Cisco CCNP Security 300-710 Questions & Answers

• Question 151:

  A security analyst must create a new report within Cisco FMC to show an overview of the daily attacks, vulnerabilities, and connections. The analyst wants to reuse specific dashboards from other reports to create this consolidated one. Which action accomplishes this task?

  A. Create a new dashboard object via Object Management to represent the desired views.

  B. Modify the Custom Workflows within the Cisco FMC to feed the desired data into the new report.

  C. Copy the Malware Report and modify the sections to pull components from other reports.

  D. Use the import feature in the newly created report to select which dashboards to add.

  Correct Answer: D

• Question 152:

  A network administrator is configuring a Cisco AMP public cloud instance and wants to capture infections and polymorphic variants of a threat to help detect families of malware. Which detection engine meets this requirement?

  A. RBAC

  B. Tetra

  C. Ethos

  D. Spero

  Correct Answer: C

• Question 153:

  Refer to the following informations:

  Phase: 16 Type: SNORT Subtype: Result: DROP Config: Additional Information: Snort Trace: Packet: ICMP Session: new snort session Firewall: Starting rule matching, zone 4 -> 1, geo 0 -> e, vlan 0, sgt 0, src sgt type 0, dest_sgt_tag 0, dest sgt type 0, username `No Authentication Required',, ICMP Type: 8, icmpCode 0 Firewall: block rule, `ping', drop Snort: processed decoder alerts or actions queue, drop Snort id: 0, NAP: id 2, IPS ID: 0, Verdict: BLACKLIST, Blocked by Firewall Snort Verdict: (black-list) blacklist this flow

  Result: Input-interface: ACCESS41_Inside1 Input-status: up Input-line-status: up Action: drop Drop-reason: (firewall) Blocked or blacklisted by the Firewall preprocessor, Drop-location, frame 0x000055d2b0fsb7c0 flow (NA)/NA

  A systems administrator conducts a connectivity test to their SCCM server from a host machine and gets no response from the server. Which action ensures that the ping packets reach the destination and that the host receives replies?

  A. Create an access control policy rule that allows ICMP traffic.

  B. Configure a custom Snort signature to allow ICMP traffic after Inspection.

  C. Modify the Snort rules to allow ICMP traffic.

  D. Create an ICMP allow list and add the ICMP destination to remove it from the implicit deny list.

  Correct Answer: A

• Question 154:

  Which feature is supported by IRB on Cisco FTD devices?

  A. redundant interface

  B. dynamic routing protocol

  C. EtherChannel interface

  D. high-availability cluster

  Correct Answer: A

• Question 155:

  Which protocol is needed to exchange threat details in rapid threat containment on Cisco FMC?

  A. SGT

  B. SNMP v3

  C. BFD

  D. pxGrid

  Correct Answer: D

• Question 156:

  An administrator Is setting up a Cisco PMC and must provide expert mode access for a security engineer. The engineer Is permitted to use only a secured out-of-band network workstation with a static IP address to access the Cisco FMC. What must be configured to enable this access?

  A. Enable SSH and define an access list.

  B. Enable HTTP and define an access list.

  C. Enable SCP under the Access List section.

  D. Enable HTTPS and SNMP under the Access List section.

  Correct Answer: A

• Question 157:

  An engainer must add DNS-specific rules to me Cisco FTD intrusion policy. The engineer wants to use the rules currently in the Cisco FTD Snort database that are not already enabled but does not want to enable more than are needed. Which action meets these requirements?

  A. Change the dynamic state of the rule within the policy.

  B. Change the base policy to Security over Connectivity.

  C. Change the rule state within the policy being used.

  D. Change the rules using the Generate and Use Recommendations feature.

  Correct Answer: C

• Question 158:

  Refer to the exhibit.

  

  What is the effect of the existing Cisco FMC configuration?

  A. The remote management port for communication between the Cisco FMC and the managed device changes to port 8443.

  B. The managed device is deleted from the Cisco FMC.

  C. The SSL-encrypted communication channel between the Cisco FMC and the managed device becomes plain-text communication channel.

  D. The management connection between the Cisco FMC and the Cisco FTD is disabled.

  Correct Answer: D

• Question 159:

  An engineer is troubleshooting a file that is being blocked by a Cisco FTD device on the network. The user is reporting that the file is not malicious.

  Which action does the engineer take to identify the file and validate whether or not it is malicious?

  A. Identify the file in the intrusion events and submit it to Threat Grid for analysis.

  B. Use FMC file analysis to look for the file and select Analyze to determine its disposition.

  C. Use the context explorer to find the file and download it to the local machine for investigation.

  D. Right click the connection event and send the file to AMP for Endpoints to see if the hash is malicious.

  Correct Answer: B

• Question 160:

  An engineer wants to add an additional Cisco FTD Version 6.2.3 device to their current 6.2.3 deployment to create a high availability pair. The currently deployed Cisco FTD device is using local management and identical hardware including the available port density to enable the failover and stateful links required in a proper high availability deployment. Which action ensures that the environment is ready to pair the new Cisco FTD with the old one?

  A. Change from Cisco FDM management to Cisco FMC management on both devices and register them to FMC.

  B. Ensure that the two devices are assigned IP addresses from the 169 254.0.0/16 range for failover interfaces.

  C. Factory reset the current Cisco FTD so that it can synchronize configurations with the new Cisco FTD device.

  D. Ensure that the configured DNS servers match on the two devices for name resolution.

  Correct Answer: A