cisco 300-710 practice test

Securing Networks with Cisco Firepower (SNCF)

Last exam update: Jul 20 ,2024
Page 1 out of 11. Viewing questions 1-15 out of 156

Question 1 Topic 1

Topic 1
What is a result of enabling Cisco FTD clustering?

  • A. For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.
  • B. Integrated Routing and Bridging is supported on the master unit.
  • C. Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.
  • D. All Firepower appliances support Cisco FTD clustering.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-
v64/clustering_for_the_firepower_threat_defense.html

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2 Topic 1

Topic 1
Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

  • A. The units must be the same version
  • B. Both devices can be part of a different group that must be in the same domain when configured within the FMC.
  • C. The units must be different models if they are part of the same series.
  • D. The units must be configured only for firewall routed mode.
  • E. The units must be the same model.
Answer:

A E

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-
availability-on-firep.html

Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 3 Topic 1

Topic 1
On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?

  • A. transparent inline mode
  • B. TAP mode
  • C. strict TCP enforcement
  • D. propagate link state
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-
v64/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4 Topic 1

Topic 1
What are the minimum requirements to deploy a managed device inline?

  • A. inline interfaces, security zones, MTU, and mode
  • B. passive interface, MTU, and mode
  • C. inline interfaces, MTU, and mode
  • D. passive interface, security zone, MTU, and mode
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-
v65/ips_device_deployments_and_configuration.html

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5 Topic 1

Topic 1
What is the difference between inline and inline tap on Cisco Firepower?

  • A. Inline tap mode can send a copy of the traffic to another device.
  • B. Inline tap mode does full packet capture.
  • C. Inline mode cannot do SSL decryption.
  • D. Inline mode can drop malicious traffic.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6 Topic 1

Topic 1
With Cisco FTD software, which interface mode must be configured to passively receive traffic that passes through the
appliance?

  • A. inline set
  • B. passive
  • C. routed
  • D. inline tap
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-
v64/interface_overview_for_firepower_threat_defense.html

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7 Topic 1

Topic 1
Which two deployment types support high availability? (Choose two.)

  • A. transparent
  • B. routed
  • C. clustered
  • D. intra-chassis multi-instance
  • E. virtual appliance in public cloud
Answer:

A B

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-
v61/firepower_threat_defense_high_availability.html

Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 8 Topic 1

Topic 1
Which protocol establishes network redundancy in a switched Firepower device deployment?

  • A. STP
  • B. HSRP
  • C. GLBP
  • D. VRRP
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-
v62/firepower_threat_defense_high_availability.html

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9 Topic 1

Topic 1
Which interface type allows packets to be dropped?

  • A. passive
  • B. inline
  • C. ERSPAN
  • D. TAP
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuring-firepower-threat-
defense-int.html

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10 Topic 1

Topic 1
Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface?
(Choose two.)

  • A. Redundant Interface
  • B. EtherChannel
  • C. Speed
  • D. Media Type
  • E. Duplex
Answer:

C E

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/fdm/fptd-fdm-config-guide-610/fptd-fdm-
interfaces.html

Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 11 Topic 1

Topic 1
Which two dynamic routing protocols are supported in Cisco FTD without using FlexConfig? (Choose two.)

  • A. EIGRP
  • B. OSPF
  • C. static routing
  • D. IS-IS
  • E. BGP
Answer:

C E

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-
routing.html

Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 12 Topic 1

Topic 1
Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the
Cisco FMC GUI?

  • A. a default DMZ policy for which only a user can change the IP addresses.
  • B. deny ip any
  • C. no policy rule is included
  • D. permit ip any
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13 Topic 1

Topic 1
What are two application layer preprocessors? (Choose two.)

  • A. CIFS
  • B. IMAP
  • C. SSL
  • D. DNP3
  • E. ICMP
Answer:

B C

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-
v60/Application_Layer_Preprocessors.html

Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 14 Topic 1

Topic 1
An engineer is implementing Cisco FTD in the network and is determining which Firepower mode to use. The organization
needs to have multiple virtual Firepower devices working separately inside of the FTD appliance to provide traffic
segmentation. Which deployment mode should be configured in the Cisco Firepower Management Console to support these
requirements?

  • A. multi-instance
  • B. multiple deployment
  • C. single deployment
  • D. single-context
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15 Topic 1

Topic 1
A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP
subnet. How is this accomplished on an FTD device in routed mode?

  • A. by assigning an inline set interface
  • B. by using a BVI and creating a BVI IP address in the same subnet as the user segment
  • C. by leveraging the ARP to direct traffic through the firewall
  • D. by bypassing protocol inspection by leveraging pre-filter rules
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2