Cisco 300-710 SNCF Exam Questions Instant Access

Question 1

An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects. What is the reason for this failure?

AThe interfaces are being used for NAT for multiple networks.

BThe administrator is adding interfaces of multiple types.

CThe administrator is adding an interface that is in multiple zones.

DThe interfaces belong to multiple interface groups.

Answer : D

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/reusable_objects.html#ID-2243-000009b4

'All interfaces in an interface object must be of the same type: all inline, passive, switched, routed, or ASA FirePOWER. After you create an interface object, you cannot change the type of interfaces it contains.'

Question 2

An engineer is troubleshooting the upgrade of a Cisco Secure Firewall Threat Defense device on the Secure Firewall Management Center 7.0 GUI. The engineer wants to collect the upgrade data and logs. Which two actions must the engineer take? (Choose two.)

AView the system and troubleshooting details.

BSelect the Secure Firewall Threat Defense device properties.

CSelect the Secure Firewall Management Center device.

DAccess the Health Events page.

EAccess the Health Monitor page.

Answer : B, E

Question 3

Which feature sets up multiple interfaces on a Cisco Secure Firewall Threat Defense to be on the same subnet?

AEtherChannel

BSVI

CBVI

Dsecurity levels

Answer : C

Question 4

An engineer must create an access control policy on a Cisco Secure Firewall Threat Defense device. The company has a contact center that utilizes VoIP heavily, and it is critical that this traffic is not .... by performance issues after deploying the access control policy Which access control Action rule must be configured to handle the VoIP traffic?

Amonitor

Btrust

Cblock

Dallow

Answer : B

To ensure that VoIP traffic in a contact center is not impacted by performance issues after deploying an access control policy on a Cisco Secure Firewall Threat Defense (FTD) device, the engineer should configure the access control rule with the 'trust' action. The 'trust' action allows traffic to bypass inspection and policy enforcement, ensuring that critical VoIP traffic is not delayed or degraded.

Steps:

In FMC, navigate toPolicies > Access Control > Access Control Policy.

Create a new rule or edit an existing rule.

Set the source and destination for the VoIP traffic.

Set the action to 'trust' to ensure the VoIP traffic is not inspected.

By configuring the rule with the 'trust' action, the VoIP traffic will be prioritized, maintaining the quality and performance required for the contact center operations.

Question 5

An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ. Which action should the engineer take to troubleshoot this issue using the real DNS packets?

AUse the Connection Events dashboard to check the block reason and adjust the inspection policy as needed.

BUse the packet capture tool to check where the traffic is being blocked and adjust the access control or intrusion policy as needed.

CUse the packet tracer tool to determine at which hop the packet is being dropped.

DUse the show blocks command in the Threat Defense CLI tool and create a policy to allow the blocked traffic.

Answer : A

Question 6

Refer to the exhibit.

Refer to the exhibit. An engineer analyzes a Cisco Firepower Management Center dashboard. Which action must be taken by the user to decrease the risk of data loss?

AStop all URLs that have an unknown reputation.

BBlock the use of Dropbox.

CStop all the URLs that are uncategorized.

DBlock all the BitTorrent applications.

Answer : C

Question 7

A network engineer must provide redundancy between two Cisco FTD devices. The redundancy configuration must include automatic configuration, translation, and connection updates. After the initial configuration of the two appliances, which two steps must be taken to proceed with the redundancy configuration? (Choose two.)

AConfigure the virtual MAC address on the failover link.

BDisable hellos on the inside interface.

CConfigure the standby IP addresses.

DEnsure the high availability license is enabled.

EConfigure the failover link with stateful properties.

Answer : A, C

Cisco Securing Networks with Cisco Firepower 300-710 SNCF Exam Questions