« 返回题库列表2026 CCNP300-710考试试题与答案解析|最新题库+高频考点汇总
问题 #1
A network administrator notices that SI events are not being updated. The Cisco FTD device is unable to load all of the SI event entries and traffic is not being blocked as expected. What must be done to correct this issue?
A. Replace the affected devices with devices that provide more memory.
B. Manually update the SI event entries to that the appropriate traffic is blocked.
C. Restart the affected devices in order to reset the configurations.
D. Redeploy configurations to affected devices so that additional memory is allocated to the SI module.
问题 #2
An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighboring Cisco devices or use multicast in their environment. What must be done to
A. Create a firewall rule to allow CDP traffic
B. Create a bridge group with the firewall interfaces.
C. Change the firewall mode to transparent.
D. Change the firewall mode to routed.
问题 #3
An engineer must export a packet capture from Cisco Secure Firewall Management Center to assist in troubleshooting an issue on a Secure Firewall Threat Defense device. When the engineer navigates to the URL for Secure Firewall Management Center at: https:
A. Disable the HTTPS server and use HTTP instead.
B. Enable the HTTPS server for the device platform policy.
C. Disable the proxy setting on the browser.
D. Use the Cisco FTD IP address as the proxy server setting on the browser.
问题 #4
An analyst is investigating a potentially compromised endpoint within the network and pulls a host report for the endpoint in question to collect metrics and documentation. What information should be taken from this report for the investigation?
A. threat detections over time and application protocols transferring malware
B. number of attacked machines, sources of the attack, and traffic patterns
C. client applications by user, web applications, and user connections
D. intrusion events, host connections, and user sessions
问题 #5
A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that
A. Send Cisco FTD connection events directly to a SIEM system and forward security events from Cisco FMC to the SIEM system for storage and analysis.
B. Send Cisco FTD connection events and security events directly to SIEM system for storage and analysis.
C. Send Cisco FTD connection events and security events to a cluster of Cisco FMC devices for storage and analysis.
D. Send Cisco FTD connection events and security events to Cisco FMC and configure it to forward logs to SIEM for storage and analysis.
问题 #6
An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ. Which action should the engineer take to troubleshoot this issue using the real DNS packets?
A. Use the show blocks command in the Threat Defense CLI tool and create a policy to allow the blocked traffic.
B. Use the packet tracer tool to determine at which hop the packet is being dropped.
C. Use the packet capture tool to check where the traffic is being blocked and adjust the access control or intrusion policy as needed.
D. Use the Connection Events dashboard to check the block reason and adjust the inspection policy as needed.
问题 #7
An administrator must use Cisco FMC to install a backup route within the Cisco FTD to route traffic in case of a routing failure with the primary route. Which action accomplishes this task?
A. Install the static backup route and modify the metric to be less than the primary route.
B. Create the backup route and use route tracking on both routes to a destination IP address in the network.
C. Use a default route on the FMC instead of having multiple routes contending for priority.
D. Configure EIGRP routing on the FMC to ensure that dynamic routes are always updated.
问题 #8
The administrator notices that there is malware present with an exe extension and needs to verify if any of the systems on the network are running the executable file. What must be configured within Cisco AMP for Endpoints to show this data?
A. vulnerable software
B. prevalence
C. threat root cause
D. file analysis
问题 #9
An organization is migrating their Cisco ASA devices running in multicontext mode to Cisco FTD devices. Which action must be taken to ensure that each context on the ASA is logically separated in the FTD devices?
A. Configure the FTD to use port channels spanning multiple networks.
B. Configure a container instance in the FTD for each context in the AS
A.
C. Add the FTD device to the ASA port channels.
D. Add a native instance to distribute traffic to each FTD context.
问题 #10
A Cisco FTD has two physical interfaces assigned to a BVI. Each interface is connected to a different VLAN on the same switch. Which firewall mode is the Cisco FTD set up to support?
A. routed
B. active/active failover
C. transparent
D. high availability clustering
问题 #11
A network administrator reviews the file report for the last month and notices that all file types, except exe, show a disposition of unknown. What is the cause of this issue?
A. Only Spero file analysis is enabled.
B. The malware license has not been applied to the Cisco FTD.
C. A file policy has not been applied to the access policy.
D. The Cisco FMC cannot reach the Internet to analyze files.
问题 #12
Which firewall design allows a firewall to forward traffic at layer 2 and layer 3 for the same subnet?
