練習できる300-710問題には認定ガイド問題と解答とトレーニングを提供しています
無料Cisco 300-710テスト練習問題試験問題集
Cisco 300-710認定試験は、Cisco Firpower NGFWテクノロジーを深く理解する必要がある挑戦的で厳密な試験です。候補者は、ネットワークセキュリティの概念を強く理解しているだけでなく、Cisco Firepowerテクノロジーの操作経験が必要です。この認定試験に合格すると、Cisco Firepowerテクノロジーを使用してネットワークインフラストラクチャの保護における高レベルの専門知識と習熟度が示されています。
質問 # 133
After using Firepower for some time and learning about how it interacts with the network, an administrator is trying to correlate malicious activity with a user Which widget should be configured to provide this visibility on the Cisco Firepower dashboards?
- A. Custom Analysis
- B. Correlation Events
- C. Current Status
- D. Current Sessions
正解:A
質問 # 134
An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behaviour. How is this accomplished?
- A. Modify the network analysis policy to process the packets for inspection
- B. Modify the access control policy to redirect interesting traffic to the engine
- C. Modify the network discovery policy to detect new hosts to inspect
- D. Modify the intrusion policy to determine the minimum severity of an event to inspect.
正解:D
質問 # 135
Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface?
- A. capture
- B. capture-traffic
- C. configure coredump packet-engine enable
- D. capture WORD
正解:B
解説:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/ac_1.html
質問 # 136
Refer to the exhibit.
An administrator is looking at some of the reporting capabilities for Cisco Firepower and noticed this section of the Network Risk report showing a lot of SSL activity that cloud be used for evasion. Which action will mitigate this risk?
- A. Use Cisco Tetration to track SSL connections to servers.
- B. Use SSL decryption to analyze the packets.
- C. Use encrypted traffic analytics to detect attacks
- D. Use Cisco AMP for Endpoints to block all SSL connection
正解:B
解説:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-ssl-decryption.html
質問 # 137
A security engineer must configure policies tor a recently deployed Cisco FTD. The security policy for the company dictates that when five or more connections from external sources are initiated within 2 minutes, there is cause for concern. Which type of policy must be configured in Cisco FMC \z generate an alert when this condition is triggered?
- A. application detector
- B. access control
- C. intrusion
- D. correlation
正解:D
解説:
Explanation
A correlation policy is a feature that allows you to respond in real time to threats or specific conditions on your network, using correlation rules. A correlation rule can trigger when the system generates a specific type of event, or when your network traffic deviates from its normal profile1. When a correlation rule triggers, the system generates a correlation event and can also launch a response, such as sending an alert, blocking an IP address, or scanning a host1.
In this case, the security engineer can configure a correlation rule that triggers when the system detects five or more connections from external sources within 2 minutes. The engineer can also configure a response that sends an alert to the FMC or an email recipient when this condition is triggered. The engineer can then create a correlation policy that includes this rule and activate it on the FTD device1.
The other options are incorrect because:
An application detector is a feature that allows you to detect web applications, clients, and application protocols based on patterns in network traffic. An application detector does not generate alerts based on the number of connections from external sources2.
An access control policy is a feature that allows you to control traffic flow through your network and inspect traffic for intrusions, malware, and files. An access control policy does not generate alerts based on the number of connections from external sources3.
An intrusion policy is a feature that allows you to detect and prevent malicious network activity using Snort rules. An intrusion policy does not generate alerts based on the number of connections from external sources4.
質問 # 138
An engineer is investigating connectivity problems on Cisco Firepower that is using service group tags.
Specific devices are not being tagged correctly, which is preventing clients from using the proper policies when going through the firewall How is this issue resolved?
- A. Use a packet sniffer with correct filtering
- B. Use a packet capture with match criteria.
- C. Use traceroute with advanced options.
- D. Use Wireshark with an IP subnet filter.
正解:B
質問 # 139
Which interface type allows packets to be dropped?
- A. inline
- B. TAP
- C. ERSPAN
- D. passive
正解:A
解説:
Section: Deployment
Explanation/Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuring-firepower- threat-defense-int.html
質問 # 140
Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked? (Choose two.)
- A. simple custom detection
- B. application blocking
- C. exclusions
- D. file repository
- E. application whitelisting
正解:A、B
質問 # 141
An analyst is reviewing the Cisco FMC reports for the week. They notice that some peer-to-peer applications are being used on the network and they must identify which poses the greatest risk to the environment. Which report gives the analyst this information?
