Practice Free 300-710 Exam Online Questions
A network administrator must create an EtherChannel Interface on a new Cisco Firepower 9300 appliance registered with an FMC tor high availability.
Where must the administrator create the EtherChannel interface?
- A . FMC CLI
- B . FTD CLI
- C . FXOS CLI
- D . FMC GUI
C
Explanation:
An EtherChannel interface is a logical interface that consists of a bundle of individual Ethernet links that act as a single network link. An EtherChannel interface can increase the bandwidth and reliability of a network connection5.
On a Cisco Firepower 9300 appliance registered with an FMC for high availability, the network administrator must create the EtherChannel interface on the FXOS CLI. The FXOS is the operating system that runs on the Firepower 9300 chassis and provides hardware management functions such as interface configuration, power supply status, fan speed control, and so on6.
To create an EtherChannel interface on the FXOS CLI, the network administrator can follow these steps5:
Connect to the FXOS CLI using SSH or console.
Enter scope eth-uplink command to enter Ethernet uplink mode.
Enter create port-channel command to create an EtherChannel interface.
Enter a port-channel ID (1-48) and a mode (on or active) for the EtherChannel interface.
Enter add interface command to add physical interfaces to the EtherChannel interface.
Enter one or more interface IDs (for example, 1/1) for the physical interfaces.
Enter commit-buffer command to save the changes.
The other options are incorrect because:
The FMC CLI does not provide any commands to create an EtherChannel interface on a Firepower 9300 appliance. The FMC CLI is mainly used for managing FMC settings such as backup, restore, upgrade, troubleshoot, and so on7.
The FTD CLI does not provide any commands to create an EtherChannel interface on a Firepower 9300 appliance. The FTD CLI is mainly used for managing FTD settings such as routing, NAT, VPN, access control, and so on8.
The FMC GUI does not provide any options to create an EtherChannel interface on a Firepower 9300 appliance. The FMC GUI is mainly used for managing FTD policies such as access control, intrusion, file, malware, and so on9.
An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects.
What is the reason for this failure?
- A . The interfaces are being used for NAT for multiple networks.
- B . The administrator is adding interfaces of multiple types.
- C . The administrator is adding an interface that is in multiple zones.
- D . The interfaces belong to multiple interface groups.
D
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/reusable_objects.html#ID-2243-000009b4
"All interfaces in an interface object must be of the same type: all inline, passive, switched, routed, or ASA FirePOWER. After you create an interface object, you cannot change the type of interfaces it contains."
A network administrator notices that SI events are not being updated The Cisco FTD device is unable to load all of the SI event entries and traffic is not being blocked as expected.
What must be done to correct this issue?
- A . Restart the affected devices in order to reset the configurations
- B . Manually update the SI event entries to that the appropriate traffic is blocked
- C . Replace the affected devices with devices that provide more memory
- D . Redeploy configurations to affected devices so that additional memory is allocated to the SI module
What is the RTC workflow when the infected endpoint is identified?
- A . Cisco ISE instructs Cisco AMP to contain the infected endpoint.
- B . Cisco ISE instructs Cisco FMC to contain the infected endpoint.
- C . Cisco AMP instructs Cisco FMC to contain the infected endpoint.
- D . Cisco FMC instructs Cisco ISE to contain the infected endpoint.
A security engineer must create a malware and file policy on a Cisco Secure Firewall Threat Defense device. The solution must ensure that PDF. DOCX, and XLSX files are not sent to Cisco Secure Malware analytics.
What must do configured to meet the requirements”
- A . capacity handling
- B . Spero analysis
- C . dynamic analysis
- D . local malware analysis
D
Explanation:
To create a malware and file policy on a Cisco Secure Firewall Threat Defense (FTD) device that ensures PDF, DOCX, and XLSX files are not sent to Cisco Secure Malware Analytics, the security engineer must configure local malware analysis. Local malware analysis allows the FTD to inspect and analyze files locally without sending them to the cloud-based Cisco Secure Malware Analytics.
Steps to configure local malware analysis:
In FMC, navigate to Policies > Access Control > Malware & File Policies.
Create a new malware and file policy or edit an existing one.
Define rules to inspect specific file types, ensuring that PDF, DOCX, and XLSX files are handled locally. Set the action for these file types to "Local Analysis." Apply the policy to the relevant access control policy.
This configuration ensures that the specified file types are analyzed locally, meeting the requirement to avoid sending them to Cisco Secure Malware Analytics.
Reference: Cisco Secure Firewall Management Center Configuration Guide, Chapter on Malware and File Policies
Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)
- A . BGPv6
- B . ECMP with up to three equal cost paths across multiple interfaces
- C . ECMP with up to three equal cost paths across a single interface
- D . BGPv4 in transparent firewall mode
- E . BGPv4 with nonstop forwarding
AC
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/fpmc-config-guide-v60_chapter_01100011.html#ID-2101-0000000e
Which command is run at the CLI when logged in to an FTD unit, to determine whether the unit is managed locally or by a remote FMC server?
- A . system generate-troubleshoot
- B . show configuration session
- C . show managers
- D . show running-config | include manager
C
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/c_3.html
An engineer wants to change an existing transparent Cisco FTD to routed mode.
The device controls traffic between two network segments.
Which action is mandatory to allow hosts to reestablish communication between these two segments after the change?
- A . remove the existing dynamic routing protocol settings.
- B . configure multiple BVIs to route between segments.
- C . assign unique VLAN IDs to each firewall interface.
- D . implement non-overlapping IP subnets on each segment.
Which two packet captures does the FTD LINA engine support? (Choose two.)
- A . Layer 7 network ID
- B . source IP
- C . application ID
- D . dynamic firewall importing
- E . protocol
BE
Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html
An engineer must configure a Cisco FMC dashboard in a child domain.
Which action must be taken so that the dashboard is visible to the parent domain?
- A . Add a separate tab.
- B . Adjust policy inheritance settings.
- C . Add a separate widget.
- D . Create a copy of the dashboard.