A. routed mode
B. Cisco Firepower Threat Defense mode
C. integrated routing and bridging
D. transparent mode
问题 #13
A network administrator configured a NAT policy that translates a public IP address to an internal web server IP address. An access policy has also been created that allows any source to reach the public IP address on port 80. The web server is still not
A. The access policy must allow traffic to the internal web server IP address.
B. The access policy rule must be configured for the action trust.
C. The intrusion policy must be disabled for port 80.
D. The NAT policy must be modified to translate the source IP address as well as destination IP address.
问题 #14
What is the role of the casebook feature in Cisco Threat Response?
A. alert prioritization
B. pulling data via the browser extension
C. sharing threat analysis
D. triage automation with alerting
问题 #15
An engineer is investigating connectivity problems on Cisco Firepower for a specific SGT. Which command allows the engineer to capture real packets that pass through the firewall using an SGT of 64?
A. capture CAP headers-only type inline-tag 64 match ip any any
B. capture CAP buffer 64 match ip any any
C. capture CAP match 64 type inline-tag ip any any
D. capture CAP type inline-tag 64 match ip any any
问题 #16
An organization recently implemented a transparent Cisco FTD in their network. The organization must ensure that the device does not respond to insecure SSL/TLS protocols. Which action accomplishes this task?
A. Modify the device's settings using the device management feature within Cisco FMC to force only secure protocols.
B. Configure a FlexConfig object to disable any insecure TLS protocols on the Cisco FTD device.
C. Enable the UCAPL/CC compliance on the device to support only the most secure protocols available.
D. Use the Cisco FTD platform policy to change the minimum SSL version on the device to TLS 1.2.
问题 #17
An engineer wants to change an existing transparent Cisco FTD to routed mode. The device controls traffic between two network segments. Which action is mandatory to allow hosts to reestablish communication between these two segments after the change?
A. Implement non-overlapping IP subnets on each segment.
B. Assign unique VLAN IDs to each firewall interface.
C. Configure multiple BVIs to route between segments.
D. Remove the existing dynamic routing protocol settings.
问题 #18
A network administrator is migrating from a Cisco ASA to a Cisco FTD. EIGRP is configured on the Cisco ASA, but it is not available in the Cisco FMC. Which action must the administrator take to enable this feature on the Cisco FTD?
A. Add the command feature eigrp via the FTD CLI.
B. Enable advanced configuration options in the FMC.
C. Configure EIGRP parameters using FlexConfig objects.
D. Create a custom variable set and enable the feature in the variable set.
问题 #19
A security analyst must create a new report within Cisco FMC to show an overview of the daily attacks, vulnerabilities, and connections. The analyst wants to reuse specific dashboards from other reports to create this consolidated one. Which action accomp
A. Use the import feature in the newly created report to select which dashboards to add.
B. Copy the Malware Report and modify the sections to pull components from other reports.
C. Modify the Custom Workflows within the Cisco FMC to feed the desired data into the new report.
D. Create a new dashboard object via Object Management to represent the desired views.
问题 #20
Which feature is supported by IRB on Cisco FTD devices?
A. high-availability cluster
B. redundant interface
C. EtherChannel interface
D. dynamic routing protocol
问题 #21
A network administrator registered a new FTD to an existing FMC. The administrator cannot place the FTD in transparent mode. Which action enables transparent mode?
A. Assign an IP address to two physical interfaces.
B. Deregister the FTD device from FMC and configure transparent mode via the CLI.
C. Obtain an FTD model that supports transparent mode.
D. Add a Bridge Group Interface to the FTD before transparent mode is configured.
问题 #22
A network engineer must provide redundancy between two Cisco FTD devices. The redundancy configuration must include automatic configuration, translation, and connection updates. After the initial configuration of the two appliances, which two steps must b
A. Configure the standby IP addresses.
B. Configure the virtual MAC address on the failover link.
C. Configure the failover link with stateful properties.
D. Ensure the high availability license is enabled.
E. Disable hellos on the inside interface.
问题 #23
An engineer attempts to pull the configuration for a Cisco FTD sensor to review with Cisco TAC but does not have direct access to the CLI for the device. The CLI for the device is managed by Cisco FMC to which the engineer has access. Which action in Cisc
A. Download the configuration file within the File Download section of Cisco FMC.
B. Export the configuration using the Import/Export tool within Cisco FMC.
C. Create a backup of the configuration within the Cisco FMC.
D. Use the show run all command in the Cisco FTD CLI feature within Cisco FMC.
问题 #24
A network administrator is configuring a Cisco AMP public cloud instance and wants to capture infections and polymorphic variants of a threat to help detect families of malware. Which detection engine meets this requirement?
A. Tetra
B. Spero
C. Ethos
D. RBAC
问题 #25
Due to an increase in malicious events, a security engineer must generate a threat report to include intrusion events, malware events, and security intelligence events. How is this information collected in a single report?
