. B. Send Cisco FTD connection events and security events to a cluster of Cisco FMC devices for storage and analysis.
3. C. Send Cisco FTD connection events and security events to Cisco FMC and configure it to forward logs to SIEM for storage and analysis.
4. D. Send Cisco FTD connection events directly to a SIEM system and forward security events from Cisco FMC to the SIEM system for storage and analysis.

Correct Answer: C

- (Exam Topic 5)
A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?

1. A. The destination MAC address is optional if a VLAN ID value is entered
2. B. Only the UDP packet type is supported
3. C. The output format option for the packet logs unavailable
4. D. The VLAN ID and destination MAC address are optional

Correct Answer: A