次の認定試験に速く合格する！

簡単に認定試験を準備し、学び、そして合格するためにすべてが必要だ。

会員センターカート (0)

300-710 無料問題集「Cisco Securing Networks with Cisco Firepower」

ページ: 1 / 23
トータル 397 問

サインアップ、ログインされた後に、試験全体を無料で表示できるようになります。

質問 1

A company wants a solution to aggregate the capacity of two Cisco FTD devices to make the best use of resources such as bandwidth and connections per second. Which order of steps must be taken across the Cisco FTDs with Cisco FMC to meet this requirement?

（A）Add members to the Cisco FMC, configure Cisco FTD interfaces, create the cluster in Cisco FMC, and configure cluster members in Cisco FMC

（B）Configure the Cisco FTD interfaces and cluster members, add members to Cisco FMC, and create the cluster in Cisco FMC

（C）Add members to Cisco FMC, configure Cisco FTD interfaces in Cisco FMC, configure cluster members in Cisco FMC, create cluster in Cisco FMC, and configure cluster members in Cisco FMC

（D）Configure the Cisco FTD interfaces, add members to FMC, configure cluster members in FMC, and create cluster in Cisco FMC

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

An organization recently implemented a transparent Cisco FTD in their network. They must ensure that the device does not respond to insecure SSL/TLS protocols. Which action accomplishes this task?

（A）Use the Cisco FTD platform policy to change the minimum SSL version on the device to TLS 1.2.

（B）Modify the device's settings using the device management feature within Cisco FMC to force only secure protocols.

（C）Enable the UCAPL/CC compliance on the device to support only the most secure protocols available.

（D）Configure a FlexConfig object to disable any insecure TLS protocols on the Cisco FTD device.

正解：A 解答を投票する

質問 3

Which two packet captures does the FTD LINA engine support? (Choose two.)

（A）source IP

（B）dynamic firewall importing

（C）application ID

（D）Layer 7 network ID

（E）protocol

正解：A、E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

The CIO asks a network administrator to present to management a dashboard that shows custom analysis tables for the top DNS queries URL category statistics, and the URL reputation statistics.
Which action must the administrator take to quickly produce this information for management?

（A）Create a new dashboard and add three custom analysis widgets that specify the tables needed.

（B）Run the Attack report and filter on DNS to show this information.

（C）Modify the Connection Events dashboard to display the information in a view for management.

（D）Copy the intrusion events dashboard tab and modify each widget to show the correct charts.

正解：A 解答を投票する

質問 5

A VPN user is unable to conned lo web resources behind the Cisco FTD device terminating the connection. While troubleshooting, the network administrator determines that the DNS responses are not getting through the Cisco FTD.
What must be done to address this issue while still utilizing Snort IPS rules?

（A）Disable the intrusion rule threshes to optimize the Snort processing.

（B）Uncheck the "Drop when Inline" box in the intrusion policy to allow the traffic.

（C）Modify the Snort rules to allow legitimate DNS traffic to the VPN users.

（D）Decrypt the packet after the VPN flow so the DNS queries are not inspected

正解：C 解答を投票する

質問 6

Refer to the exhibit. An organization has an access control rule with the intention of sending all social media traffic for inspection. After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed.
What must be done to address this issue?

（A）Modify the selected application within the rule

（B）Change the intrusion policy to connectivity over security.

（C）Add the social network URLs to the block list

（D）Modify the rule action from trust to allow

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which component simplifies incident investigation with Cisco Threat Response?

（A）local CVE database

（B）Cisco AMP client

（C）Cisco Secure Firewall appliance

（D）browser plug-in

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

What must be implemented on Cisco Firepower to allow multiple logical devices on a single physical device to have access to external hosts?

（A）Add at least two container instances from the same module.

（B）Set up a cluster control link between all logical devices

（C）Add one shared management interface on all logical devices.

（D）Define VLAN subinterfaces for each logical device.

正解：C 解答を投票する

質問 9

An engineer is configuring a Cisco IPS to protect the network and wants to test a policy before deploying it. A copy of each incoming packet needs to be monitored while traffic flow remains constant. Which IPS mode should be implemented to meet these requirements?

