Cisco CCNP Security 300-710 Questions & Answers

• Question 61:

  A security engineer must create a malware and file policy on a Cisco Secure Firewall Threat Defense device. The solution must ensure that PDF, DOCX, and XLSX files are not sent to Cisco Secure Malware Analytics. What must be configured to meet the requirements?

  A. Spero analysis

  B. local malware analysis

  C. capacity handling

  D. dynamic analysis

  Correct Answer: B

  To create a malware and file policy on a Cisco Secure Firewall Threat Defense (FTD) device that ensures PDF, DOCX, and XLSX files are not sent to Cisco Secure Malware Analytics, the security engineer must configure local malware

  analysis. Local malware analysis allows the FTD to inspect and analyze files locally without sending them to the cloud-based Cisco Secure Malware Analytics.

  Steps to configure local malware analysis:

  In FMC, navigate to Policies > Access Control > Malware and File Policies. Create a new malware and file policy or edit an existing one. Define rules to inspect specific file types, ensuring that PDF, DOCX, and XLSX files are handled locally.

  Set the action for these file types to "Local Analysis." Apply the policy to the relevant access control policy. This configuration ensures that the specified file types are analyzed locally, meeting the requirement to avoid sending them to Cisco

  Secure Malware Analytics. References: Cisco Secure Firewall Management Center Configuration Guide, Chapter on Malware and File Policies

• Question 62:

  A security engineer is deploying Cisco Secure Endpoint to detect a zero day malware attack with an SHA-256 hash of 47ea931f3e9dc23ec0b0885a80663e30ea013d493f8e88224b570a0464084628. What must be configured in Cisco Secure Endpoint to enable the application to take action based on this hash?

  A. access control rule

  B. correlation policy

  C. transform set

  D. custom detection list

  Correct Answer: D

• Question 63:

  A company is deploying AMP private cloud. The AMP private cloud instance has already been deployed by the server administrator. The server administrator provided the hostname of the private cloud instance to the network engineer via email. What additional information does the network engineer require from the server administrator to be able to make the connection to the AMP private cloud in Cisco FMC?

  A. SSL certificate for the AMP private cloud instance

  B. Username and password to the AMP private cloud instance

  C. IP address and port number for the connection proxy

  D. Internet access for the AMP private cloud to reach the AMP public cloud

  Correct Answer: A

• Question 64:

  A network engineer is planning on replacing an Active/Standby pair of physical Cisco Secure Firewall ASAs with a pair of Cisco Secure Firewall Threat Defense Virtual appliances. Which two virtual environments support the current High Availability configuration? (Choose two.)

  A. ESXi

  B. Azure

  C. Openstack

  D. KVM

  E. AWS

  Correct Answer: AD

• Question 65:

  Network users are experiencing Intermittent issues with internet access. An engineer ident med mat the issue Is being caused by NAT exhaustion. How must the engineer change the dynamic NAT configuration to provide internet access for more users without running out of resources?

  A. Define an additional static NAT for the network object in use.

  B. Configure fallthrough to interface PAT on 'he Advanced tab.

  C. Convert the dynamic auto NAT rule to dynamic manual NAT.

  D. Add an identity NAT rule to handle the overflow of users.

  Correct Answer: B

  Fallthrough to interface PAT is a feature that allows the dynamic NAT configuration to use the interface IP address as a last resort when the NAT pool is exhausted. This way, more users can access the internet without running out of resources. To enable this feature, the engineer must check the Enable PAT Fallback check box on the Advanced tab of the NAT rule editor1

• Question 66:

  Refer to the exhibit.

  

  A security engineer must improve security in an organization and is producing a risk mitigation strategy to present to management for approval. Which action must the security engineer take based on this Attacks Risk Report?

  A. Block NetBIOS.

  B. Inspect TCP port 80 traffic.

  C. Block Internet Explorer.

  D. Inspect DNS traffic.

  Correct Answer: D

• Question 67:

  A network administrator reviews the attack risk report and notices several low-impact attacks. What does this type of attack indicate?

