Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 300-710

Cisco 300-710 Exam Questions
Securing Networks with Cisco Firepower (300-710 SNCF) (Page 7 )

Updated On: 24-Feb-2026
Page 7 of 84
PDF with 412 Questions

Network traffic coming from an organization's CEO must never be denied.
Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic?

  1. Change the intrusion policy from security to balance.
  2. Configure a trust policy for the CEO.
  3. Configure firewall bypass.
  4. Create a NAT policy just for the CEO.

Answer(s): B



What is a characteristic of bridge groups on a Cisco FTD?

  1. In routed firewall mode, routing between bridge groups is supported.
  2. Routing between bridge groups is achieved only with a router-on-a-stick configuration on a connected router.
  3. In routed firewall mode, routing between bridge groups must pass through a routed interface.
  4. In transparent firewall mode, routing between bridge groups is supported.

Answer(s): A


Reference:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/general/asa-97-general-config/intro- fw.pdf



A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface.
What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?

  1. The output format option for the packet logs is unavailable.
  2. Only the UDP packet type is supported.
  3. The destination MAC address is optional if a VLAN ID value is entered.
  4. The VLAN ID and destination MAC address are optional.

Answer(s): C


Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/ troubleshooting_the_system.html



With Cisco FTD software, which interface mode must be configured to passively receive traffic that passes through the appliance?

  1. ERSPAN
  2. firewall
  3. tap
  4. IPS-only

Answer(s): C



An engineer is monitoring network traffic from their sales and product development departments, which are on two separate networks.
What must be configured in order to maintain data privacy for both departments?

  1. Use passive IDS ports for both departments.
  2. Use a dedicated IPS inline set for each department to maintain traffic separation.
  3. Use 802.1Q inline set Trunk interfaces with VLANs to maintain logical traffic separation.
  4. Use one pair of inline set in TAP mode for both departments.

Answer(s): C






Post your Comments and Discuss Cisco 300-710 exam dumps with other Community members:

Join the 300-710 Discussion