Free 300-710 Exam Braindumps (page: 5)

Page 5 of 66

An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighbouring Cisco devices or use multicast in their environment.
What must be done to resolve this issue?

  1. Create a firewall rule to allow CDP traffic.
  2. Create a bridge group with the firewall interfaces.
  3. Change the firewall mode to transparent.
  4. Change the firewall mode to routed.

Answer(s): C

Explanation:

"In routed firewall mode, broadcast and multicast traffic is blocked even if you allow it in an access rule..." "The bridge group does not pass CDP packets packets..." https://www.cisco.com/c/en/us/td/docs/security/asa/asa913/configuration/general/asa-913- general-config/intro-fw.html

Passing Traffic Not Allowed in Routed Mode

In routed mode, some types of traffic cannot pass through the ASA even if you allow it in an access rule. The bridge group, however, can allow almost any traffic through using either an access rule (for IP traffic) or an EtherType rule (for non-IP traffic):

IP traffic--In routed firewall mode, broadcast and "multicast traffic is blocked even if you allow it in an access rule," including unsupported dynamic routing protocols and DHCP (unless you configure DHCP relay). Within a bridge group, you can allow this traffic with an access rule (using an extended ACL).

Non-IP traffic--AppleTalk, IPX, BPDUs, and MPLS, for example, can be configured to go through using an EtherType rule.

Note:
"The bridge group does not pass CDP packets packets, or any packets that do not have a valid EtherType greater than or equal to 0x600. An exception is made for BPDUs and IS-IS, which are supported. "



A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire How should this be implemented?

  1. Specify the BVl IP address as the default gateway for connected devices.
  2. Enable routing on the Cisco Firepower
  3. Add an IP address to the physical Cisco Firepower interfaces.
  4. Configure a bridge group in transparent mode.

Answer(s): D

Explanation:

Traditionally, a firewall is a routed hop and acts as a default gateway for hosts that connect to one of its screened subnets. A transparent firewall, on the other hand, is a Layer 2 firewall that acts like a "bump in the wire," or a "stealth firewall," and is not seen as a router hop to connected devices. However, like any other firewall, access control between interfaces is controlled, and all of the usual firewall checks are in place. Layer 2 connectivity is achieved by using a "bridge group" where you group together the inside and outside interfaces for a network, and the ASA uses bridging techniques to pass traffic between the interfaces. Each bridge group includes a Bridge Virtual Interface (BVI) to which you assign an IP address on the network. You can have multiple bridge groups for multiple networks. In transparent mode, these bridge groups cannot communicate with each other. https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/general/asa-97-general- config/intro-fw.html



Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.)

  1. same flash memory size
  2. same NTP configuration
  3. same DHCP/PPoE configuration
  4. same host name
  5. same number of interfaces

Answer(s): B,E


Reference:

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699- configure-ftd-high-availability-on-firep.html

Conditions

In order to create an HA between 2 FTD devices, these conditions must be met:

Same model
Same version (this applies to FXOS and to FTD - (major (first number), minor (second number), and maintenance (third number) must be equal))
Same number of interfaces
Same type of interfaces
Both devices as part of same group/domain in FMC
Have identical Network Time Protocol (NTP) configuration Be fully deployed on the FMC without uncommitted changes Be in the same firewall mode: routed or transparent.
Note that this must be checked on both FTD devices and FMC GUI since there have been cases where the FTDs had the same mode, but FMC does not reflect this. Does not have DHCP/Point-to-Point Protocol over Ethernet (PPPoE) configured in any of the interface Different hostname (Fully Qualified Domain Name (FQDN)) for both chassis. In order to check the chassis hostname navigate to FTD CLI and run this command



An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching.
Which action must be taken to meet these requirements?

  1. Configure an IPS policy and enable per-rule logging.
  2. Disable the default IPS policy and enable global logging.
  3. Configure an IPS policy and enable global logging.
  4. Disable the default IPS policy and enable per-rule logging.

