300-710 Exam Dumps - Securing Networks with Cisco Firepower (300-710 SNCF)

Searching for workable clues to ace the Cisco 300-710 Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s 300-710 PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:

<< First
Prev
3
4
5
6
7
8
9
10
11
12
Next
Last >>

Question # 57

A network administrator is reviewing a monthly advanced malware risk report and notices a host that Is listed as CnC Connected. Where must the administrator look within Cisco FMC to further determine if this host is infected with malware?

Analysis > Hosts > indications of Compromise

Analysts > Files > Malware Events

Analysis > Hosts > Host Attributes

Analysis > Flies > Network File Trajectory

Full Access

Answer:

Explanation:

To determine if a host is infected with malware, the network administrator can look at the Indications of Compromise (IOC) feature in Cisco FMC. The IOC feature analyzes network and endpoint data collected by Firepower sensors and AMP for Endpoints connectors, and identifies hosts that exhibit signs of compromise or infection. The IOC feature uses predefined rules based on Cisco Talos intelligence and other sources to detect IOCs on hosts.Â One of these rules is CnC Connected, which indicates that a host has communicated with a command-and-control (CnC) server that is known to be associated with malware activity2.

To view the IOC information for a host, the network administrator can navigate to Analysis > Hosts > Indications of Compromise in Cisco FMC, and select a host from the table. The IOC Details page will show the IOC events for that host, including the CnC Connected event, along with other information such as severity, timestamp, source, destination, protocol, and rule name.Â The network administrator can also view more details about each IOC event by clicking on it2.

The other options are incorrect because:

Analysis > Files > Malware Events shows information about files that have been detected as malware by Firepower sensors or AMP for Endpoints connectors.Â This does not show information about hosts that are infected with malware or have communicated with CnC servers3.

Analysis > Hosts > Host Attributes shows information about hosts that have been discovered by Firepower sensors, such as IP address, MAC address, operating system, applications, users, vulnerabilities, and so on.Â This does not show information about IOCs or CnC connections on hosts4.

Analysis > Files > Network File Trajectory shows information about files that have traversed your network and have been detected by Firepower sensors or AMP for Endpoints connectors. This allows you to track where a file came from, where it went, and what happened to it along the way.Â This does not show information about hosts that are infected with malware or have communicated with CnC servers5.

Question # 58

Which group within Cisco does the Threat Response team use for threat analysis and research?

Cisco Deep Analytics

OpenDNS Group

Cisco Network Response

Cisco Talos

Full Access

Question # 59

An organization is setting up two new Cisco FTD devices to replace their current firewalls and cannot have any network downtime During the setup process, the synchronization between the two devices is failing What action is needed to resolve this issue?

Confirm that both devices have the same port-channel numbering

Confirm that both devices are running the same software version

Confirm that both devices are configured with the same types of interfaces

Confirm that both devices have the same flash memory sizes

Full Access

Question # 60

Refer to the exhibit An engineer is modifying an access control pokey to add a rule to inspect all DNS traffic that passes through the firewall After making the change and deploying thepokey they see that DNS traffic is not bang inspected by the Snort engine What is the problem?

The rule must specify the security zone that originates the traffic

The rule must define the source network for inspection as well as the port

The action of the rule is set to trust instead of allow.

The rule is configured with the wrong setting for the source port

Full Access

Question # 61

An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs. Which two steps must be taken to meet these requirements? (Choose two.)

Modify the system-provided block page result using Python.

Create HTML code with the information for the policies and procedures.

Edit the HTTP request handling in the access control policy to customized block.

Write CSS code with the information for the policies and procedures.

Change the HTTP response in the access control policy to custom.

Full Access

Question # 62

An engineer wants to add an additional Cisco FTD Version 6.2.3 device to their current 6.2.3 deployment to create a high availability pair.

The currently deployed Cisco FTD device is using local management and identical hardware including the available port density to enable the failover and stateful links required in a proper high availability deployment. Which action ensures that the environment is ready to pair the new Cisco FTD with the old one?

Change from Cisco FDM management to Cisco FMC management on both devices and register them to FMC.

Ensure that the two devices are assigned IP addresses from the 169 254.0.0/16 range for failoverinterfaces.

Factory reset the current Cisco FTD so that it can synchronize configurations with the new Cisco FTDdevice.

Ensure that the configured DNS servers match on the two devices for name resolution.

Full Access

Question # 63

Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.

Full Access

Question # 64

An engineer is deploying a Cisco Secure Firewall Management Center appliance. The company must send data to Cisco Secure Network Analytics appliances. Which two actions must the engineer take? (Choose two.)

Configure Security Intelligence object to send data to Cisco Secure Network Analytics.

Add the Netflow_Send_Destination object to the configuration.

Add the Netflow_Add_Destination object to the configuration.

Add the Netflow_Set_Parameters object to the configuration.

Create a service identifier to enable the NetFlow service.

Full Access

Go to page: