Which Cisco AMP for Endpoints policy is used only for monitoring endpoint activity?
A. Windows domain controller
B. audit
C. triage
D. protection
An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ. Which action should the engineer take to troubleshoot this issue using the real DNS packets?
A. Use the packet capture tool to check where the traffic is being blocked and adjust the access control or intrusion policy as needed
B. Use the Connection Events dashboard to check the block reason and adjust the inspection policy as needed
C. Use the packet tracer tool to determine at which hop the packet is being dropped
D. Use the show blocks command in the Threat Defense CLI tool and create a policy to allow the blocked traffic
An analyst using the security analyst account permissions is trying to view the Correlations Events Widget but is not able to access it. However, other dashboards are accessible. Why is this occurring?
A. The widget is configured to display only when active events are present
B. The security analyst role does not have permission to view this widget
C. An API restriction within the Cisco FMC is preventing the widget from displaying
D. The widget is not configured within the Cisco FMC
An analyst is investigating a potentially compromised endpoint within the network and pulls a host report for the endpoint in question to collect metrics and documentation. What information should be taken from this report for the investigation?
A. client applications by user, web applications, and user connections
B. number of attacked machines, sources of the attack, and traffic patterns
C. threat detections over time and application protocols transferring malware
D. intrusion events, host connections, and user sessions
An engineer must investigate a connectivity issue and decides to use the packet capture feature on Cisco FTD. The goal is to see the real packet going through the Cisco FTD device and see Snort detection actions as a part of the output. After the capture-traffic command is issued, only the packets are displayed. Which action resolves this issue?
A. Specify the trace using the -T option after the capture-traffic command
B. Perform the trace within the Cisco FMC GUI instead of the Cisco FMC CLI
C. Use the verbose option as a part of the capture-traffic command
D. Use the capture command and specify the trace option to get the required information
An administrator must use Cisco FMC to install a backup route within the Cisco FTD to route traffic in case of a routing failure with primary route. Which action accomplish this task?
A. Install the static backup route and modify the metric to be less than the primary route
B. Use a default route in the FMC instead of having multiple routes contending for priority
C. Configure EIGRP routing on the FMC to ensure that dynamic routes are always updated
D. Create the backup route and use route tracking on both routes to a destination IP address in the network
Which two considerations must be made when deleting and re-adding devices while managing them via Cisco FMC? (Choose two.)
A. An option to re-apply NAT and VPN policies during registration is available, so users do not need to re-apply the policies after registration is completed.
B. Before re-adding the device in Cisco FMC, the manager must be added back.
C. Once a device has been deleted, it must be reconfigured before it is re-added to the Cisco FMC.
D. The Cisco FMC web interface prompts users to re-apply access control policies.
E. There is no option to re-apply NAT and VPN policies during registration available, so users need to re-apply the policies after registration is completed.
A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic Which action accomplishes this task?
A. Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.
B. Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.
C. Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.
D. Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.
An engineer is using the configure manager add
A. DONOTRESOLVE must be added to the command
B. The IP address used should be that of the Cisco FTD, not the Cisco FMC
C. The registration key is missing from the command
D. The NAT ID is required since the Cisco FMC is behind a NAT device
An engineer is configuring Cisco FMC and wants to allow multiple physical interfaces to be part of the same VLAN. The managed devices must be able to perform Layer 2 switching between interfaces, including sub-interfaces. What must be configured to meet these requirements?
A. inter-chassis clustering VLAN
B. Cisco ISE Security Group Tag
C. interface-based VLAN switching
D. integrated routing and bridging
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-710 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.