Practice Exams:

Free 300-710 Exam Braindumps

Pass your Securing Networks with Cisco Firepower (SNCF) exam with these free Questions and Answers

Page 7 of 52
PDF with 260 Questions
QUESTION 26

- (Exam Topic 5)
An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware. Which two configuration takes must be performed to achieve this file lookup? (Choose two.)

  1. A. The Cisco FMC needs to include a SSL decryption policy.
  2. B. The Cisco FMC needs to connect to the Cisco AMP for Endpoints service.
  3. C. The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing.
  4. D. The Cisco FMC needs to connect with the FireAMP Cloud.
  5. E. The Cisco FMC needs to include a file inspection policy for malware lookup.

Correct Answer: DE

QUESTION 27

- (Exam Topic 5)
A network administrator is configuring a site-to-site IPsec VPN to a router sitting behind a Cisco FTD. The administrator has configured an access policy to allow traffic to this device on UDP 500, 4500, and ESP VPN traffic is not working. Which action resolves this issue?

  1. A. Set the allow action in the access policy to trust.
  2. B. Enable IPsec inspection on the access policy.
  3. C. Modify the NAT policy to use the interface PAT.
  4. D. Change the access policy to allow all ports.

Correct Answer: B

QUESTION 28

- (Exam Topic 5)
An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behaviour. How is this accomplished?

  1. A. Modify the access control policy to redirect interesting traffic to the engine
  2. B. Modify the network discovery policy to detect new hosts to inspect
  3. C. Modify the network analysis policy to process the packets for inspection
  4. D. Modify the intrusion policy to determine the minimum severity of an event to inspect.

Correct Answer: D

QUESTION 29

- (Exam Topic 5)
There is an increased amount of traffic on the network and for compliance reasons, management needs visibility into the encrypted traffic What is a result of enabling TLS'SSL decryption to allow this visibility?

  1. A. It prompts the need for a corporate managed certificate
  2. B. It has minimal performance impact
  3. C. It is not subject to any Privacy regulations
  4. D. It will fail if certificate pinning is not enforced

Correct Answer: A

QUESTION 30

- (Exam Topic 5)
With Cisco FTD integrated routing and bridging, which interface does the bridge group use to communicate with a routed interface?

  1. A. switch virtual
  2. B. bridge group member
  3. C. bridge virtual
  4. D. subinterface

Correct Answer: C
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/trans

Page 7 of 52
PDF with 260 Questions

Post your Comments and Discuss Cisco 300-710 exam with other Community members: