QUESTION 1
Which firewall mode is Cisco Secure Firewall Threat Defense in when two physical interfaces are assigned to a named BVI?
A. transparent
B. in-line
C. IPS only
D. routed
Correct Answer: D
QUESTION 2
An engineer is configuring two new Cisco Secure Firewall Threat Defense devices to replace the existing firewalls. Network traffic must be analyzed for intrusion events without impacting the traffic. What must the engineer implement next to accomplish the goal?
A. Inline Pair mode
B. Passive mode
C. Inline Pair in Tap mode
D. ERSPAN Passive mode
Correct Answer: C
QUESTION 3
A network engineer must monitor threat events from the console of Cisco Secure Firewall Management Center. The engineer integrates the Cisco Secure Firewall Malware Defense in Secure Firewall Management Center. Which action must the engineer take next?
A. Add a Secure Firewall Malware Defense cloud connection in Secure FMC, log in to Secure Endpoint, and click Allow to authorize the Secure Firewall Malware Defense to Secure FMC connection.
B. Add a Secure Firewall Malware Defense cloud connection in Secure FMC, select the Secure Firewall Malware Defense cloud for Secure Endpoint, log in to Secure Endpoint, and click Allow to authorize the Secure Firewall Malware Defense to Secure FMC connection.
C. Log in to Cisco Secure Endpoint, click Allow to authorize the Secure Firewall Malware Defense to Secure FMC connection, and add a Secure Firewall Malware Defense cloud connection to Secure FMC.
D. Log in to Secure Endpoint, click Allow to authorize the Secure Firewall Malware Defense to Secure FMC connection, add a Secure Firewall Malware Defense cloud connection to Secure FMC, and select the Secure Firewall Malware Defense cloud for Secure Endpoint.
Correct Answer: B
QUESTION 4
An engineer is configuring Cisco Secure Firewall Threat Defense managed by a Secure Firewall Management Center appliance. The company wants remote access VPN users to be reachable from the inside network. What must the engineer configure to meet the requirements?
A. manual NAT exemption rule at the bottom of the NAT policy
B. auto NAT exemption rule at the top of the NAT policy
C. manual NAT exemption rule at the top of the NAT policy
D. auto NAT exemption rule at the bottom of the NAT policy
Correct Answer: C
QUESTION 5
An engineer must configure an inline set on a Cisco Secure IPS by using the Cisco Secure Firewall Management Center. The inline set must make a copy of each packet before analyzing the packet and block any connections that do not complete the three-way handshake. These configurations have been performed already:
1. Select and enable the interfaces that will be added to the inline set.
2. Configure the speed and duplex.
3. Configure the inline set and add the interfaces to the inline set.
Which action completes the task?
A. Set Tap Mode to Inline.
B. Implement Strict TCP Enforcement.
C. Configure Link State Propagation.
D. Configure Snort Fail Open.
Correct Answer: B
QUESTION 6
After a network security breach, an engineer must strengthen the security of the corporate network. Upper management must be regularly updated with a high-level overview of any occurring network threats. Which access must the engineer provide upper management to view the required data from Cisco Secure Firewall Management Center?
A. Reports with a daily recurring task that generates based on the network risk report template
B. Security Intelligence Statistics dashboard set to Show the Last option to one day
C. Analysis Status with a sliding time window of one day
D. Events by priority and classification and set a sliding time window of one day
Correct Answer: A
QUESTION 7
An engineer is configuring a multidomain instance of Cisco Secure Firewall Management Center. The instance must be integrated with Cisco Secure Endpoint. What must the engineer configure to allow multiple domains to have hosts with the same IP-MAC address pairs?
A. subdomain
B. leaf domain
C. global domain
D. second-level domain
Correct Answer: B
QUESTION 8
An engineer must permit SSH on the inside interface of a Cisco Secure Firewall Threat Defense device. SSH is currently permitted only on the management interface. Which type of policy must the engineer configure?
A. intrusion policy
B. NAT policy
C. platform policy
D. access control policy
Correct Answer: C
QUESTION 9
An engineer is deploying Cisco Secure Endpoint for the first time and on endpoint. The engineer must make sure that during the testing phase no files are isolated and network connections must not be blocked. Which policy type must be configured to accomplish the task?
A. Triage
B. Quarantine
C. Audit
D. Protect
Correct Answer: C
QUESTION 10
An engineer must implement static route tracking on a Cisco Secure Firewall Threat Defense appliance. Static route and IP SLA operation has already been configured. Static route must be removed from the routing table if the tracked object is unreachable. Which action must the engineer take next to meet the requirement?
