Woodkids 300-710 Firepower dumps PDF

Preview

Summary

Amazing...

Description

QUESTION 1 What is a result of enabling Cisco FTD clustering? A. For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections. B. Integrated Routing and Bridging is supported on the master unit. C. Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails. D. All Firepower appliances can support Cisco FTD clustering. Answer: C Explanation: Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmcconfig-guide-v64/ clustering_for_the_firepower_threat_defense.html

QUESTION 2 Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.) A. The units must be the same version B. Both devices can be part of a different group that must be in the same domain when configured within the FMC. C. The units must be different models if they are part of the same series. D. The units must be configured only for firewall routed mode. E. The units must be the same model. Answer: AE Explanation/Reference: Explanation Explanation/Reference: Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-managementcenter/212699-configure-ftd-high-availability-on-firep.html

QUESTION 3 On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface? A. transparent inline mode B. TAP mode C. strict TCP enforcement D. propagate link state Answer: D Explanation/Reference: Explanation Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmcconfig-guide-v64/ inline_sets_and_passive_interfaces_for_firepower_threat_defense.html

QUESTION 4 What are the minimum requirements to deploy a managed device inline? A. inline interfaces, security zones, MTU, and mode B. passive interface, MTU, and mode C. inline interfaces, MTU, and mode D. passive interface, security zone, MTU, and mode Answer: C Explanation/Reference: Explanation Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmcconfig-guide-v65/ ips_device_deployments_and_configuration.html

QUESTION 5 What is the difference between inline and inline tap on Cisco Firepower? A. Inline tap mode can send a copy of the traffic to another device. B. Inline tap mode does full packet capture. C. Inline mode cannot do SSL decryption. D. Inline mode can drop malicious traffic. Answer: D Explanation/Reference: Explanation Explanation/Reference:

QUESTION 6 With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance? A. inline set B. passive C. routed D. inline tap Answer: D Explanation/Reference: Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmcconfig-guide-v64/ interface_overview_for_firepower_threat_defense.html QUESTION 7 Which two deployment types support high availability? (Choose two.) A. transparent B. routed C. clustered D. intra-chassis multi-instance E. virtual appliance in public cloud Answer: AB Explanation/Reference: Explanation

Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmcconfig-guide-v61/ firepower_threat_defense_high_availability.html

QUESTION 8 Which protocol establishes network redundancy in a switched Firepower device deployment? A. STP B. HSRP C. GLBP D. VRRP Answer: A Explanation/Reference: Explanation Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmcconfig-guide-v62/ firepower_threat_defense_high_availability.html

QUESTION 9 Which interface type allows packets to be dropped? A. passive B. inline C. ERSPAN D. TAP Answer: B Explanation/Reference: Explanation Explanation/Reference: Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuringfirepower-threat-defense-int.html

QUESTION 10 With Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.) A. Redundant Interface B. EtherChannel C. Speed D. Media Type E. Duplex Answer: CE Explanation/Reference: Explanation Explanation/Reference: Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/fdm/fptd-fdm-config-guide-610/fptd-fdminterfaces.html

QUESTION 11 Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.) A. EIGRP B. OSPF C. static routing D. IS-IS E. BGP Answer: BE Explanation/Reference: OSPF + BGP can be configured from the GUI thats 100% Also you can configure EIGRP ont he FTD (but its not supported by the GUI yet, so you can only do it through Flexconfig) You can also configure Static Routing from the GUI > But its not a „dynamic routing protocol” so its not a correct answer here Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide660/fptd-fdm-routing.html

QUESTION 12 Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI? A. a default DMZ policy for which only a user can change the IP addresses. B. deny ip any C. no policy rule is included D. permit ip any Answer: C Explanation/Reference: Explanation Explanation/Reference:

QUESTION 13 What are two application layer preprocessors? (Choose two.) A. CIFS B. IMAP C. SSL D. DNP3 E. ICMP Answer: BC Explanation/Reference: Explanation Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmcconfig-guide-v60/Application_Layer_Preprocessors. html

QUESTION 14 Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.) A. OSPFv2 with IPv6 capabilities B. virtual links C. SHA authentication to OSPF packets D. area boundary router type 1 LSA filtering E. MD5 authentication to OSPF packets Answer: BE Explanation/Reference: You can configure „Virtual Links” on the FMC as well as MD5 authentication for OSPF >Area boundary router LSA filtering can be set, BUT only for type 3 LSAs Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmcconfig-guide-v62/ ospf_for_firepower_threat_defense.html

QUESTION 15 When creating a report template, how can the results be limited to show only the activity of a specific subnet? A. Create a custom search in Firepower Management Center and select it in each section of the report. B. Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/IP. C. Add a Table View section to the report with the Search field defined as the network in CIDR format. D. Select IP Address as the X-Axis in each section of the report. Answer: B Explanation/Reference: Explanation Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHTSystem-UserGuide-v5401/Reports.html#87267

QUESTION 16 What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment? A. VPN connections can be re-established only if the failed master unit recovers. B. Smart License is required to maintain VPN connections simultaneously across all cluster units. C. VPN connections must be re-established when a new master unit is elected. D. Only established VPN connections are maintained when a new master unit is elected. Answer: C Explanation/Reference: Option A is tempting, but VPN connections can also be re-established if a new master unit is elected (without the old recovering) Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-clustersolution.html#concept_g32_yml_y2b

QUESTION 17 Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.) A. The BVI IP address must be in a separate subnet from the connected network. B. Bridge groups are supported in both transparent and routed firewall modes. C. Bridge groups are supported only in transparent firewall mode. D. Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridgegroup members. E. Each directly connected network must be on the same subnet. Answer: BE Explanation/Reference: Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmcconfig-guide-v62/ transparent_or_routed_firewall_mode_for_firepower_threat_defense.html

QUESTION 18 Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123? A. configure manager local 10.0.0.10 Cisco123 B. configure manager add Cisco123 10.0.0.10 C. configure manager local Cisco123 10.0.0.10 D. configure manager add 10.0.0.10 Cisco123 Answer: D Explanation/Reference: Explanation Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/misc/fmc-ftd-mgmt-nw/fmc-ftdmgmt-nw.html#id_106101

QUESTION 19 Which two actions can be used in an access control policy rule? (Choose two.) A. Block with Reset B. Monitor C. Analyze D. Discover E. Block ALL Answer: AB Explanation/Reference: Actions you can use in an ACP rule: -Monitor -Block (with reset) -Interactive Block (and reset) -Allow -Trust Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-userguide/asa-firepower-module-user-guide-v541/ACRulesTuning-Overview.html#71854

QUESTION 20 Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.) A. BGPv6 B. ECMP with up to three equal cost paths across multiple interfaces C. ECMP with up to three equal cost paths across a single interface D. BGPv4 in transparent firewall mode E. BGPv4 with nonstop forwarding Answer: AE Explanation/Reference: Here are the answers that are 100% false: B and C because: „You can have up to 8 equal cost static or dynamic routes per interface. „ D > Becase even tho you can establish routing protocol adjacencies THROUGH a transparent firewalls (by allowing OSPF/BGP/RIP etc traffic through the firewall with ACP rules) > this DOES NOT mean that the firewall itself can form BGP adjacencies with another device while in transparent mode (this is just only my opinion please correct me if im wrong on the forums) Here are the answers that are 100% true: A (you can use BGP for ipv6 in FTD) Conclusion: B and C is 100% false / A is 100% right > that leaves us with D and E for the 2nd pick > I knonw that ASA supports BGP Non stop forwarding (And im also 95% sure that D is wrong) > This leaves us with A and E Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmcconfig-guide-v601/fpmc-config-guidev60_ chapter_01100011.html#ID-2101-0000000e

QUESTION 21 Which object type supports object overrides? A. time range B. security group tag C. network object D. DNS server group Answer: C Explanation/Reference:

You can use object overrides with the following object types only: -Network -Port -VLAN tag -URL

Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmcconfig-guide-v60/Reusable_Objects. html#concept_8BFE8B9A83D742D9B647A74F7AD50053

QUESTION 22 Which Cisco Firepower rule action displays an HTTP warning page? A. Monitor B. Block C. Interactive Block D. Allow with Warning Answer: C Explanation/Reference: With „interactive Block” (it only works for http/HTTPS web communication btw, cant do anything else with this rule) you can set up warning pages. For example you set this rule for a „risky” webpage and prompt the user on a warning page like „Hey man, you can continue on your own risk, but this will be a risky webpage” (after that its a good policy to log the traffic for whoever accepted this risk and went through to the webpage btw.) Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHTSystem-UserGuide-v5401/AC-Rules-Tuning-Overview. html#76698

QUESTION 23 What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface? A. The rate-limiting rule is disabled. B. Matching traffic is not rate limited. C. The system rate-limits all traffic. D. The system repeatedly generates warnings. Answer: B Explanation/Reference: „If you specify a limit greater than the maximum throughput of an interface, the system does not rate

limit matching traffic. Maximum throughput may be affected by an interface’s hardware configuration, which you specify in each device’s properties (Devices > Device Management).” Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmcconfig-guide-v62/quality_of_service_qos.pdf

QUESTION 24 Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces? A. FlexConfig B. BDI C. SGT D. IRB Answer: D Explanation/Reference: „Customers often want to have multiple physical interfaces configured to be part of the same

VLAN. The IRB feature meets this demand by allowing users to configure bridges in routed mode, and enables the devices to perform L2 switching between interfaces (including subinterfaces).” (In the old ASA days you were only able to run your Firewall in either „routed” or in „transparent” mode. Lets say you want your FTD to run in „routed mode”, but you also want to have 2 physical interfaces on your DMZ zone connecting to the 10.10.10.0/24 network. If you go on Ethernet 1 and configure it 10.10.10.2 /24 Then go to Ethernet 2 and configure it 10.10.10.3/24 > you will get an error message stating: „% 10.10.10.0 overlaps with Ethernet1” So in order to make this work IRB comes to help us out. We can put E1 and E2 in a „bridge group1” (so it will be handled as a „transparent” layer 2 section) and we can have layer 3 routing between „Bridge group1” and our layer 3 „Serial 0” interface)

(Picture is taken from a router scenario, but imagine that R1 is an FTD) Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/relnotes/Firepower_System_Release_N otes_Version_620/ new_features_and_functionality.html

QUESTION 25 In which two places can thresholding settings be configured? (Choose two.) A. on each IPS rule B. globally, within the network analysis policy C. globally, per intrusion policy D. on each access control rule E. per preprocessor, within the network analysis policy Answer: AC Explanation/Reference: Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-userguide/asa-firepower-module-user-guide-v541/IntrusionGlobal-Threshold.pdf

QUESTION 26 In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.) A. Traffic inspection can be interrupted temporarily when configuration changes are deployed. B. The system performs intrusion inspection followed by file inspection. C. They can block traffic based on Security Intelligence data. D. File policies use an associated variable set to perform intrusion prevention. E. The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters. Answer: AC Explanation/Reference: A. If we change IPS settings in the FMC and deploy them to the FTD a prompt usually warns us that it might cause temporary interruptions so this is 100% true C. You can block traffic with Security Intelligence (IP addresses / URLS / Entire domains) > The process is called „Blacklisting” Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmcconfig-guide-v60/ Access_Control_Using_Intrusion_and_File_Policies.html

QUESTION 27 Which two types of objects are reusable and supported by Cisco FMC? (Choose two.) A. dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols. B. reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists C. network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country D. network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country E. reputation-based objects, such as URL categories Answer: BC Explanation/Reference: Explanation Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmcconfig-guide-v62/reusable_objects.html#ID-224300000414

QUESTION 28 What is the benefit of selecting the trace option for packet capture? A. The option indicates whether the packet was dropped or successful. B. The option indicated whether the destination host responds through a different path. C. The option limits the number of packets that are captured. D. The option captures details of each packet. Answer: A Explanation/Reference: „Packet capture is available with the trace option, which provides you with a verdict as to whether

the packet is dropped or successful.” Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guidev62/troubleshooting_the_system.html

QUESTION 29 After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file? A. /etc/sf/DCMIB.ALERT B. /sf/etc/DCEALERT.MIB C. /etc/sf/DCEALERT.MIB D. system/etc/DCEALERT.MIB Answer: C Explanation/Reference:

„If your network management system requires a management information base file (MIB), you can obtain it from the ASA FirePOWER module at /etc/sf/DCEALERT.MIB” Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-userguide/asa-firepower-module-user-guide-v541/IntrusionExternal-Responses.pdf QUESTION 30 Which command is run at the CLI when logged in to an FTD unit, to determine whether the unit is managed locally or by a remote FMC server? A. system generate-troubleshoot B. show configuration session C. show managers D. show running-config | include manager Answer: C Explanation/Reference: Explanation Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_ Firepower_Threat_Defense/c_3.html

QUESTION 31 Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface? A. configure coredump packet-engine enable B. capture-traffic C. capture D. capture WORD Answer: B Explanation/Reference: Explanation Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_ Firepower_Threat_Defense/ac_1. html

QUESTION 32 How many report templates does the Cisco Firepower Management Center support? A. 20 B. 10 C. 5 D. unlimited Answer: D Explanation/Reference: Explanation Explanation/Reference: Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmcconfig-guide-v60/Working_with_Reports.html

QUESTION 33 Which action should be taken after editing an object that is used inside an access control policy? A. Delete the existing object in use. B. Refresh the Cisco FMC GUI for the access control policy. C. Redeploy the updated configuration. D. Create another rule using a different object name. Answer: C ...