Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 300-710

Cisco 300-710 Exam Questions
Securing Networks with Cisco Firepower (300-710 SNCF) (Page 15 )

Updated On: 24-Feb-2026
Page 15 of 84
PDF with 412 Questions

A network engineer is planning on replacing an Active/Standby pair of physical Cisco Secure Firewall ASAs with a pair of Cisco Secure Firewall Threat Defense Virtual appliances.
Which two virtual environments support the current High Availability configuration? (Choose two.)

  1. ESXi
  2. Azure
  3. Openstack
  4. KVM
  5. AWS

Answer(s): A,D


Reference:

https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw-virtual/threat-defense- virtual-ngfwv-ds.html



An administrator is configuring the interface of a Cisco Secure Firewall Threat Defense firewall device in a passive IPS deployment. The device and interface have been identified.
Which set of configuration steps must the administrator perform next to complete the implementation?

  1. Set the interface mode to passive. Associate the interface with a security zone. Enable the interface. Set the MTU parameter.
  2. Modify the interface to retransmit received traffic. Associate the interface with a security zone Set the MTU parameter
  3. Set the interface mode to passive. Associate the interface with a security zone. Set the MTU parameter.
    Reset the interface.
  4. Modify the interface to retransmit received traffic. Associate the interface with a security zone. Enable the interface. Set the MTU parameter.

Answer(s): A


Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config- guide-v601/fpmc-config-guide-v601_chapter_01110010.html



Which two statements are valid regarding the licensing model used on Cisco Secure Firewall Threat Defense Virtual appliances? (Choose two.)

  1. All licenses support a maximum of 250 VPN peers
  2. All licenses support up to 16 vCPUs
  3. All licenses require 500G of available storage for the VM
  4. Licenses can be used on both physical and virtual appliances
  5. Licenses can be used on any supported cloud platform

Answer(s): D,E



A company is deploying Cisco Secure Firewall Threat Defense with IPS.
What must be implemented in inline mode to pass the traffic without inspection during spikes and ensure that network traffic is kept?

  1. Change the interface mode to Routed
  2. Select Propagate Link State
  3. Increase the MTU to 9000
  4. Set the Snort Failsafe option

Answer(s): D


Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/ips_device_deployments_and_configuration.html



A Cisco Secure Firewall Threat Defense device is configured in inline IPS mode to inspect all traffic that passes through the interfaces in the inline set.
Which setting in the inline set configuration must be selected to allow traffic to pass through uninterrupted when VDB updates are being applied?

  1. Tap Mode
  2. Strict TCP Enforcement
  3. Propagate Link State
  4. Snort Fail Open

Answer(s): D






Post your Comments and Discuss Cisco 300-710 exam dumps with other Community members:

Join the 300-710 Discussion