Cisco 300-710 SNCF Exam Questions Instant Access

Question 1

A mid-sized company is experiencing higher network bandwidth utilization due to a recent acquisition The network operations team is asked to scale up their one Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth. Which design option should be used to accomplish this goal?

ADeploy multiple Cisco FTD appliances in firewall clustering mode to increase performance.

BDeploy multiple Cisco FTD appliances using VPN load-balancing to scale performance.

CDeploy multiple Cisco FTD HA pairs to increase performance

DDeploy multiple Cisco FTD HA pairs in clustering mode to increase performance

Answer : A

Question 2

Network users are experiencing Intermittent issues with internet access. An engineer ident med mat the issue Is being caused by NAT exhaustion. How must the engineer change the dynamic NAT configuration to provide internet access for more users without running out of resources?

ADefine an additional static NAT for the network object in use.

BConfigure fallthrough to interface PAT on 'he Advanced tab.

CConvert the dynamic auto NAT rule to dynamic manual NAT.

DAdd an identity NAT rule to handle the overflow of users.

Answer : B

Fallthrough to interface PAT is a feature that allows the dynamic NAT configuration to use the interface IP address as a last resort when the NAT pool is exhausted. This way, more users can access the internet without running out of resources.To enable this feature, the engineer must check the Enable PAT Fallback check box on the Advanced tab of the NAT rule editor1

Question 3

An engineer has been tasked with performing an audit of network projects to determine which objects are duplicated across the various firewall models (Cisco Secure Firewall Threat Defense Cisco Secure firewall ASA, and Meraki MX Series) deployed throughout the company Which tool will assist the engineer in performing that audit?

ACisco Firepower Device Manager

BCisco SecureX

CCisco Defense Orchestrator

DCisco Secure Firewall Management Center

Answer : C

Cisco Defense Orchestrator (CDO) is the tool that assists engineers in performing an audit of network projects to determine which objects are duplicated across various firewall models, including Cisco Secure Firewall Threat Defense, Cisco Secure Firewall ASA, and Meraki MX Series. CDO provides a unified management interface for managing multiple security devices and can identify duplicate objects across these devices.

Steps:

Access Cisco Defense Orchestrator.

Connect and synchronize all relevant firewall devices (FTD, ASA, Meraki MX).

Use the audit and reporting features in CDO to identify and manage duplicate objects.

This helps ensure consistency and efficient management across the organization's firewall deployments.

Question 4

An engineer must investigate a connectivity issue from an endpoint behind a Cisco FTD device and a public DNS server. The endpoint cannot perform name resolution queries. Which action must the engineer perform to troubleshoot the issue by simulating real DNS traffic on the Cisco FTD while verifying the Snarl verdict?

APerform a Snort engine capture using tcpdump from the FTD CLI.

BUse the Capture w/Trace wizard in Cisco FMC.

CCreate a Custom Workflow in Cisco FMC.

DRun me system support firewall-engine-debug command from me FTD CLI.

Answer : B

The Capture w/Trace wizard in Cisco FMC allows you to capture packets on an FTD device and trace their path through the Snort engine. This can help you troubleshoot connectivity issues from an endpoint behind an FTD device and a public DNS server, as well as verify the Snort verdict for the DNS traffic. The Capture w/Trace wizard lets you specify the source and destination IP addresses, ports, and protocols for the packets you want to capture and trace, as well as the FTD device and interface where you want to perform the capture. You can also apply filters to limit the capture size and duration.After you start the capture, you can ping the DNS server from the endpoint and then view the captured packets and their Snort verdicts in the FMC web interface2.

To use the Capture w/Trace wizard in Cisco FMC, you need to follow these steps2:

In the FMC web interface, navigate to Troubleshooting > Capture/Trace.

Click New Capture.

Choose an FTD device from the Device drop-down list.

Choose an interface from the Interface drop-down list.

Enter the source and destination IP addresses, ports, and protocols for the packets you want to capture and trace. For example, if you want to capture DNS queries from an endpoint with IP address 10.1.1.100 to a DNS server with IP address 8.8.8.8, you can enter these values:

Source IP: 10.1.1.100

Source Port: any

Destination IP: 8.8.8.8

Destination Port: 53

Protocol: UDP

Optionally, apply filters to limit the capture size and duration. For example, you can set the maximum number of packets to capture, the maximum capture file size, or the maximum capture time.

Click Start.

Ping the DNS server from the endpoint and wait for some packets to be captured.

Click Stop to stop the capture.

Click View Capture to see the captured packets and their Snort verdicts.

The other options are incorrect because:

Performing a Snort engine capture using tcpdump from the FTD CLI will not allow you to trace the path of the packets through the Snort engine or verify their Snort verdicts.Tcpdump is a command-line tool that can capture packets on an FTD device, but it does not provide any information about how Snort processes those packets or what actions Snort takes on them2.

Creating a Custom Workflow in Cisco FMC will not help you troubleshoot a connectivity issue from an endpoint behind an FTD device and a public DNS server. A Custom Workflow is a user-defined set of pages that display event data in different formats, such as tables, charts, maps, and so on.A Custom Workflow does not allow you to capture or trace packets on an FTD device3.

Running the system support firewall-engine-debug command from the FTD CLI will not allow you to simulate real DNS traffic on the FTD device or verify the Snort verdict for that traffic. The firewall-engine-debug command is a diagnostic tool that can generate synthetic packets and send them through the Snort engine on an FTD device.The synthetic packets are not real network traffic and do not affect any connections or policies on the FTD device4.

Question 5

A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet How is this accomplished on an FTD device in routed mode?

Aby leveraging the ARP to direct traffic through the firewall

Bby assigning an inline set interface

Cby using a BVI and create a BVI IP address in the same subnet as the user segment

Dby bypassing protocol inspection by leveraging pre-filter rules

Answer : C

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html

Question 6

An engineer must investigate a connectivity issue by using Cisco Secure Firewall Management Center to access the Packet Capture feature on a Cisco Secure Firewall Threat Defense

device. The engineer must see a real packet going through the Secure Firewall Threat Defense device and the Snort detection actions. While reviewing the packet capture, the engineer

discovers that the Snort detection actions are missing. Which action must the engineer take to resolve the issue?

ASpecify the packet size.

BSpecify the buffer size.

CEnable the Continuous Capture option.

DEnable the Trace option.

Answer : D

Question 7

A VPN user is unable to conned lo web resources behind the Cisco FTD device terminating the connection. While troubleshooting, the network administrator determines that the DNS responses are not getting through the Cisco FTD What must be done to address this issue while still utilizing Snort IPS rules?

AUncheck the 'Drop when Inline' box in the intrusion policy to allow the traffic.

BModify the Snort rules to allow legitimate DNS traffic to the VPN users.

CDisable the intrusion rule threshes to optimize the Snort processing.

DDecrypt the packet after the VPN flow so the DNS queries are not inspected

Answer : B

Cisco Securing Networks with Cisco Firepower 300-710 SNCF Exam Questions