New 2020 CCNP 300-710 SNCF exam questions from PassLeader 300-710 dumps! Welcome to download the newest PassLeader 300-710 VCE and PDF dumps: https://www.passleader.com/300-710.html (154 Q&As –> 173 Q&As –> 196 Q&As –> 213 Q&As –> 297 Q&As –> 331 Q&As –> 363 Q&As)
P.S. Free 2020 CCNP 300-710 SNCF dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1eMezTmky2ZKqZ-wmmzkMBsEl7ZmezGar
NEW QUESTION 136
A network administrator is concerned about (he high number of malware files affecting users’ machines. What must be done within the access control policy in Cisco FMC to address this concern?
A. Create an intrusion policy and set the access control policy to block.
B. Create an intrusion policy and set the access control policy to allow.
C. Create a file policy and set the access control policy to allow.
D. Create a file policy and set the access control policy to block.
Answer: D
NEW QUESTION 137
An engineer is investigating connectivity problems on Cisco Firepower that is using service group tags. Specific devices are not being tagged correctly, which is preventing clients from using the proper policies when going through the firewall How is this issue resolved?
A. Use traceroute with advanced options.
B. Use Wireshark with an IP subnet filter.
C. Use a packet capture with match criteria.
D. Use a packet sniffer with correct filtering.
Answer: A
NEW QUESTION 138
A connectivity issue is occurring between a client and a server which are communicating through a Cisco Firepower device While troubleshooting, a network administrator sees that traffic is reaching the server, but the client is not getting a response. Which step must be taken to resolve this issue without initiating traffic from the client?
A. Use packet-tracer to ensure that traffic is not being blocked by an access list.
B. Use packet capture to ensure that traffic is not being blocked by an access list.
C. Use packet capture to validate that the packet passes through the firewall and is NATed to the corrected IP address.
D. Use packet-tracer to validate that the packet passes through the firewall and is NATed to the corrected IP address.
Answer: D
NEW QUESTION 139
An organization must be able to ingest NetFlow traffic from their Cisco FTD device to Cisco Stealthwatch for behavioral analysis. What must be configured on the Cisco FTD to meet this requirement?
A. flexconfig object for NetFlow
B. interface object to export NetFlow
C. security intelligence object for NetFlow
D. variable set object for NetFlow
Answer: A
NEW QUESTION 140
An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs Each DMZ has a unique private IP subnet range. How is this requirement satisfied?
A. Deploy the firewall in transparent mode with access control policies.
B. Deploy the firewall in routed mode with access control policies.
C. Deploy the firewall in routed mode with NAT configured.
D. Deploy the firewall in transparent mode with NAT configured.
Answer: B
NEW QUESTION 141
An engineer must build redundancy into the network and traffic must continuously flow if a redundant switch in front of the firewall goes down. What must be configured to accomplish this task?
A. redundant interfaces on the firewall cluster mode and switches
B. redundant interfaces on the firewall noncluster mode and switches
C. vPC on the switches to the interface mode on the firewall duster
D. vPC on the switches to the span EtherChannel on the firewall cluster
Answer: D
NEW QUESTION 142
What is the advantage of having Cisco Firepower devices send events to Cisco Threat Response via the security services exchange portal directly as opposed to using syslog?
A. All types of Cisco Firepower devices are supported.
B. An on-premises proxy server does not need to be set up and maintained.
C. Cisco Firepower devices do not need to be connected to the Internet.
D. Supports all devices that are running supported versions of Cisco Firepower.
Answer: B
NEW QUESTION 143
A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it. What is the reason for this issue?
A. A manual NAT exemption rule does not exist at the top of the NAT table.
B. An external NAT IP address is not configured.
C. An external NAT IP address is configured to match the wrong interface.
D. An object NAT exemption rule does not exist at the top of the NAT table.
Answer: D
NEW QUESTION 144
An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment?
A. in active/active mode
B. in a cluster span EtherChannel
C. in active/passive mode
D. in cluster interface mode
Answer: C
NEW QUESTION 145
When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance. Which deployment mode meets the needs of the organization?
A. inline tap monitor-only mode
B. passive monitor-only mode
C. passive tap monitor-only mode
D. inline mode
Answer: B
NEW QUESTION 146
A network administrator notices that inspection has been interrupted on all non-managed interfaces of a device. What is the cause of this?
A. The value of the highest MTU assigned to any non-management interface was changed.
B. The value of the highest MSS assigned to any non-management interface was changed.
C. A passive interface was associated with a security zone.
D. Multiple inline interface pairs were added to the same inline interface.
Answer: A
NEW QUESTION 147
An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects. What is the reason for this failure?
A. The interfaces are being used for NAT for multiple networks.
B. The administrator is adding interfaces of multiple types.
C. The administrator is adding an interface that is in multiple zones.
D. The interfaces belong to multiple interface groups.
Answer: D
NEW QUESTION 148
Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.)
A. same flash memory size
B. same NTP configuration
C. same DHCP/PPoE configuration
D. same host name
E. same number of interfaces
Answer: BE
NEW QUESTION 149
A network administrator is configuring Snort inspection policies and is seeing failed deployment messages in Cisco FMC. What information should the administrator generate for Cisco TAC to help troubleshoot?
A. A “show tech” file for the device in question.
B. A “troubleshoot” file for the device in question.
C. A “troubleshoot” file for the Cisco FMC.
D. A “show tech” for the Cisco FMC.
Answer: B
NEW QUESTION 150
An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching. Which action must be taken to meet these requirements?
A. Configure an IPS policy and enable per-rule logging.
B. Disable the default IPS policy and enable global logging.
C. Configure an IPS policy and enable global logging.
D. Disable the default IPS policy and enable per-rule logging.
Answer: A
NEW QUESTION 151
A VPN user is unable to conned lo web resources behind the Cisco FTD device terminating the connection. While troubleshooting, the network administrator determines that the DNS responses are not getting through the Cisco FTD. What must be done to address this issue while still utilizing Snort IPS rules?
A. Uncheck the “Drop when Inline” box in the intrusion policy to allow the traffic.
B. Modify the Snort rules to allow legitimate DNS traffic to the VPN users.
C. Disable the intrusion rule threshes to optimize the Snort processing.
D. Decrypt the packet after the VPN flow so the DNS queries are not inspected.
Answer: B
NEW QUESTION 152
……
New 2020 CCNP 300-710 SNCF exam questions from PassLeader 300-710 dumps! Welcome to download the newest PassLeader 300-710 VCE and PDF dumps: https://www.passleader.com/300-710.html (154 Q&As –> 173 Q&As –> 196 Q&As –> 213 Q&As –> 297 Q&As –> 331 Q&As –> 363 Q&As)
P.S. Free 2020 CCNP 300-710 SNCF dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1eMezTmky2ZKqZ-wmmzkMBsEl7ZmezGar
