Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Cisco
  5. 300-710

Cisco 300-710 Exam
Securing Networks with Cisco Firepower (300-710 SNCF) (Page 9 )

Updated On: 1-Feb-2026
Page 9 of 53
PDF with 412 Questions

An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects.
What is the reason for this failure?

  1. The interfaces are being used for NAT for multiple networks.
  2. The administrator is adding interfaces of multiple types.
  3. The administrator is adding an interface that is in multiple zones.
  4. The interfaces belong to multiple interface groups.

Answer(s): D


Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/reusable_objects.html#ID-2243-000009b4
"All interfaces in an interface object must be of the same type: all inline, passive, switched, routed, or ASA FirePOWER. After you create an interface object, you cannot change the type of interfaces it contains."



An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?

  1. Modify the Cisco ISE authorization policy to deny this access to the user.
  2. Modify Cisco ISE to send only legitimate usernames to the Cisco FTD.
  3. Add the unknown user in the Access Control Policy in Cisco FTD.
  4. Add the unknown user in the Malware & File Policy in Cisco FT

Answer(s): C


Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/fptd-fdm-config- guide-640/fptd-fdm-identity.html#concept_655B055575E04CA49B10186DEBDA301A



A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic.
Which action accomplishes this task?

  1. Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.
  2. Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.
  3. Configure IPS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by unchecking the "Drop when inline" option.
  4. Configure IDS mode when creating or editing a policy rule under the Cisco FMC Intrusion tab in Access Policies section by checking the "Drop when inline" option.

Answer(s): A



An engineer is using the configure manager add <FMC IP> Cisc402098527 command to add a new Cisco FTD device to the Cisco FMC; however, the device is not being added.
Why Is this occurring?

  1. The NAT ID is required since the Cisco FMC is behind a NAT device.
  2. The IP address used should be that of the Cisco FTD. not the Cisco FMC.
  3. DONOTRESOLVE must be added to the command
  4. The registration key is missing from the command

Answer(s): A



An engineer is configuring Cisco FMC and wants to allow multiple physical interfaces to be part of the same VLAN. The managed devices must be able to perform Layer 2 switching between interfaces, including sub-interfaces.
What must be configured to meet these requirements?

  1. interface-based VLAN switching
  2. inter-chassis clustering VLAN
  3. integrated routing and bridging
  4. Cisco ISE Security Group Tag

Answer(s): C



Viewing page 9 of 53
Viewing questions 41 - 45 out of 412 questions



Post your Comments and Discuss Cisco 300-710 exam prep with other Community members:

Join the 300-710 Discussion