CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. Cisco®
  5. 300-710

Free 300-710 Exam Braindumps (page: 24)

Page 24 of 66
PDF with 325 Questions

A security engineer is configuring an Access Control Policy for multiple branch locations These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location.
What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?

  1. utilizing policy inheritance
  2. utilizing a dynamic ACP that updates from Cisco Talos
  3. creating a unique ACP per device
  4. creating an ACP with an INSIDE_NET network object and object overrides

Answer(s): D



An engineer is troubleshooting application failures through a FTD deployment.
While using the FMC CLI. it has been determined that the traffic in question is not matching the desired policy.
What should be done to correct this?

  1. Use the system support firewall-engine-debug command to determine which rules the traffic matching and modify the rule accordingly
  2. Use the system support application-identification-debug command to determine which rules the traffic matching and modify the rule accordingly
  3. Use the system support firewall-engine-dump-user-f density-data command to change the policy and allow the application through the firewall.
  4. Use the system support network-options command to fine tune the policy.

Answer(s): A



An administrator is attempting to remotely log into a switch in the data centre using SSH and is unable to connect. How does the administrator confirm that traffic is reaching the firewall?

  1. by running Wireshark on the administrator's PC
  2. by performing a packet capture on the firewall.
  3. by running a packet tracer on the firewall.
  4. by attempting to access it from a different workstation.

Answer(s): B



What is the advantage of having Cisco Firepower devices send events to Cisco Threat response via the security services exchange portal directly as opposed to using syslog?

  1. Firepower devices do not need to be connected to the internet.
  2. All types of Firepower devices are supported.
  3. Supports all devices that are running supported versions of Firepower
  4. An on-premises proxy server does not need to set up and maintained

Answer(s): D


Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/integrations/CTR/ Firepower_and_Cisco_Threat_Response_Integration_Guide.pdf



Page 24 of 66



Post your Comments and Discuss Cisco® 300-710 exam with other Community members:

Neo commented on October 10, 2024
Gets easier as you go along
SOUTH AFRICA
upvote

Neo commented on October 10, 2024
Need more practice
SOUTH AFRICA
upvote

Violet commented on October 10, 2024
Need more practice
SOUTH AFRICA
upvote

Neo commented on October 10, 2024
Challenging
SOUTH AFRICA
upvote

Kopano commented on October 10, 2024
Prep going well
SOUTH AFRICA
upvote

Neo commented on October 10, 2024
Happy with the material
SOUTH AFRICA
upvote

Emily commented on October 09, 2024
A bit challe
SOUTH AFRICA
upvote

Emily commented on October 09, 2024
grt resource
SOUTH AFRICA
upvote