300-710 Exam Questions

Total 254 Questions

Last Updated Exam : 16-Dec-2024

Topic 1: Deployment

Which Cisco Firepower Threat Defense, which two interface settings are required when
configuring a routed interface? (Choose two.)


A.

Redundant Interface


B.

EtherChannel


C.

Speed


D.

Media Type


E.

Duplex





C.
  

Speed



E.
  

Duplex



What is a result of enabling Cisco FTD clustering? 


A.

For the dynamic routing feature, if the master unit fails, the newly elected master unit
maintains all existing connections. 


B.

Integrated Routing and Bridging is supported on the master unit


C.

Site-to-site VPN functionality is limited to the master unit, and all VPN connections are
dropped if the master unit fails


D.

All Firepower appliances can support Cisco FTD clustering.





C.
  

Site-to-site VPN functionality is limited to the master unit, and all VPN connections are
dropped if the master unit fails



An engineer is tasked with deploying an internal perimeter firewall that will support multiple
DMZs Each DMZ has a unique private IP subnet range. How is this requirement satisfied?


A.

Deploy the firewall in transparent mode with access control policies


B.

Deploy the firewall in routed mode with access control policies. 


C.

Deploy the firewall in routed mode with NAT configured. 


D.

Deploy the firewall in transparent mode with NAT configured. 





C.
  

Deploy the firewall in routed mode with NAT configured. 



Which two dynamic routing protocols are supported in Firepower Threat Defense without
using FlexConfig? (Choose two.)


A.

EIGRP


B.

OSPF


C.

static routing


D.

 IS-IS 


E.

BGP





B.
  

OSPF



E.
  

BGP



Which two conditions are necessary for high availability to function between two Cisco FTD
devices? (Choose two.)


A.

The units must be the same version


B.

Both devices can be part of a different group that must be in the same domain when
configured within the FMC. 


C.

The units must be different models if they are part of the same series


D.

The units must be configured only for firewall routed mode. 


E.

The units must be the same model.





A.
  

The units must be the same version



E.
  

The units must be the same model.



A network security engineer must replace a faulty Cisco FTD device in a high availability
pair. Which action must be taken while replacing the faulty unit?


A.

Shut down the Cisco FMC before powering up the replacement unit.


B.

Ensure that the faulty Cisco FTD device remains registered to the Cisco FMC.


C.

Unregister the faulty Cisco FTD device from the Cisco FMC


D.

Shut down the active Cisco FTD device before powering up the replacement unit.





C.
  

Unregister the faulty Cisco FTD device from the Cisco FMC



An engineer is building a new access control policy using Cisco FMC. The policy must
inspect a unique IPS policy as well as log rule matching. Which action must be taken to
meet these requirements?


A.

Configure an IPS policy and enable per-rule logging


B.

Disable the default IPS policy and enable global logging.


C.

Configure an IPS policy and enable global logging


D.

Disable the default IPS policy and enable per-rule logging





C.
  

Configure an IPS policy and enable global logging



An engineer is configuring a Cisco IPS to protect the network and wants to test a policy
before deploying it. A copy of each incoming packet needs to be monitored while traffic flow
remains constant. Which IPS mode should be implemented to meet these requirements?


A.

Inline tap


B.

passive


C.

transparent


D.

routed





A.
  

Inline tap



An engineer must configure high availability for the Cisco Firepower devices. The current
network topology does not allow for two devices to pass traffic concurrently. How must the
devices be implemented in this environment?


A.

in active/active mode


B.

in a cluster span EtherChannel


C.

in active/passive mode


D.

in cluster interface mode





C.
  

in active/passive mode



A network engineer implements a new Cisco Firepower device on the network to take
advantage of its intrusion detection functionality. There is a requirement to analyze the
traffic going across the device, alert on any malicious traffic, and appear as a bump in the
wire How should this be implemented?


A.

Specify the BVl IP address as the default gateway for connected devices.


B.

Enable routing on the Cisco Firepower


C.

Add an IP address to the physical Cisco Firepower interfaces.


D.

Configure a bridge group in transparent mode.





D.
  

Configure a bridge group in transparent mode.



Traditionally, a firewall is a routed hop and acts as a default gateway for hosts that connect
to one of its screened subnets. A transparent firewall, on the other hand, is a Layer 2
firewall that acts like a “bump in the wire,” or a “stealth firewall,” and is not seen as a router
hop to connected devices. However, like any other firewall, access control between
interfaces is controlled, and all of the usual firewall checks are in place. Layer 2
connectivity is achieved by using a "bridge group" where you group together the inside and
outside interfaces for a network, and the ASA uses bridging techniques to pass traffic
between the interfaces. Each bridge group includes a Bridge Virtual Interface (BVI) to
which you assign an IP address on the network. You can have multiple bridge groups for
multiple networks. In transparent mode, these bridge groups cannot communicate with
each other.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/general/asa-97-
general-config/intro-fw.html