- A. Network Risk Report
- B. Attacks Risk Report
- C. Advanced Malware Risk Report
- D. User Risk Report
正解:A
質問 # 142
An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs. Which two steps must be taken to meet these requirements? (Choose two.)
- A. Modify the system-provided block page result using Python.
- B. Create HTML code with the information for the policies and procedures.
- C. Edit the HTTP request handling in the access control policy to customized block.
- D. Write CSS code with the information for the policies and procedures.
- E. Change the HTTP response in the access control policy to custom.
正解:C、E
質問 # 143
When an engineer captures traffic on a Cisco FTD to troubleshoot a connectivity problem, they receive a large amount of output data in the GUI tool. The engineer found that viewing the Captures this way is time-consuming and difficult lo son and filter. Which file type must the engineer export the data in so that it can be reviewed using a tool built for this type of analysis?
- A. NetFlow v9
- B. PCAP
- C. IPFIX
- D. NetFlow v5
正解:B
解説:
Explanation
When capturing traffic on a Cisco FTD device to troubleshoot a connectivity problem, a file type that can be exported for reviewing using a tool built for this type of analysis is PCAP. PCAP stands for Packet Capture and it is a file format used to store network packet data captured from a network interface8. PCAP files contain the raw data of network packets, including the headers and payloads of each packet8.
PCAP files are widely used in network analysis and troubleshooting tasks. They enable network administrators, analysts, and researchers to inspect and analyze network traffic for various purposes, such as diagnosing network issues, detecting malicious activity, measuring network performance, and understanding network protocols8. PCAP files can be read by applications that understand that format, such as Wireshark, tcpdump, CA NetMaster, or Microsoft Network Monitor8.
The other options are incorrect because:
NetFlow v9 is not a file type, but a protocol for collecting and exporting information about network flows. A network flow is a sequence of packets that share common attributes such as source and destination IP addresses, ports, and protocols9. NetFlow v9 records contain summary information about network flows, such as start and end times, byte counts, packet counts, and so on9. NetFlow v9 records do not contain the raw data of network packets.
NetFlow v5 is not a file type, but an earlier version of the NetFlow protocol for collecting and exporting information about network flows. NetFlow v5 records contain similar information as NetFlow v9 records, but with fewer fields and less flexibility10. NetFlow v5 records do not contain the raw data of network packets.
IPFIX is not a file type, but a protocol for collecting and exporting information about network flows. IPFIX stands for IP Flow Information Export and it is based on NetFlow v9, but with some extensions and improvements11. IPFIX records contain similar information as NetFlow v9 records, but with more fields and more flexibility11. IPFIX records do not contain the raw data of network packets.
質問 # 144
An administrator must use Cisco FMC to install a backup route within the Cisco FTD to route traffic in case of a routing failure with the primary route. Which action accomplishes this task?
- A. Configure EIGRP routing on the FMC to ensure that dynamic routes are always updated.
- B. Use a default route on the FMC instead of having multiple routes contending for priority.
- C. Install the static backup route and modify the metric to be less than the primary route.
- D. Create the backup route and use route tracking on both routes to a destination IP address in the network.
正解:D
質問 # 145
What is a behavior of a Cisco FMC database purge?
- A. User login and history data are removed from the database if the User Activity check box is selected.
- B. The appropriate process is restarted.
- C. Data can be recovered from the device.
- D. The specified data is removed from Cisco FMC and kept for two weeks.
正解:B
解説:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/management_center_database_purge.pdf
質問 # 146
Refer to the exhibit.
A systems administrator conducts a connectivity test to their SCCM server from a host machine and gets no response from the server. Which action ensures that the ping packets reach the destination and that the host receives replies?
- A. Modify the Snort rules to allow ICMP traffic.
- B. Configure a custom Snort signature to allow ICMP traffic after Inspection.
- C. Create an ICMP allow list and add the ICMP destination to remove it from the implicit deny list.
- D. Create an access control policy rule that allows ICMP traffic.
正解:D
質問 # 147
A network administrator is migrating from a Cisco ASA to a Cisco FTD.
EIGRP is configured on the Cisco ASA but it is not available in the Cisco FMC.
Which action must the administrator take to enable this feature on the Cisco FTD?
- A. Enable advanced configuration options in the FMC.
- B. Add the command feature eigrp via the FTD CLI.