A. Export the Attacks Risk report.
B. Create a Custom report.
C. Run the default Firepower report.
D. Generate a malware report.
问题 #26
A Cisco FMC administrator wants to configure fastpathing of trusted network traffic to increase performance. In which type of policy would the administrator configure this feature?
A. Intrusion policy
B. Prefilter policy
C. Network Analysis policy
D. Identity policy
问题 #27
An engineer is configuring multiple Cisco FTD appliances for use in the network. Which rule must the engineer follow while defining interface objects in Cisco FMC for use with interfaces across multiple devices?
A. Interface groups can contain interfaces from many devices.
B. An interface cannot belong to a security zone and an interface group.
C. Two security zones can contain the same interface.
D. Interface groups can contain multiple interface types.
问题 #28
An organization is configuring a new Cisco Firepower High Availability deployment. Which action must be taken to ensure that failover is as seamless as possible to end users?
A. Set the same FQDN for both chassis.
B. Set up a virtual failover MAC address between chassis.
C. Load the same software version on both chassis.
D. Use a dedicated stateful link between chassis.
问题 #29
An engineer is creating an URL object on Cisco Secure Firewall Management Center. How must it be configured so that the object will match for HTTPS traffic in an access control policy?
A. Use the FQDN including the subdomain for the website.
B. Specify the protocol to match (HTTP or HTTPS).
C. Define the path to the individual webpage that uses HTTPS.
D. Use the subject common name from the website certificate.
问题 #30
A network administrator is troubleshooting access to a website hosted behind a Cisco FTD device. External clients cannot access the web server via HTTPS. The IP address configured on the web server is 192.168.7.46. The administrator is running the command
A. The capture must use the public IP address of the web server.
B. The packet capture shows only blocked traffic.
C. The FTD has no route to the web server.
D. The access policy is blocking the traffic.
问题 #31
What must be implemented on Cisco Firepower to allow multiple logical devices on a single physical device to have access to external hosts?
A. Add one shared management interface on all logical devices.
B. Define VLAN subinterfaces for each logical device.
C. Add at least two container instances from the same module.
D. Set up a cluster control link between all logical devices.
问题 #32
Which action must be taken on the Cisco FMC when a packet bypass is configured in case the Snort engine is down or a packet takes too long to process?
A. Enable Automatic Application Bypass.
B. Enable Inspect Local Router Traffic.
C. Configure Fastpath rules to bypass inspection.
D. Add a Bypass Threshold policy for failures.
问题 #33
A network administrator wants to block traffic to a known malware site https://www.badsite.com and all subdomains while ensuring no packets from any internal client are sent to that site. Which type of policy must the network administrator use to accompli
A. Prefilter policy
B. Access Control policy with URL filtering
C. DNS policy
D. SSL policy
问题 #34
An engineer must configure a Cisco FMC dashboard in a multidomain deployment. Which action must the engineer take to edit a report template from an ancestor domain?
A. Change the document attributes.
B. Copy it to the current domain.
C. Add it as a separate widget.
D. Assign themselves ownership of it.
问题 #35
A security engineer needs to configure a network discovery policy on a Cisco FMC appliance and prevent excessive network discovery events from overloading the FMC database. Which action must be taken to accomplish this task?
A. Exclude load balancers and NAT devices in the policy.
B. Monitor only the default IPv4 and IPv6 network ranges.
C. Configure NetFlow exporters for monitored networks.
D. Change the network discovery method to TCP/SYN.
问题 #36
Which process should be checked when troubleshooting registration issues between Cisco FMC and managed devices to verify that secure communication is occurring?
A. dhclient
B. sfmgr
C. sftunnel
D. fpcollect
问题 #37
An organization is installing a new Cisco FTD appliance in the network. An engineer is tasked with configuring between two network segments within the same IP subnet. Which step is needed to accomplish this task?
A. Assign an IP address to the Bridge Virtual Interface.
B. Permit BPDU packets to prevent loops.
C. Add a separate bridge group for each segment.
D. Specify a name for the bridge group.
问题 #38
An administrator needs to configure Cisco FMC to send a notification email when a data transfer larger than 10 MB is initiated from an internal host outside of standard business hours. Which Cisco FMC feature must be configured to accomplish this task?