  A. All attacks are listed as low until manually recategorized.

  B. The host is not vulnerable to those attacks.

  C. The host is not within the administrator's environment.

  D. The attacks are not dangerous to the network.

  Correct Answer: D

• Question 68:

  An engineer has been tasked with performing an audit of network objects to determine which objects are duplicated across the various firewall models (Cisco Secure Firewall Threat Defense, Cisco Secure Firewall ASA, and Meraki MX Series) deployed throughout the company. Which tool will assist the engineer in performing that audit?

  A. Cisco Firepower Device Manager

  B. Cisco Defense Orchestrator

  C. Cisco Secure Firewall Management Center

  D. Cisco SecureX

  Correct Answer: B

  Cisco Defense Orchestrator (CDO) is the tool that assists engineers in performing an audit of network projects to determine which objects are duplicated across various firewall models, including Cisco Secure Firewall Threat Defense, Cisco

  Secure Firewall ASA, and Meraki MX Series. CDO provides a unified management interface for managing multiple security devices and can identify duplicate objects across these devices.

  Steps:

  Access Cisco Defense Orchestrator.

  Connect and synchronize all relevant firewall devices (FTD, ASA, Meraki MX). Use the audit and reporting features in CDO to identify and manage duplicate objects.

  This helps ensure consistency and efficient management across the organization's firewall deployments.

  References: Cisco Defense Orchestrator Documentation, Chapter on Device Management and Object Auditing.

• Question 69:

  The security engineer reviews the syslog server events of an organization and sees many outbound connections to malicious sites initiated from hosts running Cisco Secure Endpoint. The hosts are on a separate network from the Cisco FTD device. Which action blocks the connections?

  A. Modify the policy on Cisco Secure Endpoint to enable DFC.

  B. Modify the access control policy on the Cisco FMC to block malicious outbound connections

  C. Add the IP addresses of the malicious sites to the access control policy on the Cisco FMC

  D. Add a Cisco Secure Endpoint policy with the Tetra and Spero engines enabled

  Correct Answer: A

• Question 70:

  A network administrator must create an EtherChannel Interface on a new Cisco Firepower 9300 appliance registered with an FMC tor high availability. Where must the administrator create the EtherChannel interface?

  A. FMC CLI

  B. FTD CLI

  C. FXOS CLI

  D. FMC GUI

  Correct Answer: C

  An EtherChannel interface is a logical interface that consists of a bundle of individual Ethernet links that act as a single network link. An EtherChannel interface can increase the bandwidth and reliability of a network connection5. On a Cisco

  Firepower 9300 appliance registered with an FMC for high availability, the network administrator must create the EtherChannel interface on the FXOS CLI. The FXOS is the operating system that runs on the Firepower 9300 chassis and

  provides hardware management functions such as interface configuration, power supply status, fan speed control, and so on6.

  To create an EtherChannel interface on the FXOS CLI, the network administrator can follow these steps5:

  Connect to the FXOS CLI using SSH or console.

  Enter scope eth-uplink command to enter Ethernet uplink mode. Enter create port-channel command to create an EtherChannel interface. Enter a port-channel ID (1-48) and a mode (on or active) for the EtherChannel interface.

  Enter add interface command to add physical interfaces to the EtherChannel interface.

  Enter one or more interface IDs (for example, 1/1) for the physical interfaces.

  Enter commit-buffer command to save the changes.

  The other options are incorrect because:

  The FMC CLI does not provide any commands to create an EtherChannel interface on a Firepower 9300 appliance. The FMC CLI is mainly used for managing FMC settings such as backup, restore, upgrade, troubleshoot, and so on7. The

  FTD CLI does not provide any commands to create an EtherChannel interface on a Firepower 9300 appliance. The FTD CLI is mainly used for managing FTD settings such as routing, NAT, VPN, access control, and so on8. The FMC GUI

  does not provide any options to create an EtherChannel interface on a Firepower 9300 appliance. The FMC GUI is mainly used for managing FTD policies such as access control, intrusion, file, malware, and so on9.