New 2020 CCNP 300-710 SNCF exam questions from PassLeader 300-710 dumps! Welcome to download the newest PassLeader 300-710 VCE and PDF dumps: https://www.passleader.com/300-710.html (363 Q&As)
P.S. Free 2020 CCNP 300-710 SNCF dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1eMezTmky2ZKqZ-wmmzkMBsEl7ZmezGar
NEW QUESTION 333
A network engineer must configure an existing firewall to have a NAT configuration. The new configuration must support more than two interfaces per context. The firewall has previously been operating in transparent mode. The Cisco Secure Firewall Threat Defense (FTD) device has been deregistered from Cisco Secure Firewall Management Center (FMC). Which set of configuration actions must the network engineer take next to meet the requirements?
A. Run the configure firewall routed command from the Secure FTD device CLI, and reregister with Secure FMC.
B. Run the configure manager add routed command from the Secure FMC CLI. and reregister with Secure FMC.
C. Run the configure manager add routed command from the Secure FTD device CLI, and reregister with Secure FMC.
D. Run the configure firewall routed command from the Secure FMC CLI. and reregister with Secure FMC.
Answer: A
NEW QUESTION 334
A security engineer manages a firewall console and an endpoint console and finds it challenging and time consuming to review events and modify blocking of specific files in both consoles. Which action must the engineer take to streamline this process?
A. Within the Cisco Secure Endpoint console, copy the connector GUID and paste into the Cisco Secure Firewall Management Center (FMC) AMP tab.
B. From the Cisco Secure Endpoint console, create and copy an API key and paste into the Cisco Secure AMP tab.
C. From the Secure FMC, create a Cisco Secure Endpoint object and reference the object in the Cisco Secure Endpoint console.
D. Initiate the integration between Secure FMC and Cisco Secure Endpoint from the Secure FMC using the AMP tab.
Answer: D
NEW QUESTION 335
An engineer must create an access control policy on a Cisco Secure Firewall Threat Defense device. The company has a contact center that utilizes VoIP heavily, and it is critical that this traffic is not impacted by performance issues after deploying the access control policy. Which access control action rule must be configured to handle the VoIP traffic?
A. block
B. trust
C. monitor
D. allow
Answer: B
NEW QUESTION 336
An engineer must export a packet capture from Cisco Secure Firewall Management Center to assist in troubleshooting an issue on a Secure Firewall Threat Defense device. When the engineer navigates to the URL for Secure Firewall Management Center at:
https:///capture/CAPI/pcap/sample.pcap
The engineer receives a 403: Forbidden error instead of being provided with the PCAP file. Which action resolves the issue?
A. Disable the proxy setting on the client browser.
B. Disable the HTTPS server and use HTTP.
C. Enable HTTPS in the device platform policy.
D. Enable the proxy setting in the device platform policy.
Answer: A
NEW QUESTION 337
When packet capture is used on a Cisco Secure Firewall Threat Defense device and the packet flow is waiting on the malware query, which Snort verdict appears?
A. block
B. retry
C. replace
D. blockflow
Answer: D
NEW QUESTION 338
An engineer must integrate a third-party security intelligence feed with Cisco Secure Firewall Management Center. Secure Firewall Management Center is running Version 6.2.3 and has 8 GB of memory. Which two actions must be taken to implement Threat Intelligence Director? (Choose two.)
A. Add a TAXI I server.
B. Add the URL of the TAXII server.
C. Upgrade to version 6.6.
D. Enable REST API access.
E. Add 7 GB of memory.
Answer: DE
Explanation:
You can host TID on physical and virtual Firepower Management Centers:
– Running Version 6.2.2 or later of the Firepower System.
– Configured with a minimum of 15 GB of memory.
– Configured with REST API access enabled.
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/cisco_threat_intelligence_director__tid_.html
NEW QUESTION 339
An engineer is tasked with configuring a custom intrusion rule on Cisco Secure Firewall Management Center to detect and block the malicious traffic pattern with specific payload containing string “|04 68 72 80 87 ff ed cq fg he qm pn|”. Which action must the Engineer configure on the IPS policy?