（A）routed

（B）passive

（C）transparent

（D）inline tap

正解：D 解答を投票する

質問 10

An engineer must configure a Cisco FMC dashboard in a multidomain deployment Which action must the engineer take to edit a report template from an ancestor domain?

（A）Add it as a separate widget.

（B）Change the document attributes.

（C）Copy it to the current domain

（D）Assign themselves ownership of it

正解：C 解答を投票する

質問 11

A network engineer is deploying a pair of Cisco Secure Firewall Threat Defense devices managed by Cisco Secure Firewall Management Center for High Availability. Internet access is a high priority for the business and therefore they have invested in internet circuits from two different ISPs. The requirement from the customer is that internet access must be available to their users even if one of the ISPs is down. Which two features must be deployed to achieve this requirement? (Choose two.)

（A）Route Tracking

（B）Redundant interfaces

（C）SLA Monitor

（D）EtherChannel interfaces

（E）BGP

正解：A、C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

Cisco Security Analytics and Logging SaaS licenses come with how many days of data retention by default?

（A）120

（B）90

（C）60

（D）365

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet.
How is this accomplished on an FTD device in routed mode?

（A）by assigning an inline set interface

（B）by bypassing protocol inspection by leveraging pre-filter rules

（C）by leveraging the ARP to direct traffic through the firewall

（D）by using a BVI and create a BVI IP address in the same subnet as the user segment

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

A network administrator is configuring an FTD in transparent mode. A bridge group is set up and an access policy has been set up to allow all IP traffic. Traffic is not passing through the FTD.
What additional configuration is needed?

（A）An IP address must be assigned to the BVI.

（B）A default route must be added to the FTD.

（C）A mac-access control list must be added to allow all MAC addresses.

（D）The security levels of the interfaces must be set.

正解：A 解答を投票する

質問 15

In a multi-tenant deployment where multiple domains are in use. Which update should be applied outside of the Global Domain?

（A）local import of major upgrade

（B）Cisco Geolocation Database

（C）local import of intrusion rules

（D）minor upgrade

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 16

A company is in the process of deploying intrusion protection with Cisco FTDs managed by a Cisco FMC. Which action must be selected to enable fewer rules detect only critical conditions and avoid false positives?

（A）No Rules Active

（B）Connectivity Over Security

（C）Balanced Security and Connectivity

（D）Maximum Detection

正解：B 解答を投票する

質問 17

An engineer is deploying a Cisco ASA Secure Firewall module. The engineer must be able to examine traffic without impacting the network, and the ASA has been deployed with a single context. Which ASA Secure Firewall module deployment mode must be implemented to meet the requirements?

（A）routed mode with passive monitor-only mode

（B）transparent mode with inline tap monitor-only mode

（C）routed mode with inline tap monitor-only mode

（D）transparent mode with passive monitor-only mode

正解：D 解答を投票する

質問 18

Refer to the exhibit. An engineer is modifying an access control pokey to add a rule to inspect all DNS traffic that passes through the firewall.
After making the change and deploying the pokey they see that DNS traffic is not bang inspected by the Snort engine. What is the problem?

（A）The rule must define the source network for inspection as well as the port

（B）The rule is configured with the wrong setting for the source port

（C）The action of the rule is set to trust instead of allow.

（D）The rule must specify the security zone that originates the traffic

正解：C 解答を投票する

ページ: 1 / 23
トータル 397 問

300-710 の機能をすべて解除する

キャプチャ不要
365日無料更新サービス
希望する合格率を設定できる
時間の割り当てられる（時間：分）
300-710 に2つの練習用モード
サポートサービス対応

完全版を入手する

弊社を連絡する

我々は１２時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間：( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート：現在連絡

トップ試験

HCVA0-003 試験問題集
IAM-Certificate 試験問題集
1Z0-931-25 試験問題集
AI-900 試験問題集
H12-725_V4.0 試験問題集
C_C4H56_2411 試験問題集

300-710 無料問題集「Cisco Securing Networks with Cisco Firepower」

弊社を連絡する

関連リンク

トップ試験