300-710試験無料問題集「Cisco Securing Networks with Cisco Firepower 認定」

ページ: 1 / 18
トータル 324 問

サインアップ、ログインされた後に、試験全体を無料で表示できるようになります。

出題：1

An engineer wants to connect a single IP subnet through a Cisco FTD firewall and enforce policy. There is a requirement to present the internal IP subnet to the outside as a different IP address. What must be configured to meet these requirements?

A. Configure the downstream router to perform NAT.

B. Configure the Cisco FTD firewall in transparent mode with NAT enabled.

C. Configure the upstream router to perform NAT.

D. Configure the Cisco FTD firewall in routed mode with NAT enabled.

正解：D 解答を投票する

出題：2

An administrator receives reports that users cannot access a cloud-hosted web server. The access control policy was recently updated with several new policy additions and URL filtering. What must be done to troubleshoot the issue and restore access without sacrificing the organization's security posture?

A. Download a PCAP of the traffic attempts to verify the blocks and use the flexconfig objects to create a rule that allows only the required traffic to the destination server.

B. Create a new access control policy rule to allow ports 80 and 443 to the FQDN of the web server.

C. Verify the blocks using the packet capture tool and create a rule with the action monitor for the traffic.

D. Identify the blocked traffic in the Cisco FMC connection events to validate the block, and modify the policy to allow the traffic to the web server.

正解：D 解答を投票する

出題：3

An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?

A. Modify the Cisco ISE authorization policy to deny this access to the user.

B. Add the unknown user in the Access Control Policy in Cisco FTD.

C. Add the unknown user in the Malware & File Policy in Cisco FTD.

D. Modify Cisco ISE to send only legitimate usernames to the Cisco FTD.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Refer to the exhibit.

An engineer generates troubleshooting files in Cisco Secure Firewall Management Center (FMC). A successfully completed task Is removed before the files are downloaded. Which two actions must be taken to determine the filename and obtain the generated troubleshooting files without regenerating them? (Choose two.)

A. Go to expert mode on Secure FMC. list the contents of/Var/common, and determine the correct filename from the output

B. Go to the same screen as shown in the exhibit, click Advanced Troubleshooting, enter the rile name, and then start the download

C. Click System Monitoring, men Audit to determine the correct filename from the line containing the Generate Troubleshooting Files string.

D. Connect to CU on the FTD67 and FTD66 devices and copy the tiles from flash to the PIP server.

E. Use an FTP client Hi expert mode on Secure FMC lo upload the files to the FTP server.

正解：A,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Refer to the exhibit.

An organization has an access control rule with the intention of sending all social media traffic for inspection After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed What must be done to address this issue?

A. Add the social network URLs to the block list

B. Modify the selected application within the rule

C. Modify the rule action from trust to allow

D. Change the intrusion policy to connectivity over security.

正解：B 解答を投票する

出題：6

An engineer must replace a Cisco Secure Firewall high-availability device due to a failure. When the replacement device arrives, the engineer must separate the high-availability pair from Cisco Secure Firewall Management Center Which action must the engineer take first to restore high availability?

A. Configure NTP time synchronization.

B. Register the secondary device

C. Unregister the secondary device.

D. Force a break between the devices.

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

A network engineer must configure IPS mode on a Cisco Secure firewall Threat Defense device to inspect traffic and act as an IDS. The engineer already configured the passive-interface on the secure firewall threat Defence device and SPAN on the switch. What must be configured next by the engineer?

A. active Interface on me Secure Firewall threat Defense device

B. DHCP on the switch

C. active SPAN port on the switch

D. intrusion policy on the Secure Firewall Threat Defense device

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

When do you need the file-size command option during troubleshooting with packet capture?

A. when capture packets exceed 32 MB

B. when capture packets exceed 10 GB

C. when capture packets are restricted from the secondary memory

D. when capture packets are less than 16 MB

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

A network administrator is seeing an unknown verdict for a file detected by Cisco FTD. Which malware policy configuration option must be selected in order to further analyse the file in the Talos cloud?

A. Dynamic analysis

B. Malware analysis

C. Spero analysis

D. Sandbox analysis

正解：B 解答を投票する

出題：10

Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.

正解：

Explanation:

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_management_center_high_availability.html#id_32288

出題：11

An engineer Is configuring a Cisco FTD device to place on the Finance VLAN to provide additional protection tor company financial data. The device must be deployed without requiring any changes on the end user workstations, which currently use DHCP lo obtain an IP address. How must the engineer deploy the device to meet this requirement?

A. Deploy the device in transparent mode and enable the DHCP Server feature.

B. Deploy the device in transparent mode and allow DHCP traffic in the access control policies

C. Deploy the device in routed mode and allow DHCP traffic in the access control policies.

D. Deploy the device in routed made aid enable the DHCP Relay feature.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

A cisco Secure firewall Threat Defence device is configured in inline IPS mode to inspect all traffic that passes through the interfaces in the inline set. Which setting in the inline set configuration must be connected to allow traffic to pass through uninterrupted when VDB updates are being applied?

A. Tap Mode

B. Short Fall Open

C. Propagate Link State

D. Strict TCP Enforcement

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：13

Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

A. Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

B. Bridge groups are supported in both transparent and routed firewall modes.

C. Each directly connected network must be on the same subnet.

D. The BVI IP address must be in a separate subnet from the connected network.

E. Bridge groups are supported only in transparent firewall mode.

正解：B,C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

A network administrator is configuring a site-to-site IPsec VPN to a router sitting behind a Cisco FTD. The administrator has configured an access policy to allow traffic to this device on UDP 500, 4500, and ESP VPN traffic is not working. Which action resolves this issue?

A. Enable IPsec inspection on the access policy.

B. Change the access policy to allow all ports.

C. Set the allow action in the access policy to trust.

D. Modify the NAT policy to use the interface PAT.

正解：A 解答を投票する

出題：15

A hospital network needs to upgrade their Cisco FMC managed devices and needs to ensure that a disaster recovery process is in place. What must be done in order to minimize downtime on the network?

A. Configure the Cisco FMC managed devices for clustering.

B. Configure the Cisco FMCs for failover

C. Configure a second circuit to an ISP for added redundancy

D. Keep a copy of the current configuration to use as backup

正解：D 解答を投票する

出題：16

Which action must be taken to configure an isolated bridge group for IRB mode on a Cisco Secure Firewall device?

A. Add the restricted segment to the ACL.

B. Leave BVI interface name empty.

C. Remove the route from the routing table.

D. Define the NAT pool for the blocked traffic.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：17

An engineer is using the configure manager add <FMC IP> Cisc402098527 command to add a new Cisco FTD device to the Cisco FMC; however, the device is not being added. Why Is this occurring?

A. The NAT ID is required since the Cisco FMC is behind a NAT device.

B. The IP address used should be that of the Cisco FTD. not the Cisco FMC.

C. The registration key is missing from the command

D. DONOTRESOLVE must be added to the command

正解：A 解答を投票する

出題：18

Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high- availability?

A. configure high-availability suspend

B. system support network-options

C. configure high-availability disable

D. configure high-availability resume

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：19

An engineer must configure a Cisco FMC dashboard in a multidomain deployment Which action must the engineer take to edit a report template from an ancestor domain?

A. Change the document attributes.

B. Assign themselves ownership of it

C. Add it as a separate widget.

D. Copy it to the current domain

正解：D 解答を投票する

ページ: 1 / 18
トータル 324 問