Cisco CCNP Security 300-710 Questions & Answers

• Question 231:

  An organization must be able to ingest NetFlow traffic from their Cisco FTD device to Cisco Stealthwatch for behavioral analysis. What must be configured on the Cisco FTD to meet this requirement?

  A. flexconfig object for NetFlow

  B. interface object to export NetFlow

  C. security intelligence object for NetFlow

  D. variable set object for NetFlow

  Correct Answer: A

• Question 232:

  A network administrator notices that SI events are not being updated. The Cisco FTD device is unable to load all of the SI event entries and traffic is not being blocked as expected. What must be done to correct this issue?

  A. Restart the affected devices in order to reset the configurations.

  B. Redeploy configurations to affected devices so that additional memory is allocated to the SI module.

  C. Replace the affected devices with devices that provide more memory.

  D. Manually update the SI event entries to that the appropriate traffic is blocked.

  Correct Answer: B

• Question 233:

  Which license type is required on Cisco ISE to integrate with Cisco FMC pxGrid?

  A. apex

  B. plus

  C. base

  D. mobility

  Correct Answer: B

  Reference: https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_0111.html#concept_DE1C38E055794B198ED352D1528B5182

• Question 234:

  What is a feature of Cisco AMP private cloud?

  A. It disables direct connections to the public cloud.

  B. It supports security intelligence filtering.

  C. It support anonymized retrieval of threat intelligence.

  D. It performs dynamic analysis.

  Correct Answer: A

  Reference: https://www.cisco.com/c/en/us/products/collateral/security/fireamp-private-cloud-virtual-appliance/datasheet-c78-742267.html

• Question 235:

  Which feature within the Cisco FMC web interface allows for detecting, analyzing, and blocking malware in network traffic?

  A. intrusion and file events

  B. Cisco AMP for Networks

  C. file policies

  D. Cisco AMP for Endpoints

  Correct Answer: B

• Question 236:

  A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisco FMC generated an alert for the malware event, however the user still remained connected. Which Cisco AMP file rule action within the Cisco FMC must be set to resolve this issue?

  A. Malware Cloud Lookup

  B. Reset Connection

  C. Detect Files

  D. Local Malware Analysis

  Correct Answer: B

  Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/AMP-Config.pdf

• Question 237:

  An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware. Which two configuration tasks must be performed to achieve this file lookup? (Choose two.)

  A. The Cisco FMC needs to include a SSL decryption policy.

  B. The Cisco FMC needs to connect to the Cisco AMP for Endpoints service.

  C. The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing.

  D. The Cisco FMC needs to connect with the FireAMP Cloud.

  E. The Cisco FMC needs to include a file inspection policy for malware lookup.

  Correct Answer: BE

  Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reference_a_wrapper_Chapter_topic_here.html#ID-2193-00000296

• Question 238:

  A network engineer wants to add a third-party threat feed into the Cisco FMC for enhanced threat detection. Which action should be taken to accomplish this goal?

  A. Enable Rapid Threat Containment using REST APIs.

  B. Enable Rapid Threat Containment using STIX and TAXII.

  C. Enable Threat Intelligence Director using REST APIs.

  D. Enable Threat Intelligence Director using STIX and TAXII.

  Correct Answer: D

  Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/cisco_threat_intelligence_director__tid_.html

• Question 239:

  Refer to the exhibit.

  

  An administrator is looking at some of the reporting capabilities for Cisco Firepower and noticed this section of the Network Risk Report showing a lot of SSL activity that could be used for evasion. Which action will mitigate this risk?

  A. Use SSL decryption to analyze the packets.

  B. Use Cisco Tetration to track SSL connections to servers.

  C. Use encrypted traffic analytics to detect attacks.

  D. Use Cisco AMP for Endpoints to block all SSL connection.

  Correct Answer: A

  Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-ssl-decryption.html

• Question 240:

  An administrator is setting up Cisco FirePower to send data to the Cisco Stealthwatch appliances. The NetFlow_Set_Parameters objet is already created, but NetFlow is not being sent to the flow collector. What must be done to prevent this from occurring?

  A. Create a service identifier to enable the NetFlow service.

  B. Add the NetFlow_Send_Destination object to the configuration.

  C. Create a Security Intelligence object to send the data to Cisco Stealthwatch.

  D. Add the NetFlow_Add_Destination object to the configuration.

  Correct Answer: D

  Cisco Firepower uses FlexConfig objects to send NetFlow data. Here's the key point:

  NetFlow_Set_Parameters object: Defines the parameters of the NetFlow data being exported (e.g., version, sampling rate).

  NetFlow_Add_Destination object: Specifies the IP address and port of the flow collector (in this case, your Cisco Stealthwatch appliance) where the NetFlow data should be sent.