300-710無料問題集「Cisco Securing Networks with Cisco Firepower」

質問 1

Network traffic coining from an organization's CEO must never be denied. Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic?

（A）Configure a trust policy for the CEO.

（B）Change the intrusion policy from security to balance.

（C）Configure firewall bypass.

（D）Create a NAT policy just for the CEO.

正解：A 解答を投票する

質問 2

Remote users who connect via Cisco AnyConnect to the corporate network behind a Cisco FTD device report that they get no audio when calling between remote users using their softphones. These same users can call internal users on the corporate network without any issues. What is the cause of this issue?

（A）FTD has no NAT policy that allows outside to outside communication

（B）Split tunneling is enabled for the Remote Access VPN on FTD

（C）The Enable Spoke to Spoke Connectivity through Hub option is not selected on FTD.

（D）The hairpinning feature is not available on FTD.

正解：D 解答を投票する

質問 3

administrator is configuring SNORT inspection policies and is seeing failed deployment messages in Cisco FMC . What information should the administrator generate for Cisco TAC to help troubleshoot?

（A）A Troubleshoot" file for the device in question.

（B）A "show tech" file for the device in question

（C）A "troubleshoot" file for the Cisco FMC

（D）A "show tech" for the Cisco FMC.

正解：A 解答を投票する

質問 4

A security engineer found a suspicious file from an employee email address and is trying to upload it for analysis, however the upload is failing. The last registration status is still active. What is the cause for this issue?

（A）Cisco AMP for Networks is unable to contact Cisco Threat Grid Cloud.

（B）Cisco AMP for Networks is unable to contact Cisco Threat Grid on premise.

（C）There is a host limit set.

（D）The user agent status is set to monitor.

正解：A 解答を投票する

質問 5

A network engineer detects a connectivity issue between Cisco Secure Firewall Management Centre and Cisco Secure Firewall Threat Defense Initial troubleshooting indicates that heartbeats and events not being received.
The engineer re-establishes the secure channels between both peers Which two commands must the engineer run to resolve the issue? (Choose two.)

（A）sudo stats_unified.pl

（B）sudo perfstats -Cq < /var/sf/rna/correlator-stats/now

（C）show history

（D）manage_procs.pl

（E）show disk-manager

正解：A、D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

Which action must be taken on the Cisco FMC when a packet bypass is configured in case the Snort engine is down or a packet takes too long to process?

（A）Configure Fastpath rules to bypass inspection

（B）Enable Automatic Application Bypass

（C）Add a Bypass Threshold policy for failures

（D）Enable Inspect Local Router Traffic

正解：B 解答を投票する

質問 7

A mid-sized company is experiencing higher network bandwidth utilization due to a recent acquisition The network operations team is asked to scale up their one Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth. Which design option should be used to accomplish this goal?

（A）Deploy multiple Cisco FTD appliances using VPN load-balancing to scale performance.

（B）Deploy multiple Cisco FTD appliances in firewall clustering mode to increase performance.

（C）Deploy multiple Cisco FTD HA pairs to increase performance

（D）Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance

正解：B 解答を投票する

質問 8

What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

（A）VPN connections can be re-established only if the failed master unit recovers.

（B）Only established VPN connections are maintained when a new master unit is elected.

（C）Smart License is required to maintain VPN connections simultaneously across all cluster units.

（D）VPN connections must be re-established when a new master unit is elected.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisc FMC generated an alert for the malware event, however the user still remained connected. Which Cisco APM file rule action within the Cisco FMC must be set to resolve this issue?

（A）Malware Cloud Lookup

（B）Reset Connection

（C）Local Malware Analysis

（D）Detect Files

正解：B 解答を投票する

質問 10

A Cisco FMC administrator wants to configure fastpathing of trusted network traffic to increase performance.
In which type of policy would the administrator configure this feature?

（A）Identity policy

（B）Prefilter policy

（C）Network Analysis policy

（D）Intrusion policy

正解：B 解答を投票する

質問 11

While integrating Cisco Umbrella with Cisco Threat Response, a network security engineer wants to automatically push blocking of domains from the Cisco Threat Response interface to Cisco Umbrella. Which API meets this requirement?

（A）reporting

（B）investigate

（C）enforcement

（D）REST

正解：D 解答を投票する

質問 12

A Cisco FTD has two physical interfaces assigned to a BVI. Each interface is connected to a different VLAN on the same switch. Which firewall mode is the Cisco FTD set up to support?

（A）active/active failover

（B）routed

（C）high availability clustering

（D）transparent

正解：D 解答を投票する

質問 13

An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware. Which two configuration takes must be performed to achieve this file lookup? (Choose two.)

（A）The Cisco FMC needs to include a file inspection policy for malware lookup.

（B）The Cisco FMC needs to connect to the Cisco AMP for Endpoints service.

（C）The Cisco FMC needs to include a SSL decryption policy.

（D）The Cisco FMC needs to connect with the FireAMP Cloud.

（E）The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing.

正解：A、D 解答を投票する

質問 14

An engineer is configuring Cisco FMC and wants to limit the time allowed for processing packets through the interface However if the time is exceeded the configuration must allow packets to bypass detection What must be configured on the Cisco FMC to accomplish this task?

（A）Cisco ISE Security Group Tag

（B）Inspect Local Traffic Bypass

（C）Automatic Application Bypass

（D）Fast-Path Rules Bypass

正解：C 解答を投票する

質問 15

A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire How should this be implemented?

（A）Enable routing on the Cisco Firepower

（B）Specify the BVl IP address as the default gateway for connected devices.

（C）Configure a bridge group in transparent mode.

（D）Add an IP address to the physical Cisco Firepower interfaces.

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 16

An engineer must investigate a connectivity issue and decides to use the packet capture feature on Cisco FTD.
The goal is to see the real packet going through the Cisco FTD device and see the Snort detection actions as a part of the output. After the capture-traffic command is issued, only the packets are displayed. Which action resolves this issue?

（A）Use the verbose option as a part of the capture-traffic command

（B）Perform the trace within the Cisco FMC GUI instead of the Cisco FTD CLI.

（C）Specify the trace using the -T option after the capture-traffic command.

（D）Use the capture command and specify the trace option to get the required information.

正解：D 解答を投票する

質問 17

Which command must be run to generate troubleshooting files on an FTD?

（A）show tech-support

（B）system generate-troubleshoot all

（C）system support view-files

（D）sudo sf_troubleshoot.pl

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

300-710 無料問題集「Cisco Securing Networks with Cisco Firepower」

弊社を連絡する

関連リンク

トップ試験