[December-2021]Braindump2go 300-710 Exam Questions PDF Instant Download[Q174-Q184]

December/2021 Latest Braindump2go 300-710 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 300-710 Real Exam Questions!

QUESTION 174
An engineer must define a URL object on Cisco FMC.
What is the correct method to specify the URL without performing SSL inspection?

A. Use Subject Common Name value.
B. Specify all subdomains in the object group.
C. Specify the protocol in the object.
D. Include all URLs from CRL Distribution Points.

Answer: A

QUESTION 175
An analyst is reviewing the Cisco FMC reports for the week. They notice that some peer-to-peer applications are being used on the network and they must identify which poses the greatest risk to the environment. Which report gives the analyst this information?

A. Attacks Risk Report
B. User Risk Report
C. Network Risk Report
D. Advanced Malware Risk Report

Answer: C

QUESTION 176
An administrator is adding a new URL-based category feed to the Cisco FMC for use within the policies.
The intelligence source does not use STIX. but instead uses a .txt file format.
Which action ensures that regular updates are provided?

A. Add a URL source and select the flat file type within Cisco FMC.
B. Upload the .txt file and configure automatic updates using the embedded URL.
C. Add a TAXII feed source and input the URL for the feed.
D. Convert the .txt file to STIX and upload it to the Cisco FMC.

Answer: C

QUESTION 177
A network administrator reviews the file report for the last month and notices that all file types, except exe. show a disposition of unknown.
What is the cause of this issue?

A. The malware license has not been applied to the Cisco FTD.
B. The Cisco FMC cannot reach the Internet to analyze files.
C. A file policy has not been applied to the access policy.
D. Only Spero file analysis is enabled.

Answer: A

QUESTION 178
Which firewall design allows a firewall to forward traffic at layer 2 and layer 3 for the same subnet?

A. Cisco Firepower Threat Defense mode
B. transparent mode
C. routed mode
D. integrated routing and bridging

Answer: A

QUESTION 179
An engineer is reviewing a ticket that requests to allow traffic for some devices that must connect to a server over 8699/udp. The request mentions only one IP address, 172.16.18.15, but the requestor asked for the engineer to open the port for all machines that have been trying to connect to it over the last week. Which action must the engineer take to troubleshoot this issue?

A. Use the context explorer to see the application blocks by protocol.
B. Use the context explorer to see the destination port blocks
C. Filter the connection events by the source port 8699/udp.
D. Filter the connection events by the destination port 8699/udp.

Answer: D

QUESTION 180
A security engineer is configuring a remote Cisco FTD that has limited resources and internet bandwidth.
Which malware action and protection option should be configured to reduce the requirement for cloud lookups?

A. Malware Cloud Lookup and dynamic analysis
B. Block Malware action and dynamic analysis
C. Block Malware action and local malware analysis
D. Block File action and local malware analysis

Answer: B

QUESTION 181
An administrator receives reports that users cannot access a cloud-hosted web server. The access control policy was recently updated with several new policy additions and URL filtering. What must be done to troubleshoot the issue and restore access without sacrificing the organization’s security posture?

A. Create a new access control policy rule to allow ports 80 and 443 to the FQDN of the web server.
B. Identify the blocked traffic in the Cisco FMC connection events to validate the block, and modify the policy to allow the traffic to the web server.
C. Verify the blocks using the packet capture tool and create a rule with the action monitor for the traffic.
D. Download a PCAP of the traffic attempts to verify the blocks and use the flexconfig objects to create a rule that allows only the required traffic to the destination server.

Answer: A

QUESTION 182
Refer to the exhibit. An engineer is modifying an access control policy to add a rule to Inspect all DNS traffic that passes it making the change and deploying the policy, they see that DNS traffic Is not being Inspected by the Snort engine. What is……?

A. The rule must specify the security zone that originates the traffic.
B. The rule Is configured with the wrong setting for the source port.
C. The rule must define the source network for inspection as well as the port.

Answer: A

QUESTION 183
A Cisco FTD has two physical interfaces assigned to a BVI. Each interface is connected to a different VLAN on the same switch.
Which firewall mode is the Cisco FTD set up to support?

A. active/active failover
B. transparent
C. routed
D. high availability clustering

Answer: C

QUESTION 184
While integrating Cisco Umbrella with Cisco Threat Response, a network security engineer wants to automatically push blocking of domains from the Cisco Threat Response interface to Cisco Umbrella. Which API meets this requirement?

A. investigate
B. reporting
C. enforcement
D. REST

Answer: C


Resources From:

1.2021 Latest Braindump2go 300-710 Exam Dumps (PDF & VCE) Free Share:
https://www.braindump2go.com/300-710.html

2.2021 Latest Braindump2go 300-710 PDF and 300-710 VCE Dumps Free Share:
https://drive.google.com/drive/folders/1k8dhswD5V9ioQSctkVOlp0ooiELn46gL?usp=sharing

3.2021 Free Braindump2go 300-710 Exam Questions Download:
https://www.braindump2go.com/free-online-pdf/300-710-PDF-Dumps(174-184).pdf

Free Resources from Braindump2go,We Devoted to Helping You 100% Pass All Exams!

         

Comments are closed.