1. Home
  2. Cisco
  3. 300-710

Securing Networks with Cisco Firepower (SNCF)

Exam Details

  • Exam Code
    :300-710
  • Exam Name
    :Securing Networks with Cisco Firepower (SNCF)
  • Certification
    :CCNP Security
  • Vendor
    :Cisco
  • Total Questions
    :398 Q&As
  • Last Updated
    :Mar 30, 2025

Cisco CCNP Security 300-710 Questions & Answers

  • Question 101:

    A security engineer must configure a Cisco FTD appliance to inspect traffic coming from the internet. The internet traffic will be mirrored from the Cisco Catalyst 9300 Switch. Which configuration accomplishes the task?

    A. Set the firewall mode to routed.

    B. Set interface configuration mode to passive.

    C. Set the firewall mode to transparent.

    D. Set interface configuration mode to none.

  • Question 102:

    Refer to the exhibit. An engineer is analyzing a Network Risk Report from Cisco FMC. Which application must the engineer take immediate action against to prevent unauthorized network use?

    A. YouTube

    B. TOR

    C. Chrome

    D. Kerberos

  • Question 103:

    Which two dynamic routing protocols are supported in Cisco FTD without using FlexConfig? (Choose two.)

    A. EIGRP

    B. OSPF

    C. static routing

    D. IS-IS

    E. BGP

  • Question 104:

    Which process should be checked when troubleshooting registration issues between Cisco FMC and managed devices to verify that secure communication is occurring?

    A. fpcollect

    B. dhclient

    C. sfmgr

    D. sftunnel

  • Question 105:

    A security engineer must deploy a Cisco FTD appliance as a bump in the wire to detect intrusion events without disrupting the flow of network traffic. Which two features must be configured to accomplish the task? (Choose two.)

    A. transparent mode

    B. tap mode

    C. bridged mode

    D. inline set pair

    E. passive interfaces

  • Question 106:

    A network administrator has converted a Cisco FTD from using LDAP to LDAPS for VPN authentication. The Cisco FMC can connect to the LDAPS server, but the Cisco FTD is not connecting. Which configuration must be enabled on the Cisco FTD?

    A. The LDAPS must be allowed through the access control policy.

    B. The RADIUS server must be defined.

    C. SSL must be set to a use TLSv1.2 or lower.

    D. DNS servers must be defined for name resolution.

  • Question 107:

    An engineer attempts to pull the configuration for a Cisco FTD sensor to review with Cisco TAC but does not have direct access to the CLI for the device. The CLI for the device is managed by Cisco FMC to which the engineer has access. Which action in Cisco FMC grants access to the CLI for the device?

    A. Create a backup of the configuration within the Cisco FMC.

    B. Download the configuration file within the File Download section of Cisco FMC.

    C. Export the configuration using the Import/Export tool within Cisco FMC.

    D. Use the show run all command in the Cisco FTD CLI feature within Cisco FMC.

  • Question 108:

    An engineer must add DNS-specific rules to the Cisco FTD intrusion policy. The engineer wants to use the rules currently in the Cisco FTD Snort database that are not already enabled but does not want to enable more than are needed. Which action meets these requirements?

    A. Change the rules using the Generate and Use Recommendations feature.

    B. Change the rule state within the policy being used.

    C. Change the dynamic state of the rule within the policy.

    D. Change the base policy to Security over Connectivity.

  • Question 109:

    Refer to the exhibit.

    A systems administrator conducts a connectivity test to their SCCM server from a host machine and gets no response from the server. Which action ensures that the ping packets reach the destination and that the host receives replies?

    A. Configure a custom Snort signature to allow ICMP traffic after inspection.

    B. Modify the Snort rules to allow ICMP traffic.

    C. Create an access control policy rule that allows ICMP traffic.

    D. Create an ICMP allow list and add the ICMP destination to remove it from the implicit deny list.

  • Question 110:

    An administrator is setting up a Cisco FMC and must provide expert mode access for a security engineer. The engineer is permitted to use only a secured out-of-band network workstation with a static IP address to access the Cisco FMC. What must be configured to enable this access?

    A. Enable SSH and define an access list.

    B. Enable HTTPS and SNMP under the Access List section.

    C. Enable SCP under the Access List section.

    D. Enable HTTP and define an access list.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-710 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.