- All Exams Instant Download
What is the advantage of having Cisco Firepower devices send events to Cisco Threat response via the security services exchange portal directly as opposed to using syslog?
What is the advantage of having Cisco Firepower devices send events to Cisco Threat response via the security services exchange portal directly as opposed to using syslog?A . Firepower devices do not need to be connected to the internet.B . All types of Firepower devices are supported.C . Supports all...
Which IPS mode should be implemented to meet these requirements?
An engineer is configuring a Cisco IPS to protect the network and wants to test a policy before deploying it. A copy of each incoming packet needs to be monitored while traffic flow remains constant. Which IPS mode should be implemented to meet these requirements?A . Inline tapB . passiveC...
What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?
A security engineer is configuring an Access Control Policy for multiple branch locations These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. What technique will retain the policy consistency at each location but allow...
Which action must be taken while replacing the faulty unit?
A network security engineer must replace a faulty Cisco FTD device in a high availability pair. Which action must be taken while replacing the faulty unit?A . Shut down the Cisco FMC before powering up the replacement unit.B . Ensure that the faulty Cisco FTD device remains registered to the...
Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?
Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?A . a default DMZ policy for which only a user can change the IP addresses.B . deny ip anyC . no policy rule is includedD...
How is the Firepower configuration updated to protect these new operating systems?
Refer to the exhibit. And engineer is analyzing the Attacks Risk Report and finds that there are over 300 instances of new operating systems being seen on the network. How is the Firepower configuration updated to protect these new operating systems?A . Cisco Firepower automatically updates the policies.B . The...
Which CLI command is used to generate firewall debug messages on a Cisco Firepower?
Which CLI command is used to generate firewall debug messages on a Cisco Firepower?A . system support firewall-engine-debugB . system support ssl-debugC . system support platformD . system support dump-tableView AnswerAnswer: A Explanation: Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212330-firepower-management-center-display-acc.html
What is the difference between inline and inline tap on Cisco Firepower?
What is the difference between inline and inline tap on Cisco Firepower?A . Inline tap mode can send a copy of the traffic to another device.B . Inline tap mode does full packet capture.C . Inline mode cannot do SSL decryption.D . Inline mode can drop malicious traffic.View AnswerAnswer: A
What is the reason for this issue?
A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it. What is the reason for this issue?A . A manual NAT exemption rule does not...
Which Cisco Firepower rule action displays an HTTP warning page?
Which Cisco Firepower rule action displays an HTTP warning page?A . MonitorB . BlockC . Interactive BlockD . Allow with WarningView AnswerAnswer: C Explanation: Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/AC-Rules-Tuning-Overview.html#76698
