Cisco CCNP 300-710 Questions & Answers

• Question 1:

  An engineer must replace a Cisco Secure Firewall high-availability device due to a failure. When the replacement device arrives, the engineer must separate the high-availability pair from Cisco Secure Firewall Management Center

  Which action must the engineer take first to restore high availability?

  A. Register the secondary device

  B. Force a break between the devices.

  C. Unregister the secondary device.

  D. Configure NTP time synchronization.

  Correct Answer: C

  When replacing a Cisco Secure Firewall high-availability (HA) device due to a failure, the first step the engineer must take is to unregister the secondary (failed) device from the Cisco Secure Firewall Management Center (FMC). This action

  separates the HA pair and ensures that the new replacement device can be registered and configured correctly.

  Steps:

  Access the FMC and navigate to the device management section. Unregister the failed secondary device to remove it from the HA pair.

  Register the replacement device to the FMC.

  Reconfigure the HA settings to restore the high-availability configuration. By unregistering the failed device first, the engineer ensures a clean setup for the replacement device, avoiding potential conflicts or issues in the HA configuration. References: Cisco Secure Firewall Management Center Administrator Guide, Chapter on High Availability Configuration.

• Question 2:

  Which component simplifies incident investigation with Cisco Threat Response?

  A. Cisco AMP client

  B. local CVE database

  C. Cisco Secure Firewall appliance

  D. browser plug-in

  Correct Answer: D

  Cisco Threat Response (CTR) is a security solution that helps simplify incident investigation and threat hunting. One of its components that significantly simplifies the investigation process is the browser plug-in. The browser plug-in integrates

  with CTR to provide contextual information directly within the browser, allowing security analysts to quickly view threat details, pivot to related information, and take appropriate actions without switching between multiple tools.

  Features of the browser plug-in:

  Provides real-time threat intelligence and context from various Cisco security products.

  Allows security analysts to investigate incidents directly from web-based consoles. Enhances efficiency by streamlining the workflow and reducing the time needed to gather and correlate information.

  References: Cisco Threat Response Documentation, Browser Plug-in Section.

• Question 3:

  An engineer integrates Cisco FMC and Cisco ISE using pxGrid. Which role is assigned for Cisco FMC?

  A. server

  B. controller

  C. publisher

  D. client

  Correct Answer: D

  Reference: https://www.ciscopress.com/articles/article.asp?p=2963461andseqNum=2

• Question 4:

  A company wants a solution to aggregate the capacity of two Cisco FTD devices to make the best use of resources such as bandwidth and connections per second. Which order of steps must be taken across the Cisco FTDs with Cisco FMC to meet this requirement?

  A. Add members to the Cisco FMC, configure Cisco FTD interfaces, create the cluster in Cisco FMC, and configure cluster members in Cisco FMC

  B. Add members to Cisco FMC, configure Cisco FTD interfaces in Cisco FMC, configure cluster members in Cisco FMC, create cluster in Cisco FMC, and configure cluster members in Cisco FMC

  C. Configure the Cisco FTD interfaces, add members to FMC, configure cluster members in FMC, and create cluster in Cisco FMC

  D. Configure the Cisco FTD interfaces and cluster members, add members to Cisco FMC, and create the cluster in Cisco FMC

  Correct Answer: D

• Question 5:

  The administrator notices that there is malware present with an .exe extension and needs to verify if any of the systems on the network are running the executable file. What must be configured within Cisco AMP for Endpoints to show this data?

  A. vulnerable software

  B. file analysis

  C. threat root cause

  D. prevalence

  Correct Answer: D

• Question 6:

  Which firewall design allows a firewall to forward traffic at layer 2 and layer 3 for the same subnet?

  A. Cisco Firepower Threat Defense mode

  B. transparent mode

  C. routed mode

  D. integrated routing and bridging

  Correct Answer: D

• Question 7:

  An analyst is reviewing the Cisco FMC reports for the week. They notice that some peer-to- peer applications are being used on the network and they must identify which poses the greatest risk to the environment.

  Which report gives the analyst this information?

  A. Attacks Risk Report

  B. User Risk Report

  C. Network Risk Report

  D. Advanced Malware Risk Report

  Correct Answer: C

• Question 8:

  DRAG DROP

  Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.

  Select and Place:

  

  Correct Answer:

  

  Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_management_center_high_availability.html#id_32288

• Question 9:

  Network users experience issues when accessing a server on a different network segment. An engineer investigates the issue by performing packet capture on Cisco Secure Firewall Threat Defense. The engineer expects more data and suspects that not all the traffic was collected during a 15-minute can't captured session.

  Which action must the engineer take to resolve the issue?

  A. Forward the captured data lo an FTP server

  B. Increase the amount of RAM allocated for the capture.

  C. Provide a file name to save the data.

  D. Ensure that the allocated memory is sufficient.

  Correct Answer: D

  When performing packet capture on a Cisco Secure Firewall Threat Defense (FTD) device, ensuring that the allocated memory is sufficient is crucial for capturing all necessary traffic during a specified capture session. If users experience

  issues accessing a server and the engineer suspects not all traffic was collected, it indicates that the current memory allocation might not be enough to store the entire capture data for the 15-minute session.

  Steps:

  Check the current memory allocation for packet captures on the FTD device. Increase the memory allocation if it is insufficient to handle the volume of traffic expected during the capture session.

  This ensures that all relevant traffic is captured and can be analyzed to diagnose and resolve the network issue.

  References: Cisco Secure Firewall Threat Defense Configuration Guide, Chapter on Packet Capture.

• Question 10:

  Which action must be taken to configure an isolated bridge group for IRB mode on a Cisco Secure Firewall device?

  A. Add the restricted segment to the ACL.

  B. Leave BVI interface name empty.

  C. Define the NAT pool for the blocked traffic.

  D. Remove the route from the routing table.

  Correct Answer: B

  To configure an isolated bridge group for Integrated Routing and Bridging (IRB) mode on a Cisco Secure Firewall device, the action to take is to leave the BVI (Bridge Virtual Interface) interface name empty. This ensures that the bridge group

  operates in an isolated manner, where Layer 3 routing is not applied to the bridged interfaces, effectively isolating the traffic within the bridge group.

  Steps:

  Access the firewall's configuration interface.

  Configure the bridge group interfaces.

  Ensure that the BVI interface name is left empty to isolate the bridge group. This configuration prevents Layer 3 routing for the isolated bridge group, ensuring that traffic remains contained within the bridge group. References: Cisco Secure

  Firewall Management Center Configuration Guide, Chapter on Bridge Groups and IRB Mode.