QUESTION 81
An engineer must configure a remote access VPN on Cisco Secure Firewall Management Center. The engineer created a new remote access VPN policy and updated the access control policy deployed on the device. Which additional action must the engineer take to ensure a successful VPN connection?
A. Add a mandatory NAT exemption.
B. Configure an IP address pool for VPN clients.
C. Define NAT for split tunneling.
D. Preconfigure a RADIUS/LDAP server.
Correct Answer: B
QUESTION 82
An engineer must configure a correlation policy in Cisco Secure Firewall Management Center to detect when an IP address from an internal network communicates with a known malicious host. Connections made by the internal I addresses must be tracked, and an external dynamic list must be used for the condition. Which type of event must the engineer configure on the correlation policy?
A. Intrusion Impact Alert
B. connection tracker
C. network discovery
D. malware
Correct Answer: B
QUESTION 83
An engineer wants to add Cisco Secure Firewall Thread Defense to Cisco Secure Firewall Management Center with the real IP address hidden behind firewall. Engineer configured the command configure manager add Cisc on Cisco Secure Firewall Thread Defense. After the command is added the device is not been added to Cisco Secure Firewall Management Center. Which configuration must be added in the configuration command to accomplish the task?
A. Registration Key
B. DONOTRESOLVE
C. NAT ID
D. Cisco FTD IP Address
Correct Answer: C
QUESTION 84
How is IRB on next-generation firewall running in transparent mode supported?
A. IPv4 routes must be configured on the BVI.
B. IPv4 routes must be configured on the physical interface.
C. IRB requires an external switch.
D. IRB is supported only in routed mode.
Correct Answer: A
QUESTION 85
An engineer must configure email notifications on Cisco Secure Firewall Management Center. TLS encryption must be used to protect the messages from unauthorized access. The engineer adds the IP address of the mail relay host and must set the port number. Which TCP port must the engineer use?
A. 25
B. 389
C. 465
D. 587
Correct Answer: D
QUESTION 86
An engineer is troubleshooting HTTP traffic to a web server using the packet capture tool on Cisco FMC. When reviewing the captures, the engineer notices that there are a lot of packets that are not sourced from or destined to the web server being captured. How can the engineer reduce the strain of capturing packets for irrelevant traffic on the Cisco FTD device?
A. Redirect the packet capture output to a .pcap file that can be opened with Wireshark.
B. Use the -c option to restrict the packet capture to only the first 100 packets.
C. Use an access-list within the packet capture to permit only HTTP traffic to and from the web server.
D. Use the host filter in the packet capture to capture traffic to or from a specific host.
Correct Answer: C
QUESTION 87
An engineer is configuring two new Cisco FTD devices to replace the existing high availability firewall pair in a highly secure environment. The information exchanged between the FTD devices over the failover link must be encrypted. Which protocol supports this on the Cisco FTD?
A. MACsec
B. SSL
C. SSH
D. IPsec
Correct Answer: A
QUESTION 88
When using Cisco Threat Response, which phase of the Intelligence Cycle publishes the results of the investigation?
A. analysis
B. direction
C. processing
D. dissemination
Correct Answer: D
QUESTION 89
A consultant is working on a project where the customer is upgrading from a single Cisco Firepower 2130 managed by FDM to a pair of Cisco Firepower 2130s managed by FMC for high availability. The customer wants the configuration of the existing device being managed by FDM to be carried over to FMC and then replicated to the additional device being added to create the high availability pair. Which action must the consultant take to meet this requirement?
A. The FTD configuration must be converted to ASA command format, which can then be migrated to FMC.
B. The current FDM configuration must be configured by hand into FMC before the devices are registered.
C. The current FDM configuration must be migrated to FMC using the Secure Firewall Migration Tool.
D. The current FDM configuration will be converted automatically into FMC when the device registers.
Correct Answer: B
QUESTION 90
An engineer plans to reconfigure an existing Cisco FTD from transparent mode to routed mode. Which additional action must be taken to maintain communication between the two network segments?
