300-710練習試験テスト最新問題2023年11月
300-710試験を一発合格保証問題集!
Cisco 300-710試験では、NGFWやIPSに加え、高度なマルウェアやその他の脅威に対する継続的な分析と保護を提供するAMPもカバーしています。候補者は、ファイル分析とブロッキング、エンドポイント保護を含むAMPポリシーを設定および管理する能力についてテストされます。
Cisco 300-710 (Securing Networks with Cisco Firepower)試験は、Cisco Firepower技術を使用してネットワークを保護する責任を持つIT専門家の知識と技能をテストするために設計された認定試験です。この試験は、CCNP Security認定トラックの一部であり、ネットワークセキュリティ分野で3年から5年の経験を持つ専門家を対象としています。Cisco Firepower技術は、ネットワークに包括的なセキュリティサービスを提供するために設計された一連の高度なセキュリティソリューションであり、Cisco 300-710試験は、これらの技術を効果的に使用してネットワークを保護する候補者の能力を測定します。
Cisco 300-710試験は、Cisco Firepower(SNCF)を使用したネットワークの保護とも呼ばれ、Cisco Firepower Next-Generation Firwall(NGFW)アプライアンスの展開と管理の知識とスキルを検証したいネットワークセキュリティの専門家向けに設計された認定試験です。 。この試験は、Cisco Certified Network Professional Security(CCNP Security)認定トラックの一部であり、IT業界で最も求められている認定の1つです。
質問 # 50
A network security engineer must export packet captures from the Cisco FMC web browser while troubleshooting an issue. When navigating to the address https://<FMC IP>/capture/CAPI/pcap/test.pcap. an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?
- A. Use the Cisco FTD IP address as the proxy server setting on the browser.
- B. Disable the proxy setting on the browser.
- C. Enable the HTTPS server for the device platform policy.
- D. Disable the HTTPS server and use HTTP instead.
正解:C
質問 # 51
A security engineer must configure a Cisco FTD appliance to inspect traffic coming from the internet. The Internet traffic will be mirrored from the Cisco Catalyst 9300 Switch. Which configuration accomplishes the task?
- A. Set interface configuration mode to none.
- B. Set the firewall mode to routed.
- C. Set interface configuration mode to passive.
- D. Set the firewall mode to transparent.
正解:C
質問 # 52
An engineer is troubleshooting application failures through an FTD deployment. While using the FMC CLI, it has been determined that the traffic in question is not matching the desired policy. What should be done to correct this?
- A. Use the system support firewall-engine-debug command to determine which rules the traffic matching and modify the rule accordingly.
- B. Use the system support network-options command to fine tune the policy.
- C. Use the system support firewall-engine-dump-user-identity-data command to change the policy and allow the application though the firewall.
- D. Use the system support application-identification-debug command to determine which rules the traffic matching and modify the rule accordingly.
正解:A
解説:
Section: Management and Troubleshooting
質問 # 53
An administrator is working on a migration from Cisco ASA to the Cisco FTD appliance and needs to test the rules without disrupting the traffic. Which policy type should be used to configure the ASA rules during this phase of the migration?
- A. Access Control
- B. Intrusion
- C. Prefilter
- D. identity
正解:A
質問 # 54
Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.
正解:
解説:
Explanation
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/firepower_management_center_high_availability.html#id_32288
質問 # 55
An analyst is reviewing the Cisco FMC reports for the week. They notice that some peer-to-peer applications are being used on the network and they must identify which poses the greatest risk to the environment. Which report gives the analyst this information?
- A. Attacks Risk Report
- B. Advanced Malware Risk Report
- C. User Risk Report
- D. Network Risk Report
正解:D
質問 # 56
After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file?
- A. /sf/etc/DCEALERT.MIB
- B. /etc/sf/DCEALERT.MIB
- C. system/etc/DCEALERT.MIB
- D. /etc/sf/DCMIB.ALERT
正解:B
質問 # 57
Which action should you take when Cisco Threat Response notifies you that AMP has identified a file as malware?
- A. Forward the result of the investigation to an external threat-analysis engine.
- B. Send a snapshot to Cisco for technical support.
- C. Wait for Cisco Threat Response to automatically block the malware.
- D. Add the malicious file to the block list.
正解:D
質問 # 58
With Cisco FTD integrated routing and bridging, which interface does the bridge group use to communicate with a routed interface?
- A. bridge virtual
- B. subinterface
- C. bridge group member
- D. switch virtual
正解:C
質問 # 59
Which two actions can be used in an access control policy rule? (Choose two.)
- A. Discover
- B. Analyze
- C. Block ALL
- D. Monitor
- E. Block with Reset
正解:D、E
解説:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa- firepower-module-user-guide-v541/AC-Rules-Tuning-Overview.html#71854
質問 # 60
An engineer configures an access control rule that deploys file policy configurations to security zones or tunnel zones, and it causes the device to restart. What is the reason for the restart?
