Practice Free 300-710 Exam Online Questions
What is the role of the casebook feature in Cisco Threat Response?
- A . sharing threat analysts
- B . pulling data via the browser extension
- C . triage automaton with alerting
- D . alert prioritization
A
Explanation:
The casebook and pivot menu are widgets available in Cisco Threat Response. Casebook – It is used to record, organize, and share sets of observables of interest primarily during an investigation and threat analysis. You can use a casebook to get the current verdicts or dispositions on the observables. https://www.cisco.com/c/en/us/td/docs/security/ces/user_guide/esa_user_guide_13-5-1/b_ESA_Admin_Guide_ces_13-5-1/b_ESA_Admin_Guide_13-0_chapter_0110001.pdf
An analyst using the security analyst account permissions is trying to view the Correlations Events Widget but is not able to access it. However, other dashboards are accessible.
Why is this occurring?
- A . An API restriction within the Cisco FMC is preventing the widget from displaying.
- B . The widget is configured to display only when active events are present.
- C . The widget is not configured within the Cisco FMC.
- D . The security analyst role does not have permission to view this widget.
A network administrator reviews me attack risk report and notices several Low-Impact attacks.
What does this type of attack indicate?
- A . All attacks are listed as low until manually categorized.
- B . The host is not vulnerable to those attacks.
- C . The attacks are not dangerous to the network.
- D . The host is not within the administrator’s environment.
B
Explanation:
A low-impact attack indicates that the host is not vulnerable to those attacks. A low-impact attack is an attack that does not exploit any known vulnerability on the target host or does not match any signature or anomaly rule on the FTD device5. A low-impact attack does not mean that the attack is not dangerous to the network or that the host is not within the administrator’s environment. It simply means that the attack did not succeed in compromising or affecting the host.
The other options are incorrect because:
All attacks are not listed as low until manually categorized. The FTD device automatically assigns an impact level to each attack based on various factors, such as vulnerability information, threat score, and confidence rating5. The impact level can be high, medium, or low, depending on how likely and how severe the attack is.
The attacks are not necessarily harmless to the network. A low-impact attack may still cause some damage or disruption to the network, such as consuming bandwidth, generating noise, or distracting attention from other attacks6. A low-impact attack may also indicate that the attacker is probing or scanning the network for potential vulnerabilities or weaknesses7.
The host is not necessarily outside the administrator’s environment. A low-impact attack can target any host on the network, regardless of its location or ownership. A low-impact attack does not imply that the host is external or irrelevant to the administrator’s environment.
A security engineer is adding three Cisco FTD devices to a Cisco FMC. Two of the devices have successfully registered to the Cisco FMC. The device that is unable to register is located behind a router that translates all outbound traffic to the router’s WAN IP address.
Which two steps are required for this device to register to the Cisco FMC? (Choose two.)
- A . Reconfigure the Cisco FMC lo use the device’s private IP address instead of the WAN address.
- B . Configure a NAT ID on both the Cisco FMC and the device.
- C . Add the port number being used for PAT on the router to the device’s IP address in the Cisco FMC.
- D . Reconfigure the Cisco FMC to use the device’s hostname instead of IP address.
- E . Remove the IP address defined for the device in the Cisco FMC.
A security engineer manages a firewall console and an endpoint console and finds it challenging and the consuming to review events and modify blocking of specific files in both consoles.
Which action must the engineer take to streamline this process?
- A . From the Secure FMC. create a Cisco Secure Endpoint object and reference the object in the Cisco Secure Endpoint console.
- B . From the Cisco Secure Endpoint console, Croats and copy an API key and paste into the Cisco Secure AMP tab
- C . initiate the integration between Secure FMC and Cisco Secure Endpoint from the Secure FMC using the AMP tab
- D . Within the Cisco Secure Endpoint console, copy the connector GUID and paste into the Cisco Secure Firewall Management Center (FMC) AMP tab.
C
Explanation:
To streamline the process of reviewing events and modifying blocking of specific files across both the
firewall console and the endpoint console, the security engineer should initiate the integration
between Secure FMC and Cisco Secure Endpoint (formerly AMP for Endpoints) from the Secure FMC
using the AMP tab.
Steps:
In the FMC, navigate to Devices > Device Management.
Select the device and go to the AMP tab.
Initiate the integration by configuring the necessary API credentials and linking the FMC to the Cisco Secure Endpoint console.
This integration allows the security engineer to view endpoint events and apply blocking actions directly from the FMC, consolidating the management tasks.
This approach simplifies the workflow by providing a single interface to manage both network and endpoint security, reducing the time and effort required to maintain security across the organization.
Reference: Cisco Secure Firewall Management Center and Cisco Secure Endpoint Integration Guide.
Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)
- A . EIGRP
- B . OSPF
- C . static routing
- D . IS-IS
- E . BGP
BE
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-routing.html
A company is deploying intrusion protection on multiple Cisco FTD appliances managed by Cisco FMC.
Which system-provided policy must be selected if speed and detection are priorities?
- A . Connectivity Over Security
- B . Security Over Connectivity
- C . Maximum Detection
- D . Balanced Security and Connectivity
An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behaviour.
How is this accomplished?
- A . Modify the access control policy to redirect interesting traffic to the engine
- B . Modify the network discovery policy to detect new hosts to inspect
- C . Modify the network analysis policy to process the packets for inspection
- D . Modify the intrusion policy to determine the minimum severity of an event to inspect.
An engineer must create an access control policy on a Cisco Secure Firewall Threat Defense device.
The company has a contact center that utilizes VoIP heavily, and it is critical that this traffic is not ….
by performance issues after deploying the access control policy.
Which access control Action rule must be configured to handle the VoIP traffic?
- A . monitor
- B . trust
- C . block
- D . allow
B
Explanation:
To ensure that VoIP traffic in a contact center is not impacted by performance issues after deploying an access control policy on a Cisco Secure Firewall Threat Defense (FTD) device, the engineer should configure the access control rule with the "trust" action. The "trust" action allows traffic to bypass inspection and policy enforcement, ensuring that critical VoIP traffic is not delayed or degraded.
Steps:
In FMC, navigate to Policies > Access Control > Access Control Policy.
Create a new rule or edit an existing rule.
Set the source and destination for the VoIP traffic.
Set the action to "trust" to ensure the VoIP traffic is not inspected.
By configuring the rule with the "trust" action, the VoIP traffic will be prioritized, maintaining the quality and performance required for the contact center operations.
Reference: Cisco Secure Firewall Management Center Configuration Guide, Chapter on Access Control Policies and Traffic Management.
In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.)
- A . Traffic inspection can be interrupted temporarily when configuration changes are deployed.
- B . The system performs intrusion inspection followed by file inspection.
- C . They can block traffic based on Security Intelligence data.
- D . File policies use an associated variable set to perform intrusion prevention.
- E . The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters.
AC
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Access_Control_Using_Intrusion_and_File_Policies.html