Answer(s): C



Page 5 of 66



Post your Comments and Discuss Cisco® 300-710 exam with other Community members:

manisha 3/22/2024 1:55:03 AM
for exam practise
INDIA
upvote

Shameem Akhtar 3/21/2024 9:49:37 PM
Good practice set
UNITED STATES
upvote

DataGuru 3/21/2024 7:17:15 PM
Question 44 answers should include: B,C,D,E,F. Check page 24 of DMBOK2
Anonymous
upvote

Anonymous 3/21/2024 6:00:08 PM
Answer on question 110 is wrong - it should be B It is a demo at the end of the Sprint for everyone in the organization to check on the work done.
UNITED STATES
upvote

Limbo 3/21/2024 4:17:36 PM
Very insightful
BOTSWANA
upvote

Limbo 3/21/2024 4:15:11 PM
The ANSWER to question 11 is B
BOTSWANA
upvote

T.B 3/21/2024 4:11:31 PM
Just wanted to let you know that these questions are valid... obviously the PDF version which has all the questions and answers. I sat for my yesterday today and easily passed it.
GERMANY
upvote

Limbo 3/21/2024 4:03:12 PM
Insightful and informative
BOTSWANA
upvote

Jerad 3/21/2024 1:33:45 PM
Questions are valid in Europe. I passed this exam today with a 82% mark.
FRANCE
upvote

Solomon 3/21/2024 7:24:12 AM
Thanks for thia resource. I am planning to write exam this April . Are the dumps still Valid ?
Anonymous
upvote

Eddy 3/21/2024 6:56:25 AM
I got my certification badge after passing this exam. The questions are valid.
United Kingdom
upvote

PSM Prospect 3/21/2024 6:29:04 AM
Answer on question 11 is wrong - only Sprint Retrospective is required.
Anonymous
upvote

Stef 3/21/2024 4:38:06 AM
Good questions
BULGARIA
upvote

Annu 3/21/2024 1:54:36 AM
Full version of dump available for SAP C_S4FTR_2021? Please share
Anonymous
upvote

Sharad 3/20/2024 4:29:25 PM
Very Good. Great content
UNITED STATES
upvote

anomymous 3/20/2024 2:23:26 PM
userfull material
INDONESIA
upvote

Jose A. 3/20/2024 2:01:32 PM
Muy buenas preguntas
ROMANIA
upvote

Sam 3/20/2024 12:49:26 PM
very helpful
UNITED STATES
upvote

Anjum 3/20/2024 9:28:14 AM
Good question
Anonymous
upvote

dhj 3/20/2024 1:27:51 AM
good material
Anonymous
upvote

Rina 3/20/2024 12:18:56 AM
Nice questions
UNITED STATES
upvote

Rina 3/20/2024 12:07:37 AM
Great course
UNITED STATES
upvote

Abhay 3/19/2024 7:54:07 AM
Nice collection
Anonymous
upvote

nathaniel 3/19/2024 4:59:57 AM
correct answer
Anonymous
upvote

nathaniel 3/19/2024 4:47:26 AM
its going well
Anonymous
upvote

giginpmd 3/19/2024 4:39:53 AM
any update on March 2024 this dump still valid ?
Anonymous
upvote

nathaniel 3/19/2024 4:37:16 AM
correct answer so far
Anonymous
upvote

K. RB Lai 3/19/2024 3:49:55 AM
so far so gd
HONG KONG
upvote

Shreya 3/19/2024 3:36:05 AM
Most of the questions are from this dump. I got 900 out of 1000. Prepare the case studies well. I got 5 questions from the case studies. Prioritize according to the weightage of the topics and that will definitely yield good results. All the best . :)
UNITED STATES
upvote

shal 3/18/2024 10:34:03 PM
great course
UNITED STATES
upvote

sam doha 3/18/2024 5:13:11 PM
Passed exam syo-601 on 3/18/24. These questions helped a lot. Many questions are word by word, but many of them are asked differently. Just have to understand the concept, rather than memorizing the answer only.
Anonymous
upvote

Rathor 3/18/2024 11:10:52 AM
It was an easy pass. All questions are from this dump.
India
upvote

nathaniel 3/18/2024 10:40:27 AM
so far i have compare your answers with other platform ,your answers are correct
Anonymous
upvote

Arnav 3/18/2024 8:51:04 AM
Great, it will help me
Anonymous
upvote