Which object type supports object overrides?

A.

time range

B.

security group tag

C.

network object

D.

DNS server group

An organization has seen a lot of traffic congestion on their links going out to the internet
There is a Cisco Firepower device that processes all of the traffic going to the internet prior
to leaving the enterprise. How is the congestion alleviated so that legitimate business traffic
reaches the destination?

A.

Create a flexconfig policy to use WCCP for application aware bandwidth limiting

B.

Create a VPN policy so that direct tunnels are established to the business applications

C.

Create a NAT policy so that the Cisco Firepower device does not have to translate as
many addresses

D.

Create a QoS policy rate-limiting high bandwidth applications

Which command is run on an FTD unit to associate the unit to an FMC manager that is at
IP address 10.0.0.10, and that has the registration key Cisco123?

A.

configure manager local 10.0.0.10 Cisco123

B.

configure manager add Cisco123 10.0.0.10

C.

configure manager local Cisco123 10.0.0.10
 

D.

configure manager add 10.0.0.10 Cisco123

With Cisco FTD integrated routing and bridging, which interface does the bridge group use
to communicate with a routed interface?

A.

switch virtual

B.

bridge group member

C.

bridge virtual

D.

subinterface

With Cisco FTD software, which interface mode must be configured to passively receive
traffic that passes through the appliance?

A.

ERSPAN

B.

IPS-only

C.

firewall

D.

tap

Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)

A.

BGPv6

B.

ECMP with up to three equal cost paths across multiple interfaces
 

C.

ECMP with up to three equal cost paths across a single interface

D.

BGPv4 in transparent firewall mode

E.

BGPv4 with nonstop forwarding

Refer to the exhibit An engineer is modifying an access control pokey to add a rule
to inspect all DNS traffic that passes through the firewall After making the change
and deploying the pokey they see that DNS traffic is not bang inspected by the Snort
engine What is the problem?

A.

The rule must specify the security zone that originates the traffic

B.

The rule must define the source network for inspection as well as the port

C.

The action of the rule is set to trust instead of allow.

D.

The rule is configured with the wrong setting for the source port

An administrator Is setting up a Cisco PMC and must provide expert mode access for a
security engineer. The engineer Is permitted to use only a secured out-of-band network
workstation with a static IP address to access the Cisco FMC. What must be configured to
enable this access?

A.

Enable SSH and define an access list.

B.

Enable HTTP and define an access list.

C.

Enable SCP under the Access List section.

D.

Enable HTTPS and SNMP under the Access List section

An engineer must define a URL object on Cisco FMC. What is the correct method to
specify the URL without performing SSL inspection?

A.

Use Subject Common Name value.

B.

Specify all subdomains in the object group.

C.

Specify the protocol in the object

D.

Include all URLs from CRL Distribution Points

A network administrator reviews the file report for the last month and notices that all file
types, except exe. show a disposition of unknown. What is the cause of this issue? 

A.

The malware license has not been applied to the Cisco FTD.

B.

The Cisco FMC cannot reach the Internet to analyze files.

C.

A file policy has not been applied to the access policy.

D.

Only Spero file analysis is enabled.