Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

  1. Home
  2. Cisco
  3. CCNP Security
  4. 300-710 - Securing Networks with Cisco Firepower (300-710 SNCF)

300-710 Exam Dumps - Securing Networks with Cisco Firepower (300-710 SNCF)

Go to page:
Question # 41

An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?

A.

Modify the Cisco ISE authorization policy to deny this access to the user.

B.

Modify Cisco ISE to send only legitimate usernames to the Cisco FTD.

C.

Add the unknown user in the Access Control Policy in Cisco FTD.

D.

Add the unknown user in the Malware & File Policy in Cisco FTD.

Full Access
Question # 42

What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?

A.

The rate-limiting rule is disabled.

B.

Matching traffic is not rate limited.

C.

The system rate-limits all traffic.

D.

The system repeatedly generates warnings.

Full Access
Question # 43

Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123?

A.

configure manager local 10.0.0.10 Cisco123

B.

configure manager add Cisco123 10.0.0.10

C.

configure manager local Cisco123 10.0.0.10

D.

configure manager add 10.0.0.10 Cisco123

Full Access
Question # 44

Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

A.

The BVI IP address must be in a separate subnet from the connected network.

B.

Bridge groups are supported in both transparent and routed firewall modes.

C.

Bridge groups are supported only in transparent firewall mode.

D.

Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

E.

Each directly connected network must be on the same subnet.

Full Access
Question # 45

In which two places can thresholding settings be configured? (Choose two.)

A.

on each IPS rule

B.

globally, within the network analysis policy

C.

globally, per intrusion policy

D.

on each access control rule

E.

per preprocessor, within the network analysis policy

Full Access
Question # 46

A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it What is the reason for this issue?

A.

A manual NAT exemption rule does not exist at the top of the NAT table.

B.

An external NAT IP address is not configured.

C.

An external NAT IP address is configured to match the wrong interface.

D.

An object NAT exemption rule does not exist at the top of the NAT table.

Full Access
Question # 47

A network administrator reviews the file report for the last month and notices that all file types, except exe. show a disposition of unknown. What is the cause of this issue?

A.

The malware license has not been applied to the Cisco FTD.

B.

The Cisco FMC cannot reach the Internet to analyze files.

C.

A file policy has not been applied to the access policy.

D.

Only Spero file analysis is enabled.

Full Access
Question # 48

Which two actions can be used in an access control policy rule? (Choose two.)

A.

Block with Reset

B.

Monitor

C.

Analyze

D.

Discover

E.

Block ALL

Full Access
Go to page:

Hot Exams

ADM-201 Dumps
Platform-App-Builder Dumps
AZ-500 Dumps
350-701 Dumps
SY0-601 Dumps
NCSE-Core Dumps
PDP9 Dumps
DP-203 Dumps
AZ-700 Dumps
NSE7_EFW-7.0 Dumps
Integration-Architect Dumps
CS0-003 Dumps