- A. Source or destination security zones in the source tunnel zone do not match the security zones that are associated with interfaces on the target devices.
- B. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the source policy.
- C. Source or destination security zones in the access control rule matches the security zones that are associated with interfaces on the target devices.
- D. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the destination policy.
正解:C
質問 # 61
An engineer is configuring a second Cisco FMC as a standby device but is unable to register with the active unit. What is causing this issue?
- A. The code versions running on the Cisco FMC devices are different
- B. The licensing purchased does not include high availability
- C. There is only 10 Mbps of bandwidth between the two devices.
- D. The primary FMC currently has devices connected to it.
正解:B
解説:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_management_center_high_availability.html
質問 # 62
Which CLI command is used to control special handling of ClientHello messages?
- A. system support ssl-client-hello-force-reset
- B. system support ssl-client-hello-display
- C. system support ssl-client-hello-enabled
- D. system support ssl-client-hello-tuning
正解:C
解説:
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_command_line_reference.html
質問 # 63
Which Cisco Firepower rule action displays an HTTP warning page?
- A. Allow with Warning
- B. Interactive Block
- C. Monitor
- D. Block
正解:B
解説:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System- UserGuide-v5401/AC-Rules-Tuning-Overview.html#76698
質問 # 64
Refer to the exhibit.
What must be done to fix access to this website while preventing the same communication to all other websites?
- A. Create an access control policy rule to allow port 80 to only 172.1.1 50.
- B. Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50
- C. Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1 50.
- D. Create an access control policy rule to allow port 443 to only 172.1.1 50
正解:A
質問 # 65
After using Firepower for some time and learning about how it interacts with the network, an administrator is trying to correlate malicious activity with a user Which widget should be configured to provide this visibility on the Cisco Firepower dashboards?
- A. Correlation Events
- B. Custom Analysis
- C. Current Status
- D. Current Sessions
正解:B
質問 # 66
The administrator notices that there is malware present with an .exe extension and needs to verify if any of the systems on the network are running the executable file. What must be configured within Cisco AMP for Endpoints to show this data?
- A. file analysis
- B. threat root cause
- C. prevalence
- D. vulnerable software
正解:C
質問 # 67
An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behaviour. How is this accomplished?
- A. Modify the network analysis policy to process the packets for inspection
- B. Modify the access control policy to redirect interesting traffic to the engine
- C. Modify the network discovery policy to detect new hosts to inspect
- D. Modify the intrusion policy to determine the minimum severity of an event to inspect.
正解:D
質問 # 68
An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs. Which two steps must be taken to meet these requirements? (Choose two.)
- A. Change the HTTP response in the access control policy to custom.
- B. Edit the HTTP request handling in the access control policy to customized block.
- C. Create HTML code with the information for the policies and procedures.
- D. Write CSS code with the information for the policies and procedures.
- E. Modify the system-provided block page result using Python.
正解:A、C
質問 # 69
A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire How should this be implemented?
- A. Enable routing on the Cisco Firepower
- B. Configure a bridge group in transparent mode.
- C. Add an IP address to the physical Cisco Firepower interfaces.
- D. Specify the BVl IP address as the default gateway for connected devices.
正解:C
質問 # 70
An engineer is configuring a custom application detector for HTTP traffic and wants to import a file that was provided by a third party. Which type of flies are advanced application detectors creates and uploaded as?
- A. LUA script
- B. NBAR protocol
- C. Perl script
- D. Python program
正解:A
解説:
Explanation
A custom application detector is a user-defined script that can detect web applications, clients, and application protocols based on patterns in network traffic. Custom application detectors are written in LUA, which is a lightweight and embeddable scripting language. LUA scripts can use predefined functions and variables provided by the Firepower System to access packet data and metadata, and to specify the detection criteria and the application information1.
To import a custom application detector file that was provided by a third party, you need to follow these steps1:
In the FMC web interface, navigate to Objects > Object Management > Application Detectors.
Click Import.
Browse to the location of the LUA script file and select it.
Click Upload.
Review the detector details and click Save.
The other options are incorrect because:
Perl script is not a supported format for custom application detectors. Perl is a general-purpose programming language that is not embedded in the Firepower System.
NBAR protocol is not a file type, but a feature of Cisco IOS routers that can classify and monitor network traffic based on application types. NBAR protocols are predefined and cannot be imported as custom application detectors.
Python program is not a supported format for custom application detectors. Python is a general-purpose programming language that is not embedded in the Firepower System.
質問 # 71
......
CCNP Security無料認定試験材料はFast2testが提供された279問題:https://jp.fast2test.com/300-710-premium-file.html
300-710問題集完全版問題試験学習ガイド:https://drive.google.com/open?id=1ELuILUkpPy5x-yXD82UVNdYvND8jOc-T