QUESTION 121
An administrator is configuring the interface of a Cisco Secure Firewall Threat Defense firewall device in a passive IPS deployment. The device and interface have been identified. Which set of configuration steps must the administrator perform next to complete the implementation?
A. Modify the interface to retransmit received traffic. Associate the interface with a security zone. Set the MTU parameter.
B. Set the interface mode to passive. Associate the interface with a security zone. Enable the interface. Set the MTU parameter.
C. Set the interface mode to passive. Associate the interface with a security zone. Set the MTU parameter. Reset the interface.
D. Modify the interface to retransmit received traffic. Associate the interface with a security zone. Enable the interface. Set the MTU parameter.
Correct Answer: B
QUESTION 122
A company is deploying AMP private cloud. The AMP private cloud instance has already been deployed by the server administrator. The server administrator provided the hostname of the private cloud instance to the network engineer via email. What additional information does the network engineer require from the server administrator to be able to make the connection to the AMP private cloud in Cisco FMC?
A. IP address and port number for the connection proxy
B. Username and password to the AMP private cloud instance
C. SSL certificate for the AMP private cloud instance
D. Internet access for the AMP private cloud to reach the AMP public cloud
Correct Answer: C
QUESTION 123
The security engineer reviews the syslog server events of an organization and sees many outbound connections to malicious sites initiated from hosts running Cisco Secure Endpoint. The hosts are on a separate network from the Cisco FTD device. Which action blocks the connections?
A. Modify the policy on Cisco Secure Endpoint to enable DFC.
B. Modify the access control policy on the Cisco FMC to block malicious outbound connections.
C. Add a Cisco Secure Endpoint policy with the Tetra