A. Implement a secondary route that has a higher precedence.
B. Enable the IP SLA Responder on the backup path interface.
C. Assign a tracking object to the static route and the IP SLA operation.
D. Enable an ICMP redirect message on the interface connected to the backup path.
Correct Answer: C
QUESTION 11
What is an attribute of the risk reporting capability in Cisco Secure Firewall Management Center?
A. uses the same templates available to standard reports
B. includes all domains in a multidomain system
C. uses the XML format to export all reporting
D. includes the current domain in a multidomain system
Correct Answer: D
QUESTION 12
An administrator configures a Cisco Secure Firewall Threat Defense device in transparent mode. To configure the BVI, the administrator must:
1. add a bridge-group interface
2. configure a bridge-group ID
3. configure the bridge-group interface description
4. add bridge-group member interfaces
How must the engineer perform these actions?
A. Set the bridge-group interface mode to transparent.
B. Configure an IP address for the bridge-group interface.
C. Set a security zone for the bridge-group interface.
D. Configure a name for the bridge-group interface.
Correct Answer: B
QUESTION 13
Which two solutions are used to access and view aggregated log data from the firewalls using Cisco Security Analytics and Logging? (Choose two.)
A. Cisco Secure Network Analytics
B. Secure Cloud Analytics
C. Cisco Defense Orchestrator
D. Cisco Prime Infrastructure
E. Cisco Catalyst Center
Correct Answer: AB
QUESTION 14
Which feature sets up multiple interfaces on a Cisco Secure Firewall Threat Defense to be on the same subnet?
A. security levels
B. SVI
C. EtherChannel
D. BVI
Correct Answer: D
QUESTION 15
An engineer is roubleshooting the upgrade of a Cisco Secure Firewall Threat Defense device on the Secure Firewall Management Center 7.0 GUI. The engineer wants to collect the upgrade data and logs. Which two actions must the engineer take? (Choose two.)
A. Select the Secure Firewall Management Center device.
B. View the system and troubleshooting details.
C. Select the Secure Firewall Threat Defense device properties.
D. Access the Health Events page.
E. Access the Health Monitor page.
Correct Answer: BE
QUESTION 16
An engineer must perform a packet capture on a Cisco Secure Firewall Threat Defense device to confirm the MAC address of the host using IP address 192.168.100.100 while troubleshooting an ARP issue. What is the correct tcpdump command syntax to ensure that the MAC address appears in the packet capture output?
A. -ne src 192.168.100.100
B. -w capture.pcap -s 1518 host 192.168.100.100 mac
C. -w capture.pcap -s 1518 host 192.168.100.100 ether
D. -nm src 192.168.100.100
Correct Answer: A
QUESTION 17
How does Cisco Secure Cloud Analytics handle information about network traffic?
A. It performs a heuristic analysis on events and network flow data.
B. It stores the information in a database without any analysis.
C. It performs a behavioral analysis on events and network flow data.
D. It forwards the information to other devices without storing it.
Correct Answer: C
QUESTION 18
How should a high-availability pair of Cisco Secure Firewall Threat Defense Virtual appliances be deployed to Cisco Secure Firewall Management Center?
A. Add the primary and secondary Cisco Secure Firewall Threat Defense Virtual appliances to Cisco Secure Firewall Management Center first, then configure high availability.
B. Add the primary appliance to Cisco Secure Firewall Management Center first, then configure high availability.
C. Configure high availability first, then add only the primary Cisco Secure Firewall Threat Defense Virtual appliance to Cisco Secure Firewall Management Center.
D. Configure high availability first, then add the primary and secondary appliances to Cisco Secure Firewall Management Center.
Correct Answer: A
QUESTION 19
An engineer is analyzing a risk report generated by using Cisco Secure Firewall Management Center. The report contains these fields:
1. Total Attacks
2. Events Requiring Attention
3. Hosts Targeted
4. Hosts Connected to CnC Servers
Which type of risk report is the engineer analyzing?
A. events
B. network
C. hosts
D. attacks
Correct Answer: B
QUESTION 20
An engineer must configure the encrypted visibility engine for a Cisco Secure Firewall Threat Defense device in Cisco Secure Firewall Management Center. The engineer already configured an access control policy, Cisco vulnerability database updates, and the Cisco Success Network. Which two actions must be taken to complete the Secure Firewall Threat Defense device configuration? (Choose two.)
A. Enable Snort 3.
B. Install a Threat license.
C. Enable encrypted traffic inspection.
D. Configure an identity policy.
E. Configure an SSL/TLS policy.
Correct Answer: AE
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.