Cisco CCNP Security 300-710 Questions & Answers

• Question 361:

  Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)

  A. OSPFv2 with IPv6 capabilities

  B. virtual links

  C. SHA authentication to OSPF packets

  D. area boundary router type 1 LSA filtering

  E. MD5 authentication to OSPF packets

  Correct Answer: BE

  The Firepower Threat Defense device supports the following OSPF features:

  Intra-area, inter-area, and external (Type I and Type II) routes.

  Virtual links.

  LSA flooding.

  Authentication to OSPF packets (both password and MD5 authentication).

  Configuring the Firepower Threat Defense device as a designated router or a designated backup router. The Firepower Threat Defense device also can be set up as an ABR.

  Stub areas and not-so-stubby areas.

  Area boundary router Type 3 LSA filtering.

  Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/ospf_for_firepower_threat_defense.html

• Question 362:

  Which interface type allows packets to be dropped?

  A. passive

  B. inline

  C. ERSPAN

  D. TAP

  Correct Answer: B

  Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuring-firepower-threat-defense-int.html

• Question 363:

  Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)

  A. Redundant Interface

  B. EtherChannel

  C. Speed

  D. Media Type

  E. Duplex

  Correct Answer: CE

  https://www.cisco.com/c/en/us/td/docs/security/firepower/610/fdm/fptd-fdm-config-guide-610/fptd-fdm-interfaces.html

• Question 364:

  Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)

  A. EIGRP

  B. OSPF

  C. static routing

  D. IS-IS

  E. BGP

  Correct Answer: BE

  "static routing" is wrong, OSPF and BGP are the right choice, both can be configured with Smart CLI without FlexConfig Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-routing.html

• Question 365:

  With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?

  A. inline set

  B. passive

  C. routed

  D. inline tap

  Correct Answer: B

  In Cisco Firepower Threat Defense (FTD) software, the "passive" interface mode must be configured to passively receive traffic that passes through the appliance. When set to passive mode, the interface listens to the network traffic but does not actively participate in the network; it does not transmit any packets. This configuration is typically used for monitoring and logging purposes without impacting the flow of traffic.

• Question 366:

  Which two deployment types support high availability? (Choose two.)

  A. transparent

  B. routed

  C. clustered

  D. intra-chassis multi-instance

  E. virtual appliance in public cloud

  Correct Answer: AB

  Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_threat_defense_high_availability.html

• Question 367:

  Which protocol establishes network redundancy in a switched Firepower device deployment?

  A. STP

  B. HSRP

  C. GLBP

  D. VRRP

  Correct Answer: A

  Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_high_availability.html

• Question 368:

  What are the minimum requirements to deploy a managed device inline?

  A. inline interfaces, security zones, MTU, and mode

  B. passive interface, MTU, and mode

  C. inline interfaces, MTU, and mode

  D. passive interface, security zone, MTU, and mode

  Correct Answer: C

  "minimum requirements" The answer is C: Inline interface, MTU and Mode Security zone is optional

  Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/ips_device_deployments_and_configuration.html

• Question 369:

  What is the difference between inline and inline tap on Cisco Firepower?

  A. Inline tap mode can send a copy of the traffic to another device.

  B. Inline tap mode does full packet capture.

  C. Inline mode cannot do SSL decryption.

  D. Inline mode can drop malicious traffic.

  Correct Answer: D

  INLINE TAP

  Copies the data to the SNORT Engine to be checked but then dropped while the actual data flow continues uninterrupted. Therefore, INLINE TAP does not send traffic to another device.

  The Data is copied but not captured. You still would need to enable packet capture to capture packets (AKA Save PCAP).

  INLINE:

  Both inline and Inline Tap mode do not support SSL Decryption-resign... Although im a bit conflicted by this....

  Truth is that Inline Mode can DROP malicious traffic but remember that Inline TAP mode CANNOT. Agan this is because tap mode sends a copy of the data to be inspected but not the actual data.

• Question 370:

  What is a result of enabling Cisco FTD clustering?

  A. For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.

  B. Integrated Routing and Bridging is supported on the master unit.

  C. Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.

  D. All Firepower appliances can support Cisco FTD clustering.

  Correct Answer: C

  "Remote access VPN is not supported with clustering. VPN functionality is limited to the control unit and does not take advantage of the cluster high availability capabilities.

  If the control unit fails, all existing VPN connections are lost, and VPN users will see a disruption in service. When a new control unit is elected, you must re-establish the VPN connections.

  Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/clustering_for_the_firepower_threat_defense.html