Practice Free Cisco 300-710 Exam Questions Online, 300-710 Free Demo

Question 1 Selectable Answer

An analyst using the security analyst account permissions is trying to view the Correlations Events Widget but is not able to access it. However, other dashboards are accessible.
Why is this occurring?

A. An API restriction within the Cisco FMC is preventing the widget from displaying.
B. The widget is configured to display only when active events are present.
C. The widget is not configured within the Cisco FM
D. The security analyst role does not have permission to view this widget.

Answer:

Question 2 Selectable Answer

An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall.
How should this be addressed to block the traffic while allowing legitimate user traffic?

A. Modify the Cisco ISE authorization policy to deny this access to the user.
B. Modify Cisco ISE to send only legitimate usernames to the Cisco FT
C. Add the unknown user in the Access Control Policy in Cisco FT
D. Add the unknown user in the Malware & File Policy in Cisco FT

Answer:
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/fptd-fdm-config-guide-640/fptd-fdm-identity.html#concept_655B055575E04CA49B10186DEBDA301A

Question 3 Selectable Answer

An engineer integrates Cisco FMC and Cisco ISE using pxGrid.
Which role is assigned for Cisco FMC?

A. controller
B. publisher
C. client
D. server

Answer:

Question 4 Selectable Answer

An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently.
How must the devices be implemented in this environment?

A. in active/active mode
B. in a cluster span EtherChannel
C. in active/passive mode
D. in cluster interface mode

Answer:

Question 5 Selectable Answer

Which two remediation options are available when Cisco FMC is integrated with Cisco ISE? (Choose two.)

A. dynamic null route configured
B. DHCP pool disablement
C. quarantine
D. port shutdown
E. host shutdown

Answer:
Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/210524-configure-firepower-6-1-pxgrid-remediati.html

Question 6 Selectable Answer

An administrator needs to configure Cisco FMC to send a notification email when a data transfer larger than 10 MB is initiated from an internal host outside of standard business hours.
Which Cisco FMC feature must be configured to accomplish this task?

A. file and malware policy
B. application detector
C. intrusion policy
D. correlation policy

Answer:

Question 7 Selectable Answer

An engineer must configure the firewall to monitor traffic within a single subnet without increasing the hop count of that traffic.
How would the engineer achieve this?

A. Configure Cisco Firepower as a transparent firewall
B. Set up Cisco Firepower as managed by Cisco FDM
C. Configure Cisco Firepower in FXOS monitor only mode.
D. Set up Cisco Firepower in intrusion prevention mode

Answer:

Question 8 Selectable Answer

Within an organization's high availability environment where both firewalls are passing traffic, traffic must be segmented based on which department it is destined for. Each department is situated on a different LAN.
What must be configured to meet these requirements?

A. span EtherChannel clustering
B. redundant interfaces
C. high availability active/standby firewalls
D. multi-instance firewalls

Answer:

Question 9 Selectable Answer

A network administrator is trying to convert from LDAP to LDAPS for VPN user authentication on a Cisco FTD.
Which action must be taken on the Cisco FTD objects to accomplish this task?

A. Add a Key Chain object to acquire the LDAPS certificate.
B. Create a Certificate Enrollment object to get the LDAPS certificate needed.
C. Identify the LDAPS cipher suite and use a Cipher Suite List object to define the Cisco FTD connection requirements.
D. Modify the Policy List object to define the session requirements for LDAP

Answer:

Question 10 Selectable Answer

An organization is implementing Cisco FTD using transparent mode in the network.
Which rule in the default Access Control Policy ensures that this deployment does not create a loop in the network?

A. ARP inspection is enabled by default.
B. Multicast and broadcast packets are denied by default.
C. STP BPDU packets are allowed by default.
D. ARP packets are allowed by default.

Answer:

Question 11 Selectable Answer

What is an advantage of adding multiple inline interface pairs to the same inline interface set when deploying an asynchronous routing configuration?

A. Allows the IPS to identify inbound and outbound traffic as part of the same traffic flow.
B. The interfaces disable autonegotiation and interface speed is hard coded set to 1000 Mbps.
C. Allows traffic inspection to continue without interruption during the Snort process restart.
D. The interfaces are automatically configured as a media-independent interface crossover.

Answer:
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/fpmc-config-guide-v60_chapter_01011010.pdf

Question 12 Selectable Answer

An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware.
Which two configuration takes must be performed to achieve this file lookup? (Choose two.)

A. The Cisco FMC needs to include a SSL decryption policy.
B. The Cisco FMC needs to connect to the Cisco AMP for Endpoints service.
C. The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing.
D. The Cisco FMC needs to connect with the FireAMP Cloud.
E. The Cisco FMC needs to include a file inspection policy for malware lookup.

Answer:

Question 13 Selectable Answer

Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123?

A. configure manager local 10.0.0.10 Cisco123
B. configure manager add Cisco123 10.0.0.10
C. configure manager local Cisco123 10.0.0.10
D. configure manager add 10.0.0.10 Cisco123

Answer:
Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/misc/fmc-ftd-mgmt-nw/fmc-ftd-mgmt-nw.html#id_106101

Question 14 Selectable Answer

An organization is configuring a new Cisco Firepower High Availability deployment.
Which action must be taken to ensure that failover is as seamless as possible to end users?

A. Set up a virtual failover MAC address between chassis.
B. Use a dedicated stateful link between chassis.
C. Load the same software version on both chassis.
D. Set the same FQDN for both chassis.

Answer:

Question 15 Selectable Answer

An engineer is configuring a Cisco IPS to protect the network and wants to test a policy before deploying it. A copy of each incoming packet needs to be monitored while traffic flow remains constant.
Which IPS mode should be implemented to meet these requirements?

A. Inline tap
B. passive
C. transparent
D. routed

Answer:

Test Online Free Cisco 300-710 Exam Questions and Answers