300-710 exam

Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high-availability?A . configure high-availability resume B. configure high-availability disable C. system support network-options D. configure high-availability suspendView AnswerAnswer: D Explanation: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_threat_defense_high_availability.html

Which interface type allows packets to be dropped?A . passive B. inline C. ERSPAN D. TAPView AnswerAnswer: B Explanation: Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuring-firepower-threat-defense-int.html

An administrator is optimizing the Cisco FTD rules to improve network performance, and wants to bypass inspection for certain traffic types to reduce the load on the Cisco FTD. Which policy must be configured to accomplish this goal?A . prefilter B. intrusion C. identity D. URL filteringView AnswerAnswer: A

In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.)A . Traffic inspection can be interrupted temporarily when configuration changes are deployed. B. The system performs intrusion inspection followed by file inspection. C. They can block traffic based on Security Intelligence data. D. File...

After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file?A . /etc/sf/DCMIB.ALERT B. /sf/etc/DCEALERT.MIB C. /etc/sf/DCEALERT.MIB D. system/etc/DCEALERT.MIBView AnswerAnswer: C Explanation: Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/Intrusion-External-Responses.pdf

An engineer is configuring a Cisco IPS to protect the network and wants to test a policy before deploying it. A copy of each incoming packet needs to be monitored while traffic flow remains constant. Which IPS mode should be implemented to meet these requirements?A . Inline tap B. passive...

A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire How should this be implemented?A...

Which CLI command is used to generate firewall debug messages on a Cisco Firepower?A . system support firewall-engine-debug B. system support ssl-debug C. system support platform D. system support dump-tableView AnswerAnswer: A Explanation: Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212330-firepower-management-center-display-acc.html

An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs Each DMZ has a unique private IP subnet range. How is this requirement satisfied?A . Deploy the firewall in transparent mode with access control policies. B. Deploy the firewall in routed mode with access control...

Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)A . Redundant Interface B. EtherChannel C. Speed D. Media Type E. DuplexView AnswerAnswer: CE Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/fdm/fptd-fdm-config-guide-610/fptd-fdm-interfaces.html