Month End Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

300-710 Exam Dumps - Cisco CCNP Security Questions and Answers

Question # 24

Refer to the exhibit. An engineer is configuring a high-availability solution that has the hardware devices and software versions:

two Cisco Secure Firewall 9300 Security Appliances with FXOS SW 2.0(1.23)

software Cisco Secure Firewall Threat Defense 6.0.1.1 (build 1023) on both appliances

one Cisco Secure Firewall Management Center with SW 6.0.1.1 (build 1023)

Which condition must be met to complete the high-availability configuration?

Options:

A.

DHCP must be configured on at least one firewall interface.

B.

The version numbers must have the same patch number.

C.

Both firewalls must have the same number of interfaces.

D.

Both firewalls must be in transparent mode.

Buy Now
Question # 25

An engineer is integrating Cisco Secure Endpoint with Cisco Secure Firewall Management Center in high availability mode. Malware events detected by Secure Endpoint must also be

received by Secure Firewall Management Center and public cloud services are used. Which two configurations must be selected on both high availability peers independently? (Choose two.)

Options:

A.

internet connection

B.

Smart Software Manager Satellite

C.

Cisco Success Network

D.

security group tag

E.

Secure Endpoint Cloud Connection

Buy Now
Question # 26

A network administrator is concerned about (he high number of malware files affecting users' machines. What must be done within the access control policy in Cisco FMC to address this concern?

Options:

A.

Create an intrusion policy and set the access control policy to block.

B.

Create an intrusion policy and set the access control policy to allow.

C.

Create a file policy and set the access control policy to allow.

D.

Create a file policy and set the access control policy to block.

Buy Now
Question # 27

What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

Options:

A.

VPN connections can be re-established only if the failed master unit recovers.

B.

Smart License is required to maintain VPN connections simultaneously across all cluster units.

C.

VPN connections must be re-established when a new master unit is elected.

D.

Only established VPN connections are maintained when a new master unit is elected.

Buy Now
Question # 28

An administrator is configuring a new report template off. of a saved search within Cisco Secure Firewall Management Centre. The goal is to use the malware analysis report template, but use a different type saved search as the basis. The report is not working. What must be considered when configuring this report template?

Options:

A.

Saved searches can be used for the same report template only

B.

Saved searches are available freely for all report templates within the same domain.

C.

Saved searches from a different report template must be used.

D.

Saved searches must be renamed before using for different report template.

Buy Now
Question # 29

An engineer is setting up a remote access VPN on a Cisco FTD device and wants to define which traffic gets sent over the VPN tunnel. Which named object type in Cisco FMC must be used to accomplish this task?

Options:

A.

split tunnel

B.

crypto map

C.

access list

D.

route map

Buy Now
Question # 30

An engineer must build redundancy into the network and traffic must continuously flow if a redundant switch in front of the firewall goes down. What must be configured to accomplish this task?

Options:

A.

redundant interfaces on the firewall cluster mode and switches

B.

redundant interfaces on the firewall noncluster mode and switches

C.

vPC on the switches to the interface mode on the firewall duster

D.

vPC on the switches to the span EtherChannel on the firewall cluster

Buy Now
Question # 31

An engineer runs the command restore remote-manager-backup location 2.2.2.2 admin /Volume/home/admin FTD408566513.zip on a Cisco FMC. After connecting to the repository, the Cisco FTD device is unable to accept the backup file. What is the reason for this failure?

Options:

A.

The backup file is not in .cfg format.

B.

The wrong IP address is used.

C.

The backup file extension was changed from .tar to .zip.

D.

The directory location is incorrect.

Buy Now
Question # 32

A network administrator is trying to convert from LDAP to LDAPS for VPN user authentication on a Cisco FTD. Which action must be taken on the Cisco FTD objects to accomplish this task?

Options:

A.

Add a Key Chain object to acquire the LDAPS certificate.

B.

Create a Certificate Enrollment object to get the LDAPS certificate needed.

C.

Identify the LDAPS cipher suite and use a Cipher Suite List object to define the Cisco FTD connection requirements.

D.

Modify the Policy List object to define the session requirements for LDAPS.

Buy Now
Question # 33

An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behaviour. How is this accomplished?

Options:

A.

Modify the access control policy to redirect interesting traffic to the engine

B.

Modify the network discovery policy to detect new hosts to inspect

C.

Modify the network analysis policy to process the packets for inspection

D.

Modify the intrusion policy to determine the minimum severity of an event to inspect.

Buy Now
Exam Code: 300-710
Exam Name: Securing Networks with Cisco Firepower (300-710 SNCF)
Last Update: Jan 29, 2026
Questions: 385
300-710 pdf

300-710 PDF

$28.5  $94.99
 Add to Cart
300-710 Engine

300-710 Testing Engine

$33  $109.99
 Add to Cart
300-710 PDF + Engine

300-710 PDF + Testing Engine

$43.5  $144.99
 Add to Cart