- C. Create a custom variable set and enable the feature in the variable set.
- D. Configure EIGRP parameters using FlexConfig objects.
正解:D
質問 # 148
What is the difference between inline and inline tap on Cisco Firepower?
- A. Inline mode can drop malicious traffic.
- B. Inline tap mode can send a copy of the traffic to another device.
- C. Inline mode cannot do SSL decryption.
- D. Inline tap mode does full packet capture.
正解:A
質問 # 149
Which action should you take when Cisco Threat Response notifies you that AMP has identified a file as malware?
- A. Forward the result of the investigation to an external threat-analysis engine.
- B. Add the malicious file to the block list.
- C. Send a snapshot to Cisco for technical support.
- D. Wait for Cisco Threat Response to automatically block the malware.
正解:B
解説:
Section: Integration
質問 # 150
Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123?
- A. configure manager local 10.0.0.10 Cisco123
- B. configure manager add 10.0.0.10 Cisco123
- C. configure manager add Cisco123 10.0.0.10
- D. configure manager local Cisco123 10.0.0.10
正解:B
質問 # 151
A network administrator is configuring Snort inspection policies and is seeing failed deployment messages in Cisco FMC. What information should the administrator generate for Cisco TAC to help troubleshoot?
- A. A "show tech" file for the device in question.
- B. A "troubleshoot" file for the Cisco FMC.
- C. A "show tech" for the Cisco FMC.
- D. A "troubleshoot" file for the device in question.
正解:D
質問 # 152
Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?
- A. permit ip any
- B. a default DMZ policy for which only a user can change the IP addresses.
- C. no policy rule is included
- D. deny ip any
正解:C
質問 # 153
Which limitation applies to Cisco FMC dashboards in a multi-domain environment?
- A. Only the administrator of the top ancestor domain is able to view dashboards.
- B. Child domains have access to only a limited set of widgets from ancestor domains.
- C. Child domains are able to view but not edit dashboards that originate from an ancestor domain.
- D. Child domains are not able to view dashboards that originate from an ancestor domain.
正解:D
解説:
Section: Management and Troubleshooting
Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide- v60/Using_Dashboards.html
質問 # 154
What is an advantage of adding multiple inline interface pairs to the same inline interface set when deploying an asynchronous routing configuration?
- A. The interfaces disable autonegotiation and interface speed is hard coded set to 1000 Mbps.
- B. Allows the IPS to identify inbound and outbound traffic as part of the same traffic flow.
- C. Allows traffic inspection to continue without interruption during the Snort process restart.
- D. The interfaces are automatically configured as a media-independent interface crossover.
正解:B
質問 # 155
Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.
正解:
解説:
質問 # 156
What are the minimum requirements to deploy a managed device inline?
- A. inline interfaces, MTU, and mode
- B. passive interface, MTU, and mode
- C. passive interface, security zone, MTU, and mode
- D. inline interfaces, security zones, MTU, and mode
正解:A
解説:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/ips_device_deployments_and_configuration.html
質問 # 157
......
Cisco 300-710認定試験は、Cisco Firepowerでネットワークを保護することとも呼ばれますが、Cisco Firepower Next-Generation Firwall(NGFW)ソリューションの構成、展開、管理に必要な知識とスキルに焦点を当てた高度なレベルの認定試験です。この認定は、Cisco Firepowerテクノロジーを使用してネットワークインフラストラクチャを保護する専門知識を実証したいネットワークセキュリティの専門家向けに設計されています。
Cisco 300-710 試験は、Cisco Firepower NGFW のアーキテクチャと展開、アクセス制御ポリシーの設定、侵入ポリシーの設定、ネットワーク分析ポリシーの設定、およびデバイス管理など、広範なトピックをカバーしています。候補者は、脅威の検出と緩和、ネットワークセキュリティプロトコル、ネットワークインフラストラクチャセキュリティなど、ネットワークセキュリティの概念を深く理解することが期待されています。Cisco 300-710 試験は、候補者の実践的な知識とスキルをテストする実践試験であり、合格には理論的な知識と実践的な経験の両方が必要です。
試験準備には欠かさない!トップクラスのCisco 300-710試験アプリ学習ガイドで練習問題最新版:https://jp.fast2test.com/300-710-premium-file.html
問題集練習試験問題学習ガイドは300-710試験:https://drive.google.com/open?id=1OqdL0gUeN6U-OzYnuqRqRHJdOWYsdQLY