300-710 無料問題集「Cisco Securing Networks with Cisco Firepower」

（A）Add members to the Cisco FMC, configure Cisco FTD interfaces, create the cluster in Cisco FMC, and configure cluster members in Cisco FMC

（B）Configure the Cisco FTD interfaces and cluster members, add members to Cisco FMC, and create the cluster in Cisco FMC

（C）Add members to Cisco FMC, configure Cisco FTD interfaces in Cisco FMC, configure cluster members in Cisco FMC, create cluster in Cisco FMC, and configure cluster members in Cisco FMC

（D）Configure the Cisco FTD interfaces, add members to FMC, configure cluster members in FMC, and create cluster in Cisco FMC

（A）Use the Cisco FTD platform policy to change the minimum SSL version on the device to TLS 1.2.

（B）Modify the device's settings using the device management feature within Cisco FMC to force only secure protocols.

（C）Enable the UCAPL/CC compliance on the device to support only the most secure protocols available.

（D）Configure a FlexConfig object to disable any insecure TLS protocols on the Cisco FTD device.

（A）source IP

（B）dynamic firewall importing

（C）application ID

（D）Layer 7 network ID

（E）protocol

（A）Create a new dashboard and add three custom analysis widgets that specify the tables needed.

（B）Run the Attack report and filter on DNS to show this information.

（C）Modify the Connection Events dashboard to display the information in a view for management.

（D）Copy the intrusion events dashboard tab and modify each widget to show the correct charts.

（A）Disable the intrusion rule threshes to optimize the Snort processing.

（B）Uncheck the "Drop when Inline" box in the intrusion policy to allow the traffic.

（C）Modify the Snort rules to allow legitimate DNS traffic to the VPN users.

（D）Decrypt the packet after the VPN flow so the DNS queries are not inspected

（A）Modify the selected application within the rule

（B）Change the intrusion policy to connectivity over security.

（C）Add the social network URLs to the block list

（D）Modify the rule action from trust to allow

（A）local CVE database

（B）Cisco AMP client

（C）Cisco Secure Firewall appliance

（D）browser plug-in

（A）Add at least two container instances from the same module.

（B）Set up a cluster control link between all logical devices

（C）Add one shared management interface on all logical devices.

（D）Define VLAN subinterfaces for each logical device.

（A）routed

（B）passive

（C）transparent

（D）inline tap

（A）Add it as a separate widget.

（B）Change the document attributes.

（C）Copy it to the current domain

（D）Assign themselves ownership of it

（A）Route Tracking

（B）Redundant interfaces

（C）SLA Monitor

（D）EtherChannel interfaces

（E）BGP

（A）120

（B）90

（C）60

（D）365

（A）by assigning an inline set interface

（B）by bypassing protocol inspection by leveraging pre-filter rules

（C）by leveraging the ARP to direct traffic through the firewall

（D）by using a BVI and create a BVI IP address in the same subnet as the user segment

（A）An IP address must be assigned to the BVI.

（B）A default route must be added to the FTD.

（C）A mac-access control list must be added to allow all MAC addresses.

（D）The security levels of the interfaces must be set.

（A）local import of major upgrade

（B）Cisco Geolocation Database

（C）local import of intrusion rules

（D）minor upgrade

（A）No Rules Active

（B）Connectivity Over Security

（C）Balanced Security and Connectivity

（D）Maximum Detection

（A）routed mode with passive monitor-only mode

（B）transparent mode with inline tap monitor-only mode

（C）routed mode with inline tap monitor-only mode

（D）transparent mode with passive monitor-only mode

（A）The rule must define the source network for inspection as well as the port

（B）The rule is configured with the wrong setting for the source port

（C）The action of the rule is set to trust instead of allow.

（D）The rule must specify the security zone that originates the traffic