A. correlation policy
B. file and malware policy
C. intrusion policy
D. application detector
问题 #39
A security engineer is adding three Cisco FTD devices to a Cisco FMC. Two of the devices have successfully registered to the Cisco FMC. The device that is unable to register is located behind a router that translates all outbound traffic to the router's W
A. Add the port number being used for PAT on the router to the device's IP address in the Cisco FMC.
B. Reconfigure the Cisco FMC to use the device's private IP address instead of the WAN address.
C. Remove the IP address defined for the device in the Cisco FMC.
D. Configure a NAT ID on both the Cisco FMC and the device.
E. Reconfigure the Cisco FMC to use the device's hostname instead of IP address.
问题 #40
A security engineer must integrate an external feed containing STIX/TAXII data with Cisco FMC. Which feature must be enabled on the Cisco FMC to support this connection?
A. Cisco Success Network
B. Security Intelligence Feeds
C. Threat Intelligence Director
D. Cisco Secure Endpoint Integration
问题 #41
When a Cisco FTD device is configured in transparent firewall mode, on which two interface types can an IP address be configured? (Choose two.)
A. Subinterface
B. BVI
C. Physical
D. EtherChannel
E. Diagnostic
问题 #42
A network administrator is configuring a site-to-site IPsec VPN to a router sitting behind a Cisco FTD. The administrator has configured an access policy to allow traffic to this device on UDP 500,4500, and ESP. VPN traffic is not working. Which action re
A. Change the access policy to allow all ports.
B. Modify the NAT policy to use the interface PAT.
C. Set the allow action in the access policy to trust.
D. Enable IPsec inspection on the access policy.
问题 #43
An engineer defines a new rule while configuring an Access Control Policy. After deploying the policy, the rule is not working as expected and the hit counters associated with the rule are showing zero. What is causing this error?
A. Logging is not enabled for the rule.
B. The wrong source interface for Snort was selected in the rule.
C. An incorrect application signature was used in the rule.
D. The rule was not enabled after being created.
问题 #44
An engineer must deploy a Cisco FTD device. Management wants to examine traffic without requiring network changes that will disrupt end users. Corporate security policy requires the separation of management traffic from data traffic and the use of SSH ove
A. in transparent mode with a management interface
B. in routed mode with a diagnostic interface
C. in transparent mode with a data interface
D. in routed mode with a bridge virtual interface
问题 #45
A security engineer must configure policies for a recently deployed Cisco FTD. The security policy for the company dictates that when five or more connections from external sources are initiated within 2 minutes, there is cause for concern. Which type of
A. application detector
B. intrusion
C. correlation
D. access control
问题 #46
A network administrator must create an EtherChannel interface on a Cisco Secure Firewall Threat Defense 9300 appliance registered with Cisco Secure Firewall Management Center for High Availability. Where must the administrator create the EtherChannel inte
A. Cisco Secure Firewall Management Center CLI
B. Cisco Secure Firewall Management Center GUI
C. Firepower eXtensible Operating System (FXOS) CLI
D. Cisco Secure Firewall Threat Defense CLI
问题 #47
When an engineer captures traffic on a Cisco FTD to troubleshoot a connectivity problem, they receive a large amount of output data in the GUI tool. The engineer found that viewing the captures this way is time-consuming and difficult to sort and filter.
A. PCAP
B. IPFIX
C. NetFlow v5
D. NetFlow v9
问题 #48
What is a limitation to consider when running a dynamic routing protocol on a Cisco FTD device in IRB mode?
A. Only nonbridge interfaces are supported.
B. Only distance vector routing protocols are supported.
C. Only EtherChannel interfaces are supported.
D. Only link-state routing protocols are supported.
问题 #49
Network users are experiencing intermittent issues with internet access. An engineer identified that the issue is being caused by NAT exhaustion. How must the engineer change the dynamic NAT configuration to provide internet access for more users without
A. Add an identity NAT rule to handle the overflow of users.
B. Convert the dynamic auto NAT rule to dynamic manual NAT.
C. Configure fallthrough to interface PAT on the Advanced tab.
D. Define an additional static NAT for the network object in use.
问题 #50
An engineer is configuring URL filtering for a Cisco FTD device in Cisco FMC. Users must receive a warning when they access http://www.badadultsite.com with the option of continuing to the website if they choose to. No other websites should be blocked. Wh
A. On the HTTP Responses tab of the access control policy editor, set the Block Response Page to Custom.
B. On the HTTP Responses tab of the access control policy editor, set the Interactive Block Response Page to System-provided.
C. Configure an access control rule that matches the Adult URL category and set the action to Interactive Block.
D. Configure the default action for the access control policy to Interactive Block.
E. Configure an access control rule that matches an URL object for http://www.badadultsite.com/ and set the action to Interactive Block.
闽公网安备 35012102500533号
|
闽ICP备18010967号-7