Cisco CCNP Security 300-710 Questions & Answers

• Question 41:

  A network engineer is planning on deploying a Cisco Secure Firewall Threat Defense Virtual appliance in transparent mode. Which two virtual environments support this configuration? (Choose two.)

  A. OSI

  B. AWS

  C. GCP

  D. KVM

  E. ESXi

  Correct Answer: DE

• Question 42:

  Which rule action is only available in Snort 3?

  A. Pass

  B. Generate

  C. Alert

  D. Rewrite

  Correct Answer: C

• Question 43:

  A company is deploying a Cisco Secure IPS device configured in inline mode with a single Interface set that contains four interface pairs. Which two configurations must be implemented to allow the IPS device to uniquely identify packet flows and prevent the reporting of duplicate traffic and false positives? (Choose two.)

  A. Set the source SPAN ports to tx only on the switches connected to the IPS interfaces

  B. Modify the security zones used by the Cisco Secure IPS device

  C. Change the MTU for the inline set to at least 1518

  D. Reconfigure access rules to drop all but the first occurrence of the packet

  E. Reassign the interface pairs to separate inline sets

  Correct Answer: BE

• Question 44:

  Cisco SecureX is classified as which type of threat detection and response solution?

  A. MDR

  B. EDR

  C. XDR

  D. NDR

  Correct Answer: C

• Question 45:

  An administrator configures new threat intelligence sources and must validate that the feeds are being downloaded and that the intelligence is being used within the Cisco Secure Firewall system. Which action accomplishes the task?

  A. Look at the connection security intelligence events

  B. Use the source status indicator to validate the usage

  C. View the threat intelligence observables to see the downloaded data

  D. Look at the access control policy to validate that the intelligence is being used

  Correct Answer: B

• Question 46:

  Cisco Security Analytics and Logging SaaS licenses come with how many days of data retention by default?

  A. 60

  B. 90

  C. 120

  D. 365

  Correct Answer: B

  Cisco Security Analytics and Logging (SaaS) licenses come with a default data retention period of 90 days. This retention period allows organizations to store and analyze their security event data for up to 90 days, providing sufficient time for

  security monitoring and forensic investigations.

  References: Cisco Security Analytics and Logging Documentation, Chapter on License Information and Data Retention.

• Question 47:

  An external vendor is reporting that they are unable to access an ordering website hosted behind a Cisco Secure Firewall Threat Defense device. The administrator of the device wants to verify that the access policy and NAT policy are configured correctly to allow traffic from the public IP of the external vendor to TCP port 443 on the web server. Which two Cisco Secure Firewall Management Center tools must the administrator use to verify which rules the traffic from the external vendor is matching? (Choose two.)

  A. Packet Capture

  B. Generate Troubleshooting File

  C. Threat Defense CLI

  D. File Download

  E. Packet Tracer

  Correct Answer: AE

• Question 48:

  An organization created a custom application that is being flagged by Cisco Secure Endpoint. The application must be exempt from being flagged. What is the process to meet the requirement?

  A. Configure the custom application to use the information-store paths.

  B. Add the custom application to the DFC list and update the policy.

  C. Precalculate the hash value of the custom application and add it to the allowed applications.

  D. Modify the custom detection list to exclude the custom application.

  Correct Answer: C

  To exempt a custom application from being flagged by Cisco Secure Endpoint, the organization must precalculate the hash value of the custom application and add it to the allowed applications list. This process involves creating a hash of the

  executable file, which uniquely identifies it, and then configuring Cisco Secure Endpoint to recognize this hash as trusted.

  Steps:

  Calculate the hash value (e.g., SHA-256) of the custom application executable. In the Cisco Secure Endpoint management console, navigate to the policy configuration.

  Add the calculated hash value to the list of allowed applications or exclusions.

  Save and deploy the updated policy.

  By adding the hash value to the allowed applications, Cisco Secure Endpoint will recognize the custom application as trusted and will no longer flag it. References: Cisco Secure Endpoint User Guide, Chapter on Policy Configuration and

  Application Whitelisting.

• Question 49:

  Which two statements are valid regarding the licensing model used on Cisco Secure Firewall Threat Defense Virtual appliances? (Choose two.)

  A. All licenses support a maximum of 250 VPN peers

  B. All licenses support up to 16 vCPUs

  C. All licenses require 500G of available storage for the VM

  D. Licenses can be used on both physical and virtual appliances

  E. Licenses can be used on any supported cloud platform

  Correct Answer: BE

• Question 50:

  A company is deploying Cisco Secure Firewall Threat Defense with IPS. What must be implemented in inline mode to pass the traffic without inspection during spikes and ensure that network traffic is kept?

  A. Change the interface mode to Routed

  B. Select Propagate Link State

  C. Increase the MTU to 9000

  D. Set the Snort Failsafe option

  Correct Answer: D