When packet capture is used on a Cisco Secure Firewall Threat Defense device and the packet flow is waiting on the malware query, which Snort verdict appears?
A. block
B. retry
C. replace
D. blockflow
Correct Answer: B
When packet capture is used on a Cisco Secure Firewall Threat Defense (FTD) device and the packet flow is waiting on the malware query, the Snort verdict appears as "retry." This indicates that the device is still processing the malware
analysis and has not yet determined the final action for the packet.
The "retry" verdict signifies that the packet is in a holding state while awaiting the result of the malware inspection, which helps in maintaining the security posture until a definitive decision is made.
References: Cisco Secure Firewall Management Center Administrator Guide, Chapter on Packet Capture and Malware Inspection.
Question 32:
An engineer must create an access control policy on a Cisco Secure Firewall Threat Defense device. The company has a contact center that utilizes VoIP heavily, and it is critical that this traffic is not impacted by performance issues after deploying the access control policy. Which access control action rule must be configured to handle the VoIP traffic?
A. block
B. trust
C. monitor
D. allow
Correct Answer: B
To ensure that VoIP traffic in a contact center is not impacted by performance issues after deploying an access control policy on a Cisco Secure Firewall Threat Defense (FTD) device, the engineer should configure the access control rule with
the "trust" action. The "trust" action allows traffic to bypass inspection and policy enforcement, ensuring that critical VoIP traffic is not delayed or degraded.
Steps:
In FMC, navigate to Policies > Access Control > Access Control Policy.
Create a new rule or edit an existing rule.
Set the source and destination for the VoIP traffic. Set the action to "trust" to ensure the VoIP traffic is not inspected. By configuring the rule with the "trust" action, the VoIP traffic will be prioritized, maintaining the quality and performance
required for the contact center operations. References: Cisco Secure Firewall Management Center Configuration Guide, Chapter on Access Control Policies and Traffic Management.
Question 33:
A security engineer manages a firewall console and an endpoint console and finds it challenging and time consuming to review events and modify blocking of specific files in both consoles. Which action must the engineer take to streamline this process?
A. Within the Cisco Secure Endpoint console, copy the connector GUID and paste into the Cisco Secure Firewall Management Center (FMC) AMP tab.
B. From the Cisco Secure Endpoint console, create and copy an API key and paste into the Cisco Secure AMP tab.
C. From the Secure FMC, create a Cisco Secure Endpoint object and reference the object in the Cisco Secure Endpoint console.
D. Initiate the integration between Secure FMC and Cisco Secure Endpoint from the Secure FMC using the AMP tab.
Correct Answer: D
To streamline the process of reviewing events and modifying blocking of specific files across both the firewall console and the endpoint console, the security engineer should initiate the integration between Secure FMC and Cisco Secure
Endpoint (formerly AMP for Endpoints) from the Secure FMC using the AMP tab.
Steps:
In the FMC, navigate to Devices > Device Management.
Select the device and go to the AMP tab.
Initiate the integration by configuring the necessary API credentials and linking the FMC to the Cisco Secure Endpoint console. This integration allows the security engineer to view endpoint events and apply blocking actions directly from the
FMC, consolidating the management tasks. This approach simplifies the workflow by providing a single interface to manage both network and endpoint security, reducing the time and effort required to maintain security across the
organization.
References: Cisco Secure Firewall Management Center and Cisco Secure Endpoint Integration Guide.
Question 34:
An engineer must export a packet capture from Cisco Secure Firewall Management Center to assist in troubleshooting an issue on a Secure Firewall Threat Defense device. When the engineer navigates to the URL for Secure Firewall Management Center at:
https:///capture/CAPI/pcap/sample.pcap
The engineer receives a 403: Forbidden error instead of being provided with the PCAP file. Which action resolves the issue?
A. Disable the proxy setting on the client browser.
B. Disable the HTTPS server and use HTTP.
C. Enable HTTPS in the device platform policy.
D. Enable the proxy setting in the device platform policy.
Correct Answer: C
If an engineer receives a 403: Forbidden error when attempting to download a packet capture file from Cisco Secure Firewall Management Center (FMC), the issue is likely due to HTTPS not being enabled in the device platform policy. To
resolve this issue, the engineer must enable HTTPS in the platform policy.
Steps:
In FMC, navigate to Policies > Device Management > Platform Settings.
Edit the relevant platform policy.
Enable HTTPS for the device.
Deploy the changes to the FTD device.
This ensures that the FMC and FTD device can securely transfer the packet capture file over HTTPS, resolving the 403 error.
References: Cisco Secure Firewall Management Center Administrator Guide, Chapter on Platform Settings and HTTPS Configuration.
Question 35:
A network engineer must configure IPS mode on a Secure Firewall Threat Defense device to inspect traffic and act as an IDS. The engineer already configured the passive-interface on the Secure Firewall Threat Defense device and SPAN on the switch. What must be configured next by the engineer?
