Practice Free 300-710 Exam Online Questions
A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisco FMC generated an alert for the malware event, however the user still remained connected.
Which Cisco APM file rule action within the Cisco FMC must be set to resolve this issue?
- A . Detect Files
- B . Malware Cloud Lookup
- C . Local Malware Analysis
- D . Reset Connection
An engineer attempts to pull the configuration for a Cisco FTD sensor to review with Cisco TAC but does not have direct access to the CU for the device. The CLl for the device is managed by Cisco FMC to which the engineer has access.
Which action in Cisco FMC grants access to the CLl for the device?
- A . Export the configuration using the Import/Export tool within Cisco FMC.
- B . Create a backup of the configuration within the Cisco FMC.
- C . Use the show run all command in the Cisco FTD CLI feature within Cisco FMC.
- D . Download the configuration file within the File Download section of Cisco FMC.
A user within an organization opened a malicious file on a workstation which in turn caused a ransomware attack on the network.
What should be configured within the Cisco FMC to ensure the file is tested for viruses on a sandbox system?
- A . Capacity handling
- B . Local malware analysis
- C . Spere analysis
- D . Dynamic analysis
An engineer must configure the firewall to monitor traffic within a single subnet without increasing the hop count of that traffic.
How would the engineer achieve this?
- A . Configure Cisco Firepower as a transparent firewall
- B . Set up Cisco Firepower as managed by Cisco FDM
- C . Configure Cisco Firepower in FXOS monitor only mode.
- D . Set up Cisco Firepower in intrusion prevention mode
Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high-availability?
- A . configure high-availability resume
- B . configure high-availability disable
- C . system support network-options
- D . configure high-availability suspend
B
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_threat_defense_high_availability.html
An organization wants to secure traffic from their branch office to the headquarter building using Cisco Firepower devices, they want to ensure that their Cisco Firepower devices are not wasting resources on inspecting the VPN traffic.
What must be done to meet these requirements?
- A . Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies
- B . Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic
- C . Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic.
- D . Tune the intrusion policies in order to allow the VPN traffic through without inspection
C
Explanation:
When you configure the Cisco Firepower devices to bypass the access control policies for VPN traffic, the devices will not inspect the VPN traffic and thus will not waste resources on it. This is the best option to ensure that the VPN traffic is not wasting resources on the Cisco Firepower devices.
Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/219759-configure-bypass-policies-on-the-cisco-firepow.html
An engineer is reviewing a ticket that requests to allow traffic for some devices that must connect to a server over 8699/udp. The request mentions only one IP address, 172.16.18.15, but the requestor asked for the engineer to open the port for all machines that have been trying to connect to it over the last week.
Which action must the engineer take to troubleshoot this issue?
- A . Use the context explorer to see the application blocks by protocol.
- B . Use the context explorer to see the destination port blocks
- C . Filter the connection events by the source port 8699/udp.
- D . Filter the connection events by the destination port 8699/udp.
Which process should be checked when troubleshooting registration issues between Cisco FMC and managed devices to verify that secure communication is occurring?
- A . fpcollect
- B . dhclient
- C . sfmgr
- D . sftunnel
A network engineer wants to add a third-party threat feed into the Cisco FMC for enhanced threat detection.
Which action should be taken to accomplish this goal?
- A . Enable Threat Intelligence Director using STIX and TAXII
- B . Enable Rapid Threat Containment using REST APIs
- C . Enable Threat Intelligence Director using REST APIs
- D . Enable Rapid Threat Containment using STIX and TAXII
Users report that Cisco Duo 2FA fails when they attempt to connect to the VPN on a Cisco Secure Firewall Threat Defense (FTD) device IT staff have VPN profiles that do not require multifactor authentication and they can connect to the VPN without any issues When viewing the VPN troubleshooting log in Cisco Secure Firewall Management Centre (FMC), the network administrator sees an error in the Cisco Duo AAA server has been marked as tailed.
What is the root cause of the Issue?
- A . Multifactor authentication Is not supported on Secure FMC managed devices.
- B . Duo trust certificates are missing from the Secure FTD device.
- C . The internal AD server is unreachable from the Secure FTD device.
- D . AD Trust certificates are missing from the Secure FTD device.
B
Explanation:
If users report that Cisco Duo 2FA fails when attempting to connect to the VPN on a Cisco Secure Firewall Threat Defense (FTD) device, and the VPN troubleshooting log in FMC shows an error indicating that the Cisco Duo AAA server has been marked as failed, the root cause is likely missing Duo trust certificates on the FTD device. Trust certificates are essential for establishing a secure and trusted connection between the FTD and the Duo authentication service. Steps:
Obtain the necessary Duo trust certificates.
Install the certificates on the FTD device.
Verify the configuration to ensure that the FTD device can properly communicate with the Duo AAA server.
This resolves the authentication failure by ensuring that the FTD device can trust the Duo server.
Reference: Cisco Secure Firewall Management Center Administrator Guide, Chapter on Certificate Management.