A. Deploy inbound ACLs on each interface to allow traffic between the segments.
B. Assign a unique VLAN ID for the interface in each segment.
C. Configure a NAT rule so that traffic between the segments is exempt from NAT.
D. Update the IP addressing so that each segment is a unique IP subnet.
Correct Answer: D
QUESTION 91
Only link-state routing protocols are supported
A. The host is not vulnerable to those attacks.
B. All attacks are listed as low until manually recategorized.
C. The attacks are not dangerous to the network.
D. The host is not within the administrator’s environment.
Correct Answer: B
QUESTION 92
An engineer is configuring a Cisco FTD device to place on the Finance VLAN to provide additional protection for company financial data. The device must be deployed without requiring any changes on the end user workstations, which currently use DHCP to obtain an IP address. How must the engineer deploy the device to meet this requirement?
A. Deploy the device in routed mode and enable the DHCP Relay feature.
B. Deploy the device in transparent mode and enable the DHCP Server feature.
C. Deploy the device in transparent mode and allow DHCP traffic in the access control policies.
D. Deploy the device in routed mode and allow DHCP traffic in the access control policies.
Correct Answer: C
QUESTION 93
A network administrator is reviewing a weekly scheduled attacks risk report and notices a host that is flagged for an Impact 2 attack. Where should the administrator look within Cisco FMC to find out more relevant information about this host and attack?
A. Analysis > Lookup > Whois
B. Analysis > Hosts > Host Attributes
C. Analysis > Hosts > Vulnerabilities
D. Analysis > Correlation > Correlation Events
Correct Answer: D
QUESTION 94
An engineer is configuring a custom application detector for HTTP traffic and wants to import a file that was provided by a third party. Which type of files are advanced application detectors created and uploaded as?
A. LUA script
B. NBAR protocol
C. Python program
D. Perl script
Correct Answer: A
QUESTION 95
Which default action setting in a Cisco FTD Access Control Policy allows all traffic from an undefined application to pass without Snort inspection?
A. Intrusion Prevention
B. Trust All Traffic
C. Network Discovery Only
D. Inherit from Base Policy
Correct Answer: B
QUESTION 96
Cisco Security Analytics and Logging SaaS licenses come with how many days of data retention by default?
A. 120
B. 365
C. 90
D. 60
Correct Answer: C
QUESTION 97
Remote users who connect via Cisco Secure Client to the corporate network behind a Cisco Secure Firewall Threat Defense device are reporting no audio on calls when calling between remote users using their softphones. These same users can call internal users on the corporate network without any issues. What is the cause of this issue?
A. Cisco Secure Firewall Threat Defense needs a NAT policy that allows outside to outside communication.
B. Split tunneling is enabled for the Remote Access VPN on Cisco Secure Firewall Threat Defense.
C. The Enable Spoke to Spoke Connectivity through Hub option is not selected on Cisco Secure Firewall Threat Defense.
D. The hairpinning feature is not available on Cisco Secure Firewall Threat Defense.
Correct Answer: A
QUESTION 98
A security engineer is deploying a Cisco Secure Firewall Threat Defense appliance to monitor traffic without dropping packets when it is inundated with data. Which two steps must be taken to meet this requirement? (Choose two.)
A. Configure the interfaces in passive mode.
B. Deploy the system out of band from the flow of network traffic.
C. Use adjacent interfaces to create a passive interface pair.
D. Use a switch SPAN or mirror port to monitor the traffic that flows across the network.
E. Configure the system transparently on a network segment by bridging together two ports.
Correct Answer: AD
QUESTION 99
Which rule action is only available in Snort 3?
A. Pass
B. Rewrite
C. Generate
D. Alert
Correct Answer: D
QUESTION 100
Which keyword must precede the regular expression /attack[(d{1, 1, 1, 1, 1, 1, 1, 1, 1})]?.swf/U in an intrusion rule if you want to use Perl to inspect the packet payload?
A. snort -p
B. perl
C. inspect -p
D. pore
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.