A. intrusion policy on the Secure Firewall Threat Defense device
B. active SPAN port on the switch
C. DHCP on the switch
D. active interface on the Secure Firewall Threat Defense device
Correct Answer: A
To configure IPS mode on a Cisco Secure Firewall Threat Defense (FTD) device to inspect traffic and act as an IDS, the network engineer must configure an intrusion policy on the FTD device. The passive-interface and SPAN on the switch
have already been configured, which means the traffic is being mirrored to the FTD. The next step is to set up an intrusion policy that defines the rules and actions for detecting and responding to malicious traffic.
Steps:
In FMC, navigate to Policies > Intrusion.
Create a new intrusion policy or edit an existing one. Define the rules and actions for detecting threats. Apply the intrusion policy to the relevant interfaces or access control policies. This configuration enables the FTD to inspect the mirrored
traffic and take appropriate actions based on the defined intrusion policy.
References: Cisco Secure Firewall Management Center Administrator Guide, Chapter on Intrusion Policies.
Question 36:
A software development company hosts the website https://dev.company.com for contractors to share code for projects they are working on with internal developers. The web server is on premises and is protected by a Cisco Secure Firewall Threat Defense appliance. The network administrator is worried about someone trying to transmit infected files to internal users via this site. Which type of policy must be able associated with an access control policy to enable Cisco Secure Firewall Malware Defense to detect and block malware?
A. SSL policy
B. file policy
C. network discovery policy
D. prefilter policy
Correct Answer: A
Question 37:
A network engineer must configure an existing firewall to have a NAT configuration. The new configuration must support more than two interfaces per context. The firewall has previously been operating in transparent mode. The Cisco Secure Firewall Threat Defense (FTD) device has been deregistered from Cisco Secure Firewall Management Center (FMC). Which set of configuration actions must the network engineer take next to meet the requirements?
A. Run the configure firewall routed command from the Secure FTD device CLI, and reregister with Secure FMC.
B. Run the configure manager add routed command from the Secure FMC CLI. and reregister with Secure FMC.
C. Run the configure manager add routed command from the Secure FTD device CLI, and reregister with Secure FMC.
D. Run the configure firewall routed command from the Secure FMC CLI. and reregister with Secure FMC.
Correct Answer: A
To support more than two interfaces per context and enable NAT configurations, the firewall must operate in routed mode. Since the firewall was previously in transparent mode, the network engineer needs to change it to routed mode.
Steps:
Access the CLI of the Secure FTD device.
Run the command configure firewall routed to switch the firewall from transparent mode to routed mode.
Reregister the FTD device with the FMC by running the configure manager add command from the FTD device CLI. This will ensure that the firewall can support the required NAT configurations and more than
two interfaces per context.
References: Cisco Secure Firewall Management Center Device Configuration Guide, Chapter on Routed Mode Configuration.
Question 38:
An engineer is configuring a Cisco Secure Firewall Threat Defense device and wants to create a new intrusion rule based on the detection of a specific pattern in the data payload for a new zero-day exploit. Which keyword type must be used to add a line that identifies the author of the rule and the date it was created?
A. gtp_info
B. metadata
C. reference
D. content
Correct Answer: B
When creating a new intrusion rule in a Cisco Secure Firewall Threat Defense (FTD) device, the keyword type "metadata" must be used to add a line that identifies the author of the rule and the date it was created. The metadata keyword is
used to store additional information about the rule, such as authorship and creation date.
Steps:
In FMC, navigate to Policies > Intrusion > Rules.
Create a new rule or edit an existing one.
Use the "metadata" keyword to add information about the author and date.
Example:
metadata: created_at 2023-06-15, author "John Doe"; By using the metadata keyword, you ensure that the rule contains relevant information for tracking its creation and authorship, which is essential for maintaining rule documentation and
accountability.
References: Cisco Secure Firewall Management Center Intrusion Policy Guide, Chapter on Custom Rule Creation and Metadata Usage.
Question 39:
What is the role of realms in the Cisco ISE and Cisco FMC integration?
A. Cisco Secure Firewall VDC
B. Cisco ISE context
C. TACACS+ database
D. AD definition
Correct Answer: D
In the integration between Cisco Identity Services Engine (ISE) and Cisco Firewall Management Center (FMC), realms are used to define the Active Directory (AD) configuration. Realms in FMC specify the AD servers, domain, and other
authentication settings necessary to authenticate and authorize users.
Steps to configure realms:
In FMC, navigate to System > Integration > Realms and Directory.
Add a new realm and configure the AD settings.
Ensure the realm settings match the AD environment for seamless integration. Realms are essential for integrating AD with FMC, allowing the firewall to use AD for user authentication and policy enforcement.
References: Cisco Secure Firewall Management Center Administrator Guide, Chapter on Realms and Directory Integration.
Question 40:
An engineer is configuring a new dashboard within Cisco Secure Firewall Management Center and is having trouble implementing a custom widget. When a custom analysis widget is configured, which option is mandatory for the system to display the information?
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-710 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.