Free Cisco® 300-710 Exam Braindumps (page: 12)

Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)

  1. dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.
  2. reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists
  3. network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country
  4. network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country
  5. reputation-based objects, such as URL categories

Answer(s): B,C


Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/reusable_objects.html#ID-2243-00000414



A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it.
What is the reason for this issue?

  1. A manual NAT exemption rule does not exist at the top of the NAT table.
  2. An external NAT IP address is not configured.
  3. An external NAT IP address is configured to match the wrong interface.
  4. An object NAT exemption rule does not exist at the top of the NAT table.

Answer(s): A


Reference:

https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212702- configure-and-verify-nat-on-ftd.html



An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects.
What is the reason for this failure?

  1. The interfaces are being used for NAT for multiple networks.
  2. The administrator is adding interfaces of multiple types.
  3. The administrator is adding an interface that is in multiple zones.
  4. The interfaces belong to multiple interface groups.

Answer(s): D


Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/reusable_objects.html#ID-2243-000009b4
"All interfaces in an interface object must be of the same type: all inline, passive, switched, routed, or ASA FirePOWER. After you create an interface object, you cannot change the type of interfaces it contains."



An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?

  1. Modify the Cisco ISE authorization policy to deny this access to the user.
  2. Modify Cisco ISE to send only legitimate usernames to the Cisco FTD.
  3. Add the unknown user in the Access Control Policy in Cisco FTD.
  4. Add the unknown user in the Malware & File Policy in Cisco FT

Answer(s): C


Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/fptd-fdm-config- guide-640/fptd-fdm-identity.html#concept_655B055575E04CA49B10186DEBDA301A






Post your Comments and Discuss Cisco® 300-710 exam prep with other Community members:

300-710 Exam Discussions & Posts