Cisco 300-710 Practice Exams
Last updated on Apr 07,2025- Exam Code: 300-710
- Exam Name: Securing Networks with Cisco Firepower (SNCF)
- Certification Provider: Cisco
- Latest update: Apr 07,2025
Refer to the exhibit.
An administrator is looking at some of the reporting capabilities for Cisco Firepower and noticed this section of the Network Risk report showing a lot of SSL activity that cloud be used for evasion.
Which action will mitigate this risk?
- A . Use SSL decryption to analyze the packets.
- B . Use encrypted traffic analytics to detect attacks
- C . Use Cisco AMP for Endpoints to block all SSL connection
- D . Use Cisco Tetration to track SSL connections to servers.
An engineer is monitoring network traffic from their sales and product development departments, which are on two separate networks.
What must be configured in order to maintain data privacy for both departments?
- A . Use a dedicated IPS inline set for each department to maintain traffic separation
- B . Use 802 1Q mime set Trunk interfaces with VLANs to maintain logical traffic separation
- C . Use passive IDS ports for both departments
- D . Use one pair of inline set in TAP mode for both departments
An engineer is creating an URL object on Cisco FMC.
How must it be configured so that the object will match for HTTPS traffic in an access control policy?
- A . Specify the protocol to match (HTTP or HTTPS).
- B . Use the FQDN including the subdomain for the website
- C . Define the path to the individual webpage that uses HTTPS.
- D . Use the subject common name from the website certificate
Refer to the Exhibit.
A security engineer must improve security in an organization and is producing a risk mitigation strategy to present to management for approval.
Which action must the security engineer take based on this Attacks Risk Report?
- A . Inspect DNS traffic
- B . Block NetBIOS.
- C . Block Internal Explorer
- D . Inspect TCP port 80 traffic
An engineer wants to change an existing transparent Cisco FTD to routed mode.
The device controls traffic between two network segments.
Which action is mandatory to allow hosts to reestablish communication between these two segments after the change?
- A . remove the existing dynamic routing protocol settings.
- B . configure multiple BVIs to route between segments.
- C . assign unique VLAN IDs to each firewall interface.
- D . implement non-overlapping IP subnets on each segment.
A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet.
How is this accomplished on an FTD device in routed mode?
- A . by leveraging the ARP to direct traffic through the firewall
- B . by assigning an inline set interface
- C . by using a BVI and create a BVI IP address in the same subnet as the user segment
- D . by bypassing protocol inspection by leveraging pre-filter rules
An engineer is configuring a new dashboard within Cisco Secure Firewall Management Center and is having trouble implementing a custom widget.
When a custom analysis widget is configured which option is mandatory for the system to display the information?
- A . table
- B . filter
- C . title
- D . results
Refer to the exhibit.
An engineer is modifying an access control policy to add a rule to Inspect all DNS traffic that passes it making the change and deploying the policy, they see that DNS traffic Is not being Inspected by the Snort engine.
What is……
- A . The action of the rule is set to trust instead of allow.
- B . The rule must specify the security zone that originates the traffic.
- C . The rule Is configured with the wrong setting for the source port.
- D . The rule must define the source network for inspection as well as the port.
An engineer is configuring a Cisco Secure Firewall Threat Defence device managed by Cisco Secure Firewall Management Centre. The device must have SSH enabled and the accessible from the inside interface for remote administration.
Which type of policy must the engineer configure to accomplish this?
- A . Identify
- B . Access control
- C . Prefilter
- D . Platform settings
An engineer is restoring a Cisco FTD configuration from a remote backup using the command restore remote-manager-backup location 1.1.1.1 admin /volume/home/admin BACKUP_Cisc394602314.zip on a Cisco FMG. After connecting to the repository, an error occurred that prevents the FTD device from accepting the backup file.
What is the problem?
- A . The backup file is not in .cfg format.
- B . The backup file is too large for the Cisco FTD device
- C . The backup file extension was changed from tar to zip
- D . The backup file was not enabled prior to being applied