New 2020 CCNP 300-710 SNCF exam questions from PassLeader 300-710 dumps! Welcome to download the newest PassLeader 300-710 VCE and PDF dumps: https://www.passleader.com/300-710.html (129 Q&As –> 154 Q&As –> 173 Q&As –> 196 Q&As –> 213 Q&As –> 297 Q&As –> 331 Q&As –> 363 Q&As)
P.S. Free 2020 CCNP 300-710 SNCF dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1eMezTmky2ZKqZ-wmmzkMBsEl7ZmezGar
NEW QUESTION 110
Which license type is required on Cisco ISE to integrate with Cisco FMC pxGrid?
A. mobility
B. base
C. plus
D. apex
Answer: C
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_0111.html#concept_DE1C38E055794B198ED352D1528B5182
NEW QUESTION 111
A mid-sized company is experiencing higher network bandwidth utilization due to a recent acquisition. The network operations team is asked to scale up their one Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth. Which design option should be used to accomplish this goal?
A. Deploy multiple Cisco FTD appliances in firewall clustering mode to increase performance.
B. Deploy multiple Cisco FTD appliances using VPN load-balancing to scale performance.
C. Deploy multiple Cisco FTD HA pairs to increase performance.
D. Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance.
Answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-cluster-solution.html#concept_C8502505F840451C9E600F1EED9BC18E
NEW QUESTION 112
An engineer configures an access control rule that deploys file policy configurations to security zone or tunnel zones, and it causes the device to restart. What is the reason for the restart?
A. Source or destination security zones in the access control rule matches the security zones that are associated with interfaces on the target devices.
B. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the destination policy.
C. Source or destination security zones in the source tunnel zone do not match the security zones that are associated with interfaces on the target devices.
D. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the source policy.
Answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/policy_management.html
NEW QUESTION 113
An engineer is attempting to create a new dashboard within the Cisco FMC to have a single view with widgets from many of the other dashboards. The goal is to have a mixture of threat and security related widgets along with Cisco Firepower device health information. Which two widgets must be configured to provide this information? (Choose two.)
A. Intrusion Events
B. Correlation Information
C. Appliance Status
D. Current Sessions
E. Network Compliance
Answer: AC
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/dashboards.html#ID-2206-00000283
NEW QUESTION 114
An organization is setting up two new Cisco FTD devices to replace their current firewalls and cannot have any network downtime. During the setup process, the synchronization between the two devices is failing. What action is needed to resolve this issue?
A. Confirm that both devices have the same port-channel numbering.
B. Confirm that both devices are running the same software version.
C. Confirm that both devices are configured with the same types of interfaces.
D. Confirm that both devices have the same flash memory sizes.
NEW QUESTION 115
An organization wants to secure traffic from their branch office to the headquarter building using Cisco Firepower devices, They want to ensure that their Cisco Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements?
A. Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies.
B. Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic.
C. Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic.
D. Tune the intrusion policies in order to allow the VPN traffic through without inspection.
Answer: C
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/fptd-fdm-config-guide-640/fptd-fdm-ravpn.html
NEW QUESTION 116
A network administrator is seeing an unknown verdict for a file detected by Cisco FTD. Which malware policy configuration option must be selected in order to further analyse the file in the Talos cloud?
A. Spero analysis.
B. Malware analysis.
C. Dynamic analysis.
D. Sandbox analysis.
Answer: C
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reference_a_wrapper_Chapter_topic_here.html
NEW QUESTION 117
An engineer has been tasked with providing disaster recovery for an organization’s primary Cisco FMC. What must be done on the primary and secondary Cisco FMCs to ensure that a copy of the original corporate policy is available if the primary Cisco FMC fails?
A. Configure high-availability in both the primary and secondary Cisco FMCs.
B. Connect the primary and secondary Cisco FMC devices with Category 6 cables of not more than 10 meters in length.
C. Place the active Cisco FMC device on the same trusted management network as the standby device.
D. Restore the primary Cisco FMC backup configuration to the secondary Cisco FMC device when the primary device fails.
Answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_management_center_high_availability.html
NEW QUESTION 118
An engineer is attempting to add a new FTD device to their FMC behind a NAT device with a NAT ID of ACME001 and a password of Cisco388267669. Which command set must be used in order to accomplish this?
