没有合适的资源?快使用搜索试试~ 我知道了~
SNCF.300-710.GonFreecs.218Q.pdf
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 50 浏览量
2023-05-08
15:53:57
上传
评论
收藏 712KB PDF 举报
温馨提示
试读
72页
SNCF.300-710.GonFreecs学习文档
资源推荐
资源详情
资源评论
Securing Networks with Cisco Firepower (SNCF)
Number: 300-710
Passing Score: 825
Time Limit: 90 min
File Version: 1.0
Thanks to the community
Seen in Exam
QUESTION 1
What is the role of the casebook feature in Cisco Threat Response?
A. sharing threat analysts
B. pulling data via the browser extension
C. triage automaton with alerting
D. alert prioritization
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
An administrator is adding a new URL-based category feed to the Cisco FMC for use within the policies. The
intelligence source does not use STIX. but instead uses a .txt file format. Which action ensures that regular
updates are provided?
A. Add a URL source and select the flat file type within Cisco FMC.
B. Upload the .txt file and configure automatic updates using the embedded URL.
C. Add a TAXII feed source and input the URL for the feed.
D. Convert the .txt file to STIX and upload it to the Cisco FMC.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 3
An engineer installs a Cisco FTD device and wants to inspect traffic within the same subnet passing through a
firewall and inspect traffic destined to the Internet. Which configuration will meet this requirement?
A. transparent firewall mode with IRB only
B. routed firewall mode with BVI and routed interfaces
C. transparent firewall mode with multiple BVIs
D. routed firewall mode with routed interfaces only
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config- guide-v64/
transparent_or_routed_firewall_mode_for_firepower_threat_defense.html
QUESTION 4
A network administrator configured a NAT policy that translates a public IP address to an internal web server IP
address. An access policy has also been created that allows any source to reach the public IP address on port
80. The web server is still not reachable from the Internet on port 80. Which configuration change is needed?
A.
The intrusion policy must be disabled for port 80.
B. The access policy rule must be configured for the action trust.
C. The NAT policy must be modified to translate the source IP address as well as destination IP address.
D. The access policy must allow traffic to the internal web server IP address.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 5
A network administrator is migrating from a Cisco ASA to a Cisco FTD. EIGRP is configured on the Cisco ASA
but it is not available in the Cisco FMC. Which action must the administrator take to enable this feature on the
Cisco FTD?
A. Configure EIGRP parameters using FlexConfig objects.
B.
Add the command feature-eigrp via the FTD CLI.
C. Create a custom variable set and enable the feature in the variable set.
D. Enable advanced configuration options in the FMC.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
https://community.cisco.com/t5/network-security/adding-eigrp-to-ftd-using-fmc/td-p/4284529
QUESTION 6
A security engineer found a suspicious file from an employee email address and is trying to upload it for
analysis, however the upload is failing. The last registration status is still active. What is the cause for this
issue?
A. Cisco AMP for Networks is unable to contact Cisco Threat Grid on premise.
B. Cisco AMP for Networks is unable to contact Cisco Threat Grid Cloud.
C. There is a host limit set.
D. The user agent status is set to monitor.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
An administrator is attempting to add a new FTD device to their FMC behind a NAT device with a NAT ID of
NAT001 and a password of Cisco0420l06525. The private IP address of the FMC server is 192.168.45.45.
which is being translated to the public IP address of
209.165.200.225/27. Which command set must be used in order to accomplish this task?
A.
configure manager add 209.165.200.225 <reg_key> <nat_id>
B.
configure manager add 192.168.45.45 <reg_key> <nat_id>
C.
. configure manager add 209.165.200.225 255.255.255.224 <reg_key> <nat_id>
D.
configure manager add 209.165.200.225/27 <reg_key> <nat_id>
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
A security analyst must create a new report within Cisco FMC to show an overview of the daily attacks,
vulnerabilities, and connections. The analyst wants to reuse specific dashboards from other reports to
create this consolidated one. Which action accompl ishes this task?
A. Create a dashboard object via Object Management to represent the desired views.
B. Modify the Custom Workflows within the Cisco FMC to feed the desired data into the report.
C. Copy the Malware Report and modify the sections to pull components from other reports.
D. Use the import feature in the newly created report to select which dashboards to add.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
A network engineer must provide redundancy between two Cisco FTD devices. The redundancy configuration
must include automatic configuration, translation, and connection updates. After the initial configuration of the
two appliances, which two steps must be taken to proceed with the redundancy configuration? (Choose
two.)
A. Configure the virtual MAC address on the failover link.
B. Disable hellos on the inside interface.
C. Configure the standby IP addresses.
D. Ensure the high availability license is enabled.
E. Configure the failover link with stateful properties.
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
An engineer attempts to pull the configuration for a Cisco FTD sensor to review with Cisco TAC but does not
have direct access to the CLI for the device. The CLl for the device is managed by Cisco FMC to which the
engineer has access. Which action in Cisco FMC grants access to the CLl for the device?
A. Export the configuration using the Import/Export tool within Cisco FMC.
B. Create a backup of the configuration within the Cisco FMC.
C.
Use the show run all command in the Cisco FTD CLI feature within Cisco FMC.
D. Download the configuration file within the File Download section of Cisco FMC.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW
through the Cisco FMC GUI?
A. a default DMZ policy for which only a user can change the IP addresses.
B. deny ip any
C. no policy rule is included
D. permit ip any
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12
Which limitation applies to Cisco FMC dashboards in a multidomain environment?
A. Child domains can view but not edit dashboards that originate from an ancestor domain.
B. Child domains have access to only a limited set of widgets from ancestor domains.
C. Only the administrator of the top ancestor domain can view dashboards.
D. Child domains cannot view dashboards that originate from an ancestor domain.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config- guide-v60/
Using_Dashboards.html
QUESTION 13
Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10,
and that has the registration key Cisco123?
A. configure manager local 10.0.0.10 Cisco123
B. configure manager add Cisco123 10.0.0.10
C. configure manager local Cisco123 10.0.0.10
D. configure manager add 10.0.0.10 Cisco123
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/misc/fmc-ftd-mgmt-nw/fmc-ftd-mgmt-
nw.html#id_106101
剩余71页未读,继续阅读
资源评论
资料库01
- 粉丝: 305
- 资源: 2367
下载权益
C知道特权
VIP文章
课程特权
开通VIP
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功