300-710 exam

What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?A . VPN connections can be re-established only if the failed master unit recovers.B . Smart License is required to maintain VPN connections simultaneously across all cluster units.C . VPN connections must be re-established when a new...

What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?A . The rate-limiting rule is disabled.B . Matching traffic is not rate limited.C . The system rate-limits all traffic.D . The system repeatedly generates warnings.View AnswerAnswer:...

Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.)A . same flash memory sizeB . same NTP configurationC . same DHCP/PPoE configurationD . same host nameE . same number of interfacesView AnswerAnswer: BE Explanation: https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html Conditions In order to create an HA...

An engineer is troubleshooting application failures through a FTD deployment. While using the FMC CLI. it has been determined that the traffic in question is not matching the desired policy. What should be done to correct this?A . Use the system support firewall-engine-debug command to determine which rules the traffic...

Within an organization's high availability environment where both firewalls are passing traffic, traffic must be segmented based on which department it is destined for. Each department is situated on a different LAN. What must be configured to meet these requirements?A . span EtherChannel clusteringB . redundant interfacesC . high availability...

After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file?A . /etc/sf/DCMIB.ALERTB . /sf/etc/DCEALERT.MIBC . /etc/sf/DCEALERT.MIBD . system/etc/DCEALERT.MIBView AnswerAnswer: C Explanation: Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/Intrusion-External-Responses.pdf

An engineer currently has a Cisco FTD device registered to the Cisco FMC and is assigned the address of 10 10.50.12. The organization is upgrading the addressing schemes and there is a requirement to convert the addresses to a format that provides an adequate amount of addresses on the network....

An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching. Which action must be taken to meet these requirements?A . Configure an IPS policy and enable per-rule logging.B . Disable the default IPS policy...

Which two packet captures does the FTD LINA engine support? (Choose two.)A . Layer 7 network IDB . source IPC . application IDD . dynamic firewall importingE . protocolView AnswerAnswer: BE Explanation: Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html

Which command must be run to generate troubleshooting files on an FTD?A . system support view-filesB . sudo sf_troubleshoot.plC . system generate-troubleshoot allD . show tech-supportView AnswerAnswer: C Explanation: Reference: https://www.cisco.com/c/en/us/support/docs/security/sourcefire-defense-center/117663-technote-SourceFire-00.html