A. configure manager add ACME001 <registration key> <FMC IP>
B. configure manager add <FMC IP> ACME0O1 <registration key>
C. configure manager add DONTRESOLVE <FMC IP> AMCE001 <registration key>
D. configure manager add <FMC IP> <registration key> ACME001
Answer: D
Explanation:
https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118596-configure-firesight-00.html
NEW QUESTION 119
A user within an organization opened a malicious file on a workstation which in turn caused a ransomware attack on the network. What should be configured within the Cisco FMC to ensure the file is tested for viruses on a sandbox system?
A. Capacity handling.
B. Local malware analysis.
C. Spere analysis.
D. Dynamic analysis.
Answer: D
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/file_policies_and_advanced_malware_protection.html#ID-2199-000005d8
NEW QUESTION 120
An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events filing the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configuration change must be made to alleviate this issue?
A. Leave default networks.
B. Change the method to TCP/SYN.
C. Increase the number of entries on the NAT device.
D. Exclude load balancers and NAT devices.
Answer: D
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Network_Discovery_Policies.html
NEW QUESTION 121
An administrator is configuring SNORT inspection policies and is seeing failed deployment messages in Cisco FMC. What information should the administrator generate for Cisco TAC to help troubleshoot?
A. A “troubleshoot” file for the device in question.
B. A “show tech” file for the device in question.
C. A “show tech” for the Cisco FMC.
D. A “troubleshoot” file for the Cisco FMC.
Answer: D
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/troubleshooting_the_system.html
NEW QUESTION 122
A network engineer is receiving reports of users randomly getting disconnected from their corporate applications which traverses the data center FTD appliance Network monitoring tools show that the FTD appliance utilization is peaking above 90% of total capacity. What must be done in order to further analyze this issue?
A. Use the Packet Export feature to save data onto external drives.
B. Use the Packet Capture feature to collect real-time network traffic.
C. Use the Packet Tracer feature for traffic policy analysis.
D. Use the Packet Analysis feature for capturing network data.
Answer: B
Explanation:
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html
NEW QUESTION 123
IT management is asking the network engineer to provide high-level summary statistics of the Cisco FTD appliance in the network. The business is approaching a peak season so the need to maintain business uptime is high. Which report type should be used to gather this information?
A. Malware Report
B. Standard Report
C. SNMP Report
D. Risk Report
Answer: D
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/working_with_reports.html#id_20016
NEW QUESTION 124
An administrator is setting up Cisco Firepower to send data to the Cisco Stealthwatch appliances. The NetFlow_Set_Parameters object is already created, but NetFlow is not being sent to the flow collector. What must be done to prevent this from occurring?
A. Add the NetFlow_Send_Destination object to the configuration.
B. Create a Security Intelligence object to send the data to Cisco Stealthwatch.
C. Create a service identifier to enable the NetFlow service.
D. Add the NetFlow_Add_Destination object to the configuration.
Answer: D
NEW QUESTION 125
With a recent summer time change, system logs are showing activity that occurred to be an hour behind real time. Which action should be taken to resolve this issue?
A. Manually adjust the time to the correct hour on all managed devices.
B. Configure the system clock settings to use NTP with Daylight Savings checked.
C. Manually adjust the time to the correct hour on the Cisco FMC.
D. Configure the system clock settings to use NTP.
Answer: B
NEW QUESTION 126
A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisc FMC generated an alert for the malware event, however the user still remained connected. Which Cisco APM file rule action within the Cisco FMC must be set to resolve this issue?
A. Detect Files
B. Malware Cloud Lookup
C. Local Malware Analysis
D. Reset Connection
Answer: B
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/AMP-Config.pdf
NEW QUESTION 127
What is a feature of Cisco AMP private cloud?
A. It supports anonymized retrieval of threat intelligence.
B. It supports security intelligence filtering.
C. It disables direct connections to the public cloud.
D. It performs dynamic analysis.
Answer: D
Explanation:
https://www.cisco.com/c/en/us/products/collateral/security/fireamp-private-cloud-virtual-appliance/datasheet-c78-742267.html
NEW QUESTION 128
……
New 2020 CCNP 300-710 SNCF exam questions from PassLeader 300-710 dumps! Welcome to download the newest PassLeader 300-710 VCE and PDF dumps: https://www.passleader.com/300-710.html (129 Q&As –> 154 Q&As –> 173 Q&As –> 196 Q&As –> 213 Q&As –> 297 Q&As –> 331 Q&As –> 363 Q&As)
P.S. Free 2020 CCNP 300-710 SNCF dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1eMezTmky2ZKqZ-wmmzkMBsEl7ZmezGar