300-710 Exam Dumps - Cisco CCNP Security Questions and Answers

Question # 54

What is a functionality of port objects in Cisco FMC?

Options:

to mix transport protocols when setting both source and destination port conditions in a rule

to represent protocols other than TCP, UDP, and ICMP

to represent all protocols in the same way

to add any protocol other than TCP or UDP for source port conditions in access control rules.

Buy Now

Question # 55

After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file?

Options:

/etc/sf/DCMIB.ALERT

/sf/etc/DCEALERT.MIB

/etc/sf/DCEALERT.MIB

system/etc/DCEALERT.MIB

Buy Now

Question # 56

Refer to the exhibit.

What is the effect of the existing Cisco FMC configuration?

Options:

The remote management port for communication between the Cisco FMC and the managed device changes to port 8443.

The managed device is deleted from the Cisco FMC.

The SSL-encrypted communication channel between the Cisco FMC and the managed device becomes plain-text communication channel.

The management connection between the Cisco FMC and the Cisco FTD is disabled.

Buy Now

Question # 57

Refer to the exhibit.

An administrator is looking at some of the reporting capabilities for Cisco Firepower and noticed this section of the Network Risk report showing a lot of SSL activity that cloud be used for evasion. Which action will mitigate this risk?

Options:

Use SSL decryption to analyze the packets.

Use encrypted traffic analytics to detect attacks

Use Cisco AMP for Endpoints to block all SSL connection

Use Cisco Tetration to track SSL connections to servers.

Buy Now

Question # 58

A security analyst must create a new report within Cisco FMC to show an overview of the daily attacks, vulnerabilities, and connections. The analyst wants to reuse specific dashboards from other reports to create this consolidated one. Which action accomplishes this task?

Options:

Create a new dashboard object via Object Management to represent the desired views.

Modify the Custom Workflows within the Cisco FMC to feed the desired data into the new report.

Copy the Malware Report and modify the sections to pull components from other reports.

Use the import feature in the newly created report to select which dashboards to add.

Buy Now

Question # 59

An engineer must define a URL object on Cisco FMC. What is the correct method to specify the URL without performing SSL inspection?

Options:

Use Subject Common Name value.

Specify all subdomains in the object group.

Specify the protocol in the object.

Include all URLs from CRL Distribution Points.

Buy Now

Question # 60

A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. Which technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?

Options:

utilizing a dynamic Access Control Policy that updates from Cisco Talos

utilizing policy inheritance

creating a unique Access Control Policy per device

creating an Access Control Policy with an INSIDE_NET network object and object overrides

Buy Now

Question # 61

An engineer integrates Cisco FMC and Cisco ISE using pxGrid. Which role is assigned for Cisco FMC?

Options:

controller

publisher

client

server

Buy Now

Question # 62

A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash. Which configuration is needed to mitigate this threat?

Options:

Add the hash to the simple custom deletion list.

Use regular expressions to block the malicious file.

Enable a personal firewall in the infected endpoint.

Add the hash from the infected endpoint to the network block list.

Buy Now

Question # 63

An engineer must deploy a Cisco FTD device. Management wants to examine traffic without requiring network changes that will disrupt end users. Corporate security policy requires the separation of management traffic from data traffic and the use of SSH over Telnet for remote administration. How must the device be deployed to meet these requirements?

Options:

in routed mode with a diagnostic interface

in transparent mode with a management Interface

in transparent made with a data interface

in routed mode with a bridge virtual interface

Buy Now

Answer:

Explanation:

To deploy a Cisco FTD device that meets the requirements of the question, the engineer must use transparent mode with a management interface. Transparent mode is a firewall configuration in which the FTD device acts as a “bump in the wire” or a “stealth firewall” and is not seen as a router hop to connected devices. In transparent mode, the FTD device can examine traffic without requiring network changes that will disrupt end users, such as changing IP addresses or routingconfigurations1. A management interface is a dedicated interface that is used for managing the FTD device and separating management traffic from data traffic. A management interface can be configured to allow SSH access for remote administration, which is more secure than Telnet2.

The other options are incorrect because:

Routed mode is a firewall configuration in which the FTD device acts as a router and performs address translation and routing for connected networks. Routed mode requires network changes that may disrupt end users, such as changing IP addresses or routing configurations1. A diagnostic interface is a special interface that is used for troubleshooting and capturing traffic on the FTD device. A diagnostic interface does not separate management traffic from data traffic or allow SSH access for remote administration.

Transparent mode with a data interface does not meet the requirement of separating management traffic from data traffic. A data interface is a regular interface that is used for passing and inspecting traffic on the FTD device. A data interface does not allow SSH access for remote administration2.

Routed mode with a bridge virtual interface (BVI) does not meet the requirement of examining traffic without requiring network changes that will disrupt end users. A BVI is a logical interface that acts as a container for one or more physical or logical interfaces that belong to the same layer 2 broadcast domain. A BVI allows the FTD device to route between different bridge groups on the same security module/engine. However, routed mode still requires network changes that may disrupt end users, such as changing IP addresses or routing configurations.

Exam Code: 300-710

Exam Name: Securing Networks with Cisco Firepower (300-710 SNCF)

Last Update: Jun 14, 2025

Questions: 376

300-710 PDF

$33.25 ~~$94.99~~

Add to Cart

300-710 Testing Engine

$38.5 ~~$109.99~~

Add to Cart

300-710 PDF + Testing Engine

$50.75 ~~$144.99~~

Add to Cart

Weekend Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

certsboard certification exams

Navigation:

300-710 Exam Dumps - Cisco CCNP Security Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

300-710 PDF

300-710 Testing Engine

300-710 PDF + Testing Engine

Quick Links

Recently New Released Certification Exams

Site Secure