web analytics

[30-Nov-2021] New 2020 CCNP 300-710 SNCF Dumps with VCE and PDF from PassLeader (Update Questions)

New 2020 CCNP 300-710 SNCF exam questions from PassLeader 300-710 dumps! Welcome to download the newest PassLeader 300-710 VCE and PDF dumps: https://www.passleader.com/300-710.html (196 Q&As –> 213 Q&As)

P.S. Free 2020 CCNP 300-710 SNCF dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1eMezTmky2ZKqZ-wmmzkMBsEl7ZmezGar

NEW QUESTION 176
A security engineer found a suspicious file from an employee email address and is trying to upload it for analysis, however the upload is failing. The last registration status is still active. What is the cause for this issue?

A.    Cisco AMP for Networks is unable to contact Cisco Threat Grid on premise.
B.    Cisco AMP for Networks is unable to contact Cisco Threat Grid Cloud.
C.    There is a host limit set.
D.    The user agent status is set to monitor.

Answer: A

NEW QUESTION 177
An engineer must configure a Cisco FMC dashboard in a child domain. Which action must be taken so that the dashboard is visible to the parent domain?

A.    Add a separate tab.
B.    Adjust policy inheritance settings.
C.    Add a separate widget.
D.    Create a copy of the dashboard.

Answer: D

NEW QUESTION 178
An engineer must define a URL object on Cisco FMC. What is the correct method to specify the URL without performing SSL inspection?

A.    Use Subject Common Name value.
B.    Specify all subdomains in the object group.
C.    Specify the protocol in the object.
D.    Include all URLs from CRL Distribution Points.

Answer: A

NEW QUESTION 179
An analyst is reviewing the Cisco FMC reports for the week. They notice that some peer-to-peer applications are being used on the network and they must identify which poses the greatest risk to the environment. Which report gives the analyst this information?

A.    Attacks Risk Report
B.    User Risk Report
C.    Network Risk Report
D.    Advanced Malware Risk Report

Answer: C

NEW QUESTION 180
An administrator is adding a new URL-based category feed to the Cisco FMC for use within the policies. The intelligence source does not use STIX. but instead uses a .txt file format. Which action ensures that regular updates are provided?

A.    Add a URL source and select the flat file type within Cisco FMC.
B.    Upload the .txt file and configure automatic updates using the embedded URL.
C.    Add a TAXII feed source and input the URL for the feed.
D.    Convert the .txt file to STIX and upload it to the Cisco FMC.

Answer: C

NEW QUESTION 181
A network administrator reviews the file report for the last month and notices that all file types, except exe. show a disposition of unknown. What is the cause of this issue?

A.    The malware license has not been applied to the Cisco FTD.
B.    The Cisco FMC cannot reach the Internet to analyze files.
C.    A file policy has not been applied to the access policy.
D.    Only Spero file analysis is enabled.

Answer: A

NEW QUESTION 182
Which firewall design allows a firewall to forward traffic at layer 2 and layer 3 for the same subnet?

A.    Cisco Firepower Threat Defense mode
B.    transparent mode
C.    routed mode
D.    integrated routing and bridging

Answer: A

NEW QUESTION 183
An engineer is reviewing a ticket that requests to allow traffic for some devices that must connect to a server over 8699/udp. The request mentions only one IP address, 172.16.18.15, but the requestor asked for the engineer to open the port for all machines that have been trying to connect to it over the last week. Which action must the engineer take to troubleshoot this issue?

A.    Use the context explorer to see the application blocks by protocol.
B.    Use the context explorer to see the destination port blocks.
C.    Filter the connection events by the source port 8699/udp.
D.    Filter the connection events by the destination port 8699/udp.

Answer: D

NEW QUESTION 184
A security engineer is configuring a remote Cisco FTD that has limited resources and internet bandwidth. Which malware action and protection option should be configured to reduce the requirement for cloud lookups?

A.    Malware Cloud Lookup and dynamic analysis.
B.    Block Malware action and dynamic analysis.
C.    Block Malware action and local malware analysis.
D.    Block File action and local malware analysis.

Answer: B

NEW QUESTION 185
An administrator receives reports that users cannot access a cloud-hosted web server. The access control policy was recently updated with several new policy additions and URL filtering. What must be done to troubleshoot the issue and restore access without sacrificing the organization’s security posture?

A.    Create a new access control policy rule to allow ports 80 and 443 to the FQDN of the web server.
B.    Identify the blocked traffic in the Cisco FMC connection events to validate the block, and modify the policy to allow the traffic to the web server.
C.    Verify the blocks using the packet capture tool and create a rule with the action monitor for the traffic.
D.    Download a PCAP of the traffic attempts to verify the blocks and use the flexconfig objects to create a rule that allows only the required traffic to the destination server.

Answer: A

NEW QUESTION 186
A Cisco FTD has two physical interfaces assigned to a BVI. Each interface is connected to a different VLAN on the same switch. Which firewall mode is the Cisco FTD set up to support?

A.    active/active failover
B.    transparent
C.    routed
D.    high availability clustering

Answer: C

NEW QUESTION 187
While integrating Cisco Umbrella with Cisco Threat Response, a network security engineer wants to automatically push blocking of domains from the Cisco Threat Response interface to Cisco Umbrella. Which API meets this requirement?

A.    investigate
B.    reporting
C.    enforcement
D.    REST

Answer: C

NEW QUESTION 188
A network administrator configured a NAT policy that translates a public IP address to an internal web server IP address. An access policy has also been created that allows any source to reach the public IP address on port 80. The web server is still not reachable from the Internet on port 80. Which configuration change is needed?

A.    The intrusion policy must be disabled for port 80.
B.    The access policy rule must be configured for the action trust.
C.    The NAT policy must be modified to translate the source IP address as well as destination IP address.
D.    The access policy must allow traffic to the internal web server IP address.

Answer: D

NEW QUESTION 189
An organization is migrating their Cisco ASA devices running in multicontext mode to Cisco FTD devices. Which action must be taken to ensure that each context on the Cisco ASA is logically separated in the Cisco FTD devices?

A.    Add a native instance to distribute traffic to each Cisco FTD context.
B.    Add the Cisco FTD device to the Cisco ASA port channels.
C.    Configure a container instance in the Cisco FTD for each context in the Cisco ASA.
D.    Configure the Cisco FTD to use port channels spanning multiple networks.

Answer: B

NEW QUESTION 190
Upon detecting a flagrant threat on an endpoint, which two technologies instruct Cisco Identity Services Engine to contain the infected endpoint either manually or automatically? (Choose two.)

A.    Cisco ASA 5500 Series
B.    Cisco FMC
C.    Cisco AMP
D.    Cisco Stealthwatch
E.    Cisco ASR 7200 Series

Answer: DE

NEW QUESTION 191
……


New 2020 CCNP 300-710 SNCF exam questions from PassLeader 300-710 dumps! Welcome to download the newest PassLeader 300-710 VCE and PDF dumps: https://www.passleader.com/300-710.html (196 Q&As –> 213 Q&As)

P.S. Free 2020 CCNP 300-710 SNCF dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=1eMezTmky2ZKqZ-wmmzkMBsEl7ZmezGar