300-710無料問題集「Cisco Securing Networks with Cisco Firepower」

質問 1

A company is deploying intrusion protection on multiple Cisco FTD appliances managed by Cisco FMC. Which system-provided policy must be selected if speed and detection are priorities?

（A）Security Over Connectivity

（B）Connectivity Over Security

（C）Balanced Security and Connectivity

（D）Maximum Detection

正解：C 解答を投票する

質問 2

An organization is installing a new Cisco FTD appliance in the network. An engineer is tasked with configuring access between two network segments within the same IP subnet. Which step is needed to accomplish this task?

（A）Permit BPDU packets to prevent loops.

（B）Assign an IP address to the Bridge Virtual Interface.

（C）Add a separate bridge group for each segment.

（D）Specify a name for the bridge group.

正解：B 解答を投票する

質問 3

Which component simplifies incident investigation with Cisco Threat Response?

（A）local CVE database

（B）Cisco AMP client

（C）Cisco Secure Firewall appliance

（D）browser plug-in

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 4

An engineer has been tasked with performing an audit of network objects to determine which objects are duplicated across the various firewall models (Cisco Secure Firewall Threat Defense, Cisco Secure Firewall ASA, and Meraki MX Series) deployed throughout the company. Which tool will assist the engineer in performing that audit?

（A）Cisco SecureX

（B）Cisco Defense Orchestrator

（C）Cisco Secure Firewall Management Center

（D）Cisco Firepower Device Manager

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Which firewall design will allow it to forward traffic at layers 2 and 3 for the same subnet?

（A）transparent mode

（B）Integrated routing and bridging

（C）Cisco Firepower Threat Defense mode

（D）routed mode

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

A network administrator is seeing an unknown verdict for a file detected by Cisco FTD.
Which malware policy configuration option must be selected in order to further analyse the file in the Talos cloud?

（A）Dynamic analysis

（B）Malware analysis

（C）Sandbox analysis

（D）Spero analysis

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

On Cisco Firepower Management Center, which policy is used to collect health modules alerts from managed devices?

（A）health awareness policy

（B）correlation policy

（C）system policy

（D）access control policy

（E）health policy

正解：E 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?

（A）Matching traffic is not rate limited.

（B）The system rate-limits all traffic.

（C）The rate-limiting rule is disabled.

（D）The system repeatedly generates warnings.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

An engineer is monitoring network traffic from their sales and product development departments, which are on two separate networks.
What must be configured in order to maintain data privacy for both departments?

（A）Use passive IDS ports for both departments

（B）Use one pair of inline set in TAP mode for both departments

（C）Use a dedicated IPS inline set for each department to maintain traffic separation

（D）Use 802.1Q mime set Trunk interfaces with VLANs to maintain logical traffic separation

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

The event dashboard within the Cisco FMC has been inundated with low priority intrusion drop events, which are overshadowing high priority events. An engineer has been tasked with reviewing the policies and reducing the low priority events.
Which action should be configured to accomplish this task?

（A）generate events

（B）drop packet

（C）drop and generate

（D）drop connection

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

An engineer is restoring a Cisco FTD configuration from a remote backup using the command restore remote-manager-backup location 1.1.1.1 admin /volume/home/admin BACKUP_Cisc394602314.zip on a Cisco FMG. After connecting to the repository, an error occurred that prevents the FTD device from accepting the backup file. What is the problem?

（A）The backup file is too large for the Cisco FTD device

（B）The backup file was not enabled prior to being applied

（C）The backup file extension was changed from tar to zip

（D）The backup file is not in .cfg format.

正解：C 解答を投票する

質問 12

Refer to the exhibit. An engineer is modifying an access control policy to add a rule to inspect all DNS traffic that passes through the firewall. After making the change and deploying the policy, they see that DNS traffic is not being inspected by the Snort engine. What is the problem?

（A）The rule must specify the security zone that originates the traffic.

（B）The rule must define the source network for inspection as well as the port.

（C）The rule is configured with the wrong setting for the source port.

（D）The action of the rule is set to trust instead of allow.

正解：D 解答を投票する

質問 13

Network users are experiencing intermittent issues with internet access. An engineer identified that the issue is being caused by NAT exhaustion. How must the engineer change the dynamic NAT configuration to provide internet access for more users without running out of resources?

（A）Convert the dynamic auto NAT rule to dynamic manual NAT.

（B）Add an identity NAT rule to handle the overflow of users.

（C）Configure fallthrough to interface PAT on the Advanced tab.

（D）Define an additional static NAT for the network object in use.

正解：C 解答を投票する

質問 14

A security engineer is configuring an Access Control Policy for multiple branch locations.
These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location.
What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?

（A）creating a unique ACP per device

（B）creating an ACP with an INSIDE_NET network object and object overrides

（C）utilizing a dynamic ACP that updates from Cisco Talos

（D）utilizing policy inheritance

正解：B 解答を投票する

質問 15

Refer to the exhibit. An organization has an access control rule with the intention of sending all social media traffic for inspection. After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed.
What must be done to address this issue?

（A）Modify the selected application within the rule

（B）Change the intrusion policy to connectivity over security.

（C）Add the social network URLs to the block list

（D）Modify the rule action from trust to allow

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 16

A network administrator wants to configure a default policy to block malicious sites based on the requested URL lookup. Which feature meets the requirement?

（A）DNS policies

（B）file policies

（C）malware policies

（D）URL filtering policies

正解：D 解答を投票する

300-710 無料問題集「Cisco Securing Networks with Cisco Firepower」

弊社を連絡する

関連リンク

トップ試験