300-710Free trialFree trial

By cisco
Aug, 2025

Verified

25Q per page

Question 1

What is a result of enabling Cisco FTD clustering?

  • A: For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.
  • B: Integrated Routing and Bridging is supported on the master unit.
  • C: Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.
  • D: All Firepower appliances support Cisco FTD clustering.

Question 2

Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)

  • A: Redundant Interface
  • B: EtherChannel
  • C: Speed
  • D: Media Type
  • E: Duplex

Question 3

An engineer has been asked to show application usages automatically on a monthly basis and send the information to management. What mechanism should be used to accomplish this task?

  • A: reports
  • B: context explorer
  • C: dashboards
  • D: event viewer

Question 4

A network administrator is configuring SNORT inspection policies and is seeing failed deployment messages in Cisco FMC. What information should the administrator generate for Cisco TAC to help troubleshoot?

  • A: A ג€troubleshootג€ file for the device in question.
  • B: A ג€show techג€ file for the device in question.
  • C: A ג€troubleshootג€ file for the Cisco FMC.
  • D: A ג€show techג€ for the Cisco FMC.

Question 5

An engineer is troubleshooting a device that cannot connect to a web server. The connection is initiated from the Cisco FTD inside interface and attempting to reach 10.0.1.100 over the non-standard port of 9443. The host the engineer is attempting the connection from is at the IP address of 10.20.10.20. In order to determine what is happening to the packets on the network, the engineer decides to use the FTD packet capture tool. Which capture configuration should be used to gather the information needed to troubleshoot the issue?
A.

Image 1

B.

Image 2

C.

Image 3

D.

Image 4

Question 6

A network engineer is receiving reports of users randomly getting disconnected from their corporate applications which traverse the data center FTD appliance.
Network monitoring tools show that the FTD appliance utilization is peaking above 90% of total capacity. What must be done in order to further analyze this issue?

  • A: Use the Packet Export feature to save data onto external drives.
  • B: Use the Packet Capture feature to collect real-time network traffic.
  • C: Use the Packet Tracer feature for traffic policy analysis.
  • D: Use the Packet Analysis feature for capturing network data.

Question 7

An administrator is attempting to remotely log into a switch in the data center using SSH and is unable to connect. How does the administrator confirm that traffic is reaching the firewall?

  • A: by performing a packet capture on the firewall
  • B: by attempting to access it from a different workstation
  • C: by running Wireshark on the administrator's PC
  • D: by running a packet tracer on the firewall

Question 8

IT management is asking the network engineer to provide high-level summary statistics of the Cisco FTD appliance in the network. The business is approaching a peak season so the need to maintain business uptime is high. Which report type should be used to gather this information?

  • A: Risk Report
  • B: SNMP Report
  • C: Standard Report
  • D: Malware Report

Question 9

An administrator is setting up Cisco FirePower to send data to the Cisco Stealthwatch appliances. The NetFlow_Set_Parameters objet is already created, but
NetFlow is not being sent to the flow collector. What must be done to prevent this from occurring?

  • A: Create a service identifier to enable the NetFlow service.
  • B: Add the NetFlow_Send_Destination object to the configuration.
  • C: Create a Security Intelligence object to send the data to Cisco Stealthwatch.
  • D: Add the NetFlow_Add_Destination object to the configuration.

Question 10

With a recent summer time change, system logs are showing activity that occurred to be an hour behind real time. Which action should be taken to resolve this issue?

  • A: Manually adjust the time to the correct hour on all managed devices.
  • B: Configure the system clock settings to use NTP with Daylight Savings checked.
  • C: Configure the system clock settings to use NTP.
  • D: Manually adjust the time to the correct hour on the Cisco FMC.

Question 11

A network administrator notices that SI events are not being updated. The Cisco FTD device is unable to load all of the SI event entries and traffic is not being blocked as expected. What must be done to correct this issue?

  • A: Restart the affected devices in order to reset the configurations.
  • B: Redeploy configurations to affected devices so that additional memory is allocated to the SI module.
  • C: Replace the affected devices with devices that provide more memory.
  • D: Manually update the SI event entries to that the appropriate traffic is blocked.

Question 12

Which two dynamic routing protocols are supported in Cisco FTD without using FlexConfig? (Choose two.)

  • A: EIGRP
  • B: OSPF
  • C: static routing
  • D: IS-IS
  • E: BGP

Question 13

Image 1

Refer to the exhibit. What must be done to fix access to this website while preventing the same communication to all other websites?

