An engineer is implementing a new Cisco Secure Firewall. The firewall must filler traffic between the three subnets:
1.
LAN 192.168.101.0724
2.
DMZ 192.168 200.0/24
3.
WAN 10.0.0.0/30
Which firewall mode must the engineer implement?
A. transparent
B. network
C. routed
D. gateway
A network administrator is setting up a new highly available Cisco Secure Firewall Threat Defense (FTD) pair. The administrator wants to monitor that the interfaces on the secondary Secure FTD are reachable not just up. What must the administrator configure?
A. This happens by default when high availability is enabled.
B. secondary IP address
C. EUI 64 address on a high-availability link
D. separate high-availability and failover links
An administrator must fix a network problem whereby traffic from the inside network to a webserver is not getting through an instance of Cisco Secure Firewall Threat Defense. Which command must the administrator use to capture packets to the webserver that are dropped by Secure Firewall Threat Defense and resolve the issue?
A. capture CAP int INSIDE match ip any host WEBSERVERIP
B. capture CAP int OUTSIDE match ip any host WEBSERVERIP
C. capture CAP int INSIDE match tcp any 80 host WEBSERVERIP 80
D. capture CAP type asp-drop all headers-only
Users report that Cisco Duo 2FA fails when they attempt to connect to the VPN on a Cisco Secure Firewall Threat Defense (FTD) device. IT staff have VPN profiles that do not require multifactor authentication and they can connect to the VPN without any issues. When viewing the VPN troubleshooting log in Cisco Secure Firewall Management Center (FMC), the network administrator sees an error that the Cisco Duo AAA server has been marked as failed. What is the root cause of the issue?
A. AD Trust certificates are missing from the Secure FTD device.
B. Multifactor authentication is not supported on Secure FMC managed devices.
C. The internal AD server is unreachable from the Secure FTD device.
D. Duo trust certificates are missing from the Secure FTD device.
An engineer is troubleshooting an intermittent connectivity issue on a Cisco Secure Firewall Threat Defense appliance and must collect 24 hours' worth of data. The engineer started a packet capture, however it stops prematurely during this time period. The engineer notices that the packet capture buffer size is set to the default of 32 MB. Which buffer size is the maximum that the engineer must set to enable the packet capture to run successfully?
A. 64 MB
B. 1 GB
C. 10 GB
D. 100 GB
A network engineer detects a connectivity issue between Cisco Secure Firewall Management Center and Cisco Secure Firewall Threat Defense. Initial troubleshooting indicates that heartbeats and events are not being received. The engineer re-establishes the secure channels between both peers. Which two commands must the engineer run to resolve the issue? (Choose two.)
A. manage_procs.pl
B. show disk-manager
C. show history
D. sudo perfstats -Cq < /var/sf/rna/correlator-stats/now
E. sudo stats_unified.pl
A network administrator is reviewing a packet capture. The packet capture from inside of Cisco Secure Firewall Threat Defense shows the inbound TCP traffic. However, the outbound TCP traffic is not seen in the packet capture from outside Secure Firewall Threat Defense. Which configuration change resolves the issue?
A. Packet capture must include UDP traffic.
B. Inside interface must be assigned a higher security level.
C. Route to the destination must be added.
D. Inside interface must be assigned a lower security level.
An administrator receives reports that users cannot access a cloud-hosted web server. The access control policy was recently updated with several new policy additions and URL filtering. What must be done to troubleshoot the issue and restore access without sacrificing the organization's security posture?
A. Download a PCAP of the traffic to verify the blocks and use the FlexConfig to override the existing policy.
B. Review the output in connection events to validate the block, and modify the policy to allow the traffic.
C. Create a new access control policy rule to allow ports 80 and 443 to the FQDN of the web server.
D. Verify the blocks using the packet capture tool and create a rule with the action monitor for the traffic.
A network administrator wants to configure a Cisco Secure Firewall Threat Defense instance managed by Cisco Secure Firewall Management Center to block traffic to known cryptomining networks. Which system settings must the administrator configure in Secure Firewall Management Center to meet the requirement?
A. Intrusion Policy, Security Intelligence
B. Access Policy, Security Intelligence
C. Malware Policy, Rules
D. Access Policy, Rules
A network administrator is deploying a new Cisco Secure Firewall Threat Defense (FTD) firewall. After Cisco Secure FTD is deployed, inside clients have intermittent connectivity to each other. When reviewing the packet capture on the Secure FTD firewall, the administrator sees that Secure FTD is responding to all the ARP requests on the inside network. Which action must the network administrator take to resolve the issue?
A. Review the access policy and verify that ARP is allowed from inside to inside.
B. Review NAT policy and disable incorrect proxy ARP configuration.
C. Convert the FTD to transparent mode to allow ARP requests.
D. Hardcode the MAC address of the FTD to IP mapping on client machines.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-710 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.