Free Cisco 300-710 Exam Dumps and 300-710 Exam Questions

Question No: 1

MultipleChoice

Due to an Increase in malicious events, a security engineer must generate a threat report to include intrusion events, malware events, and security intelligence events. How Is this information collected in a single report?

Options

ARun the default Firepower report.

BExport the Attacks Risk report.

CGenerate a malware report.

DCreate a Custom report.

Question No: 2

MultipleChoice

Refer to the exhibit.

Refer to the exhibit An engineer is modifying an access control pokey to add a rule to inspect all DNS traffic that passes through the firewall After making the change and deploying the pokey they see that DNS traffic is not bang inspected by the Snort engine What is the problem?

Options

AThe rule must specify the security zone that originates the traffic

BThe rule must define the source network for inspection as well as the port

CThe action of the rule is set to trust instead of allow.

DThe rule is configured with the wrong setting for the source port

Question No: 3

MultipleChoice

A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address Error! Hyperlink reference not valid. IP>/capture/CAPI/pcap/test.pcap. an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?

Options

ADisable the HTTPS server and use HTTP instead.

BEnable the HTTPS server for the device platform policy.

CDisable the proxy setting on the browser.

DUse the Cisco FTD IP address as the proxy server setting on the browser.

Question No: 4

MultipleChoice

An engineer is vorlang on a LAN switch and has noticed that its network connection to the mime Cisco IPS has gone down Upon troubleshooting it is determined that the switch is working as expected What must have been implemented for this failure to occur?

Options

AThe upstream router has a misconfigured routing protocol

BLink-state propagation is enabled

CThe Cisco IPS has been configured to be in fail-open mode

DThe Cisco IPS is configured in detection mode

Question No: 5

MultipleChoice

Refer to the exhibit An engineer is modifying an access control pokey to add a rule to inspect all DNS traffic that passes through the firewall After making the change and deploying the pokey they see that DNS traffic is not bang inspected by the Snort engine What is the problem?

Options

AThe rule must specify the security zone that originates the traffic

BThe rule must define the source network for inspection as well as the port

CThe action of the rule is set to trust instead of allow.

DThe rule is configured with the wrong setting for the source port

Question No: 6

MultipleChoice

An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection

for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect

malicious behavior. How is this accomplished?

Options

AModify the network discovery policy to detect new hosts to inspect.

BModify the access control policy to redirect interesting traffic to the engine.

CModify the intrusion policy to determine the minimum severity of an event to inspect.

DModify the network analysis policy to process the packets for inspection.

Question No: 7

MultipleChoice

An organization has a compliancy requirement to protect servers from clients, however, the clients and servers all reside on the same Layer 3 network Without readdressing IP subnets for clients or servers, how is segmentation achieved"?

Options

ADeploy a firewall in transparent mode between the clients and servers.

BChange the IP addresses of the clients, while remaining on the same subnet.

CDeploy a firewall in routed mode between the clients and servers

DChange the IP addresses of the servers, while remaining on the same subnet

Question No: 8

MultipleChoice

In a multi-tenant deployment where multiple domains are in use. which update should be applied outside of the Global Domain?

Options

Aminor upgrade

Blocal import of intrusion rules

CCisco Geolocation Database

Dlocal import of major upgrade

Question No: 9

MultipleChoice

An engineer configures an access control rule that deploys file policy configurations to security zone or tunnel zones, and it causes the device to restart. What is the reason for the restart?

Options

ASource or destination security zones in the access control rule matches the security zones that are associated with interfaces on the target devices.

BThe source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the destination policy.

CSource or destination security zones in the source tunnel zone do not match the security zones that are associated with interfaces on the target devices.

DThe source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the source policy.

Question No: 10

MultipleChoice

An engineer is attempting to create a new dashboard within the Cisco FMC to have a single view with widgets

from many of the other dashboards. The goal is to have a mixture of threat and security related widgets along

with Cisco Firepower device health information. Which two widgets must be configured to provide this

information? (Choose two.)

Options

AIntrusion Events

BCorrelation Information

CAppliance Status

DCurrent Sessions

ENetwork Compliance