A. reset
B. drop
C. alert
D. disable
E. quarantine
Answer: B
NEW QUESTION 340
Users report that Cisco Duo 2FA fails when they attempt to connect to the VPN on a Cisco Secure Firewall Threat Defense (FTD) device. IT staff have VPN profiles that do not require multifactor authentication and they can connect to the VPN without any issues. When viewing the VPN troubleshooting log in Cisco Secure Firewall Management Center (FMC), the network administrator sees an error that the Cisco Duo AAA server has been marked as failed. What is the root cause of the issue?
A. AD Trust certificates are missing from the Secure FTD device.
B. Multifactor authentication is not supported on Secure FMC managed devices.
C. The internal AD server is unreachable from the Secure FTD device.
D. Duo trust certificates are missing from the Secure FTD device.
Answer: D
NEW QUESTION 341
A network administrator is deploying a new Cisco Secure Firewall Threat Defense (FTD) firewall. After Cisco Secure FTD is deployed, inside clients have intermittent connectivity to each other. When reviewing the packet capture on the Secure FTD firewall, the administrator sees that Secure FTD is responding to all the ARP requests on the inside network. Which action must the network administrator take to resolve the issue?
A. Review the access policy and verify that ARP is allowed from inside to inside.
B. Review NAT policy and disable incorrect proxy ARP configuration.
C. Convert the FTD to transparent mode to allow ARP requests.
D. Hardcode the MAC address of the FTD to IP mapping on client machines.
Answer: B
NEW QUESTION 342
An administrator receives reports that users cannot access a cloud-hosted web server. The access control policy was recently updated with several new policy additions and URL filtering. What must be done to troubleshoot the issue and restore access without sacrificing the organization’s security posture?
A. Download a PCAP of the traffic to verify the blocks and use the FlexConfig to override the existing policy.
B. Review the output in connection events to validate the block, and modify the policy to allow the traffic.
C. Create a new access control policy rule to allow ports 80 and 443 to the FQDN of the web server.
D. Verify the blocks using the packet capture tool and create a rule with the action monitor for the traffic.
Answer: B
NEW QUESTION 343
A network administrator wants to configure a Cisco Secure Firewall Threat Defense instance managed by Cisco Secure Firewall Management Center to block traffic to known cryptomining networks. Which system settings must the administrator configure in Secure Firewall Management Center to meet the requirement?
A. Intrusion Policy, Security Intelligence.
B. Access Policy, Security Intelligence.
C. Malware Policy, Rules.
D. Access Policy, Rules.
Answer: B
NEW QUESTION 344
A network engineer detects a connectivity issue between Cisco Secure Firewall Management Center and Cisco Secure Firewall Threat Defense. Initial troubleshooting indicates that heartbeats and events are not being received. The engineer re-establishes the secure channels between both peers. Which two commands must the engineer run to resolve the issue? (Choose two.)
A. manage_procs.pl
B. show disk-manager
C. show history
D. sudo perfstats -Cq < /var/sf/rna/correlator-stats/now
E. sudo stats_unified.pl
Answer: AE
NEW QUESTION 345
A network administrator is reviewing a packet capture. The packet capture from inside of Cisco Secure Firewall Threat Defense shows the inbound TCP traffic. However, the outbound TCP traffic is not seen in the packet capture from outside Secure Firewall Threat Defense. Which configuration change resolves the issue?
A. Packet capture must include UDP traffic.
B. Inside interface must be assigned a higher security level.
C. Route to the destination must be added.
D. Inside interface must be assigned a lower security level.
Answer: C
NEW QUESTION 346
……
New 2020 CCNP 300-710 SNCF exam questions from PassLeader 300-710 dumps! Welcome to download the newest PassLeader 300-710 VCE and PDF dumps: https://www.passleader.com/300-710.html (363 Q&As)
P.S. Free 2020 CCNP 300-710 SNCF dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1eMezTmky2ZKqZ-wmmzkMBsEl7ZmezGar