  • A: Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1.50.
  • B: Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50.
  • C: Create an access control policy rule to allow port 443 to only 172.1.1.50.
  • D: Create an access control policy rule to allow port 80 to only 172.1.1.50.

Question 14

A connectivity issue is occurring between a client and a server which are communicating through a Cisco Firepower device. While troubleshooting, a network administrator sees that traffic is reaching the server, but the client is not getting a response. Which step must be taken to resolve this issue without initiating traffic from the client?

  • A: Use packet-tracer to ensure that traffic is not being blocked by an access list
  • B: Use packet capture to ensure that traffic is not being blocked by an access list
  • C: Use packet capture to validate that the packet passes through the firewall and is NATed to the corrected IP address
  • D: Use packet-tracer to validate that the packet passes through the firewall and is NATed to the corrected IP address

Question 15

A VPN user is unable to connect to web resources behind the Cisco FTD device terminating the connection. While troubleshooting, the network administrator determines that the DNS response are not getting through the Cisco FTD. What must be done to address this issue while still utilizing Snort IPS rules?

  • A: Uncheck the ג€Drop when Inlineג€ box in the intrusion policy to allow the traffic
  • B: Modify the Snort rules to allow legitimate DNS traffic to the VPN users
  • C: Disable the intrusion rule thresholds to optimize the Snort processing
  • D: Decrypt the packet after the VPN flow so the DNS queries are not inspected

Question 16

An organization has a Cisco IPS running in inline mode and is inspecting traffic for malicious activity. When traffic is received by the Cisco IPS, if it is not dropped, how does the traffic get to its destination?

  • A: It is retransmitted from the Cisco IPS inline set
  • B: The packets are duplicated and a copy is sent to the destination
  • C: It is transmitted out of the Cisco IPS outside interface
  • D: It is routed back to the Cisco ASA interfaces for transmission

Question 17

An engineer is investigating connectivity problems on Cisco Firepower that is using service group tags. Specific devices are not being tagged correctly, which is preventing clients from using the proper policies when going through the firewall. How is this issue resolved?

  • A: Use traceroute with advanced options
  • B: Use Wireshark with an IP subnet filter
  • C: Use a packet capture with match criteria
  • D: Use a packet sniffer with correct filtering

Question 18

An organization must be able to ingest NetFlow traffic from their Cisco FTD device to Cisco Stealthwatch for behavioral analysis. What must be configured on the
Cisco FTD to meet this requirement?

  • A: flexconfig object for NetFlow
  • B: interface object to export NetFlow
  • C: security intelligence object for NetFlow
  • D: variable set object for NetFlow

Question 19

An engineer must build redundancy into the network and traffic must continuously flow if a redundant switch in front of the firewall goes down. What must be configured to accomplish this task?

  • A: redundant interfaces on the firewall cluster mode and switches
  • B: redundant interfaces on the firewall noncluster mode and switches
  • C: vPC on the switches to the interface mode on the firewall cluster
  • D: vPC on the switches to the span EtherChannel on the firewall cluster

Question 20

A network administrator notices that inspection has been interrupted on all non-managed interfaces of a device. What is the cause of this?

  • A: The value of the highest MTU assigned to any non-management interface was changed
  • B: The value of the highest MSS assigned to any non-management interface was changed
  • C: A passive interface was associated with a security zone
  • D: Multiple inline interface pairs were added to the same inline interface

Question 21

A network administrator needs to create a policy on Cisco Firepower to fast-path traffic to avoid Layer 7 inspection. The rate at which traffic is inspected must be optimized. What must be done to achieve this goal?

  • A: Enable the FXOS for multi-instance
  • B: Configure a prefilter policy
  • C: Configure modular policy framework
  • D: Disable TCP inspection

Question 22

Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?

  • A: a default DMZ policy for which only a user can change the IP addresses.
  • B: deny ip any
  • C: no policy rule is included
  • D: permit ip any

Question 23

A network engineer is tasked with minimizing traffic interruption during peak traffic times. When the SNORT inspection engine is overwhelmed, what must be configured to alleviate this issue?

  • A: Enable IPS inline link state propagation
  • B: Enable Pre-filter policies before the SNORT engine failure
  • C: Set a Trust ALL access control policy
  • D: Enable Automatic Application Bypass

Question 24

Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked? (Choose two.)

  • A: application blocking
  • B: simple custom detection
  • C: file repository
  • D: exclusions
  • E: application allow listing

Question 25

Which Cisco AMP for Endpoints policy is used only for monitoring endpoint activity?

  • A: Windows domain controller
  • B: audit
  • C: triage
  • D: protection
Page 1 of 14 • Questions 1-25 of 329
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!