300-710 Free Practice Test

- (Exam Topic 5)
An engainer must add DNS-specific rules to me Cisco FTD intrusion policy. The engineer wants to use the rules currently in the Cisco FTD Snort database that are not already enabled but does not want to enable more than are needed. Which action meets these requirements?

1. A. Change the dynamic state of the rule within the policy.
2. B. Change the base policy to Security over Connectivity.
3. C. Change the rule state within the policy being used.
4. D. Change the rules using the Generate and Use Recommendations feature.

Correct Answer: C

- (Exam Topic 5)
An engineer is setting up a remote access VPN on a Cisco FTD device and wants to define which traffic gets sent over the VPN tunnel. Which named object type in Cisco FMC must be used to accomplish this task?

1. A. split tunnel
2. B. crypto map
3. C. access list
4. D. route map

Correct Answer: A

- (Exam Topic 5)
An engineer installs a Cisco FTD device and wants to inspect traffic within the same subnet passing through a firewall and inspect traffic destined to the internet.
Which configuration will meet this requirement?

1. A. transparent firewall mode with IRB only
2. B. routed firewall mode with BVI and routed interfaces
3. C. transparent firewall mode with multiple BVIs
4. D. routed firewall mode with routed interfaces only

Correct Answer: C

- (Exam Topic 5)
Which process should be checked when troubleshooting registration issues between Cisco FMC and managed devices to verify that secure communication is occurring?

1. A. fpcollect
2. B. dhclient
3. C. sfmgr
4. D. sftunnel

Correct Answer: D

- (Exam Topic 5)
A security engineer must integrate an external feed containing STIX/TAXII data with Cisco FMC. Which feature must be enabled on the Cisco FMC to support this connection?

1. A. Cisco Success Network
2. B. Cisco Secure Endpoint Integration
3. C. Threat Intelligence Director
4. D. Security Intelligence Feeds

Correct Answer: C