web analytics

[28-Feb-2022] New 2020 CCNP 300-710 SNCF Dumps with VCE and PDF from PassLeader (Update Questions)

New 2020 CCNP 300-710 SNCF exam questions from PassLeader 300-710 dumps! Welcome to download the newest PassLeader 300-710 VCE and PDF dumps: https://www.passleader.com/300-710.html (213 Q&As –> 297 Q&As –> 331 Q&As –> 348 Q&As)

P.S. Free 2020 CCNP 300-710 SNCF dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1eMezTmky2ZKqZ-wmmzkMBsEl7ZmezGar

An engineer installs a Cisco FTD device and wants to inspect traffic within the same subnet passing through a firewall and inspect traffic destined to the Internet. Which configuration will meet this requirement?

A.    transparent firewall mode with IRB only
B.    routed firewall mode with BVI and routed interfaces
C.    transparent firewall mode with multiple BVIs
D.    routed firewall mode with routed interfaces only

Answer: C

A network administrator is deploying a Cisco IPS appliance and needs it to operate initially without affecting traffic flows. It must also collect data to provide a baseline of unwanted traffic before being reconfigured to drop it. Which Cisco IPS mode meets these requirements?

A.    failsafe
B.    inline tap
C.    promiscuous
D.    bypass

Answer: C

A network administrator is implementing an active/passive high availability Cisco FTD pair. When adding the high availability pair, the administrator cannot select the secondary peer. What is the cause?

A.    The second Cisco FTD is not the same model as the primary Cisco FTD.
B.    An high availability license must be added to the Cisco FMC before adding the high availability pair.
C.    The failover link must be defined on each Cisco FTD before adding the high availability pair.
D.    Both Cisco FTD devices are not at the same software version.

Answer: A

Which protocol is needed to exchange threat details in rapid threat containment on Cisco FMC?

A.    SGT
B.    SNMP v3
C.    BFD
D.    pxGrid

Answer: D

An engineer is troubleshooting a file that is being blocked by a Cisco FTD device on the network. The user is reporting that the file is not malicious. Which action does the engineer take to identify the file and validate whether or not it is malicious?

A.    Identify the file in the intrusion events and submit it to Threat Grid for analysis.
B.    Use FMC file analysis to look for the file and select Analyze to determine its disposition.
C.    Use the context explorer to find the file and download it to the local machine for investigation.
D.    Right click the connection event and send the file to AMP for Endpoints to see if the hash is malicious.

Answer: A

An engineer wants to add an additional Cisco FTD Version 6.2.3 device to their current 6.2.3 deployment to create a high availability pair. The currently deployed Cisco FTD device is using local management and identical hardware including the available port density to enable the failover and stateful links required in a proper high availability deployment. Which action ensures that the environment is ready to pair the new Cisco FTD with the old one?

A.    Change from Cisco FDM management to Cisco FMC management on both devices and register them to FMC.
B.    Ensure that the two devices are assigned IP addresses from the 169 254.0.0/16 range for failover interfaces.
C.    Factory reset the current Cisco FTD so that it can synchronize configurations with the new Cisco FTD device.
D.    Ensure that the configured DNS servers match on the two devices for name resolution.

Answer: A

A company is in the process of deploying intrusion protection with Cisco FTDs managed by a Cisco FMC. Which action must be selected to enable fewer rules detect only critical conditions and avoid false positives?

A.    Connectivity Over Security
B.    Balanced Security and Connectivity
C.    Maximum Detection
D.    No Rules Active

Answer: A

An engineer is investigating connectivity problems on Cisco Firepower for a specific SGT. Which command allows the engineer to capture real packets that pass through the firewall using an SGT of 64?

A.    capture CAP type inline-tag 64 match ip any any
B.    capture CAP match 64 type inline-tag ip any any
C.    capture CAP headers-only type inline-tag 64 match ip any any
D.    capture CAP buffer 64 match ip any any

Answer: A

Which Cisco FMC report gives the analyst information about the ports and protocols that are related to the configured sensitive network for analysis?

A.    Malware Report
B.    Host Report
C.    Firepower Report
D.    Network Report

Answer: D

The CIO asks a network administrator to present to management a dashboard that shows custom analysis tables for the top DNS queries URL category statistics, and the URL reputation statistics. Which action must the administrator take to quickly produce this information for management?

A.    Run the Attack report and filter on DNS to show this information.
B.    Create a new dashboard and add three custom analysis widgets that specify the tables needed.
C.    Modify the Connection Events dashboard to display the information in a view for management.
D.    Copy the intrusion events dashboard tab and modify each widget to show the correct charts.

Answer: B

A network administrator is migrating from a Cisco ASA to a Cisco FTD. EIGRP is configured on the Cisco ASA but it is not available in the Cisco FMC. Which action must the administrator take to enable this feature on the Cisco FTD?

A.    Configure EIGRP parameters using FlexConfig objects.
B.    Add the command feature eigrp via the FTD CLI.
C.    Create a custom variable set and enable the feature in the variable set.
D.    Enable advanced configuration options in the FMC.

Answer: A

An organization recently implemented a transparent Cisco FTD in their network. They must ensure that the device does not respond to insecure SSL/TLS protocols. Which action accomplishes this task?

A.    Modify the device’s settings using the device management feature within Cisco FMC to force only secure protocols.
B.    Use the Cisco FTD platform policy to change the minimum SSL version on the device to TLS 1.2.
C.    Enable the UCAPL/CC compliance on the device to support only the most secure protocols available.
D.    Configure a FlexConfig object to disable any insecure TLS protocols on the Cisco FTD device.

Answer: B

A network administrator cannot select the link to be used for failover when configuring an active/passive HA Cisco FTD pair. Which configuration must be changed before setting up the high availability pair?

A.    An IP address in the same subnet must be added to each Cisco FTD on the interface.
B.    The interface name must be removed from the interface on each Cisco FTD.
C.    The name Failover must be configured manually on the interface on each Cisco FTD.
D.    The interface must be configured as part of a LACP Active/Active EtherChannel.

Answer: A

What is an advantage of adding multiple inline interface pairs to the same inline interface set when deploying an asynchronous routing configuration?

A.    Allows the IPS to identify inbound and outbound traffic as part of the same traffic flow.
B.    The interfaces disable autonegotiation and interface speed is hard coded set to 1000 Mbps.
C.    Allows traffic inspection to continue without interruption during the Snort process restart.
D.    The interfaces are automatically configured as a media-independent interface crossover.

Answer: A

An administrator is configuring their transparent Cisco FTD device to receive ERSPAN traffic from multiple switches on a passive port, but the Cisco FTD is not processing the traffic. What is the problem?

A.    The switches do not have Layer 3 connectivity to the FTD device for GRE traffic transmission.
B.    The switches were not set up with a monitor session ID that matches the flow ID defined on the Cisco FTD.
C.    The Cisco FTD must be in routed mode to process ERSPAN traffic.
D.    The Cisco FTD must be configured with an ERSPAN port not a passive port.

Answer: C


New 2020 CCNP 300-710 SNCF exam questions from PassLeader 300-710 dumps! Welcome to download the newest PassLeader 300-710 VCE and PDF dumps: https://www.passleader.com/300-710.html (213 Q&As –> 297 Q&As –> 331 Q&As –> 348 Q&As)

P.S. Free 2020 CCNP 300-710 SNCF dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1eMezTmky2ZKqZ-wmmzkMBsEl7ZmezGar