300-710 exam

What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?A . VPN connections can be re-established only if the failed master unit recovers. B. Smart License is required to maintain VPN connections simultaneously across all cluster units. C. VPN connections must be re-established when a new...

What is the difference between inline and inline tap on Cisco Firepower?A . Inline tap mode can send a copy of the traffic to another device. B. Inline tap mode does full packet capture. C. Inline mode cannot do SSL decryption. D. Inline mode can drop malicious traffic.View AnswerAnswer: A

Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)A . BGPv6 B. ECMP with up to three equal cost paths across multiple interfaces C. ECMP with up to three equal cost paths across a single interface D. BGPv4 in transparent firewall mode E. BGPv4 with nonstop...

An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs. Which two steps must be taken to meet these requirements? (Choose two.)A ....

Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)A . Redundant Interface B. EtherChannel C. Speed D. Media Type E. DuplexView AnswerAnswer: C,E Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/fdm/fptd-fdm-config-guide-610/fptd-fdm-interfaces.html

Which CLI command is used to generate firewall debug messages on a Cisco Firepower?A . system support firewall-engine-debug B. system support ssl-debug C. system support platform D. system support dump-tableView AnswerAnswer: A Explanation: Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212330-firepower-management-center-display-acc.html

What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?A . The rate-limiting rule is disabled. B. Matching traffic is not rate limited. C. The system rate-limits all traffic. D. The system repeatedly generates warnings.View AnswerAnswer:...

Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface?A . configure coredump packet-engine enable B. capture-traffic C. capture D. capture WORDView AnswerAnswer: C Explanation: Reason: the command "capture-traffic" is used for SNORT Engine Captures. To capture a LINA Engine Capture,...

A Cisco FTD has two physical interfaces assigned to a BVI. Each interface is connected to a different VLAN on the same switch. Which firewall mode is the Cisco FTD set up to support?A . active/active failover B. transparent C. routed D. high availability clusteringView AnswerAnswer: B

In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.)A . Traffic inspection can be interrupted temporarily when configuration changes are deployed. B. The system performs intrusion inspection followed by file inspection. C. They can block traffic based on Security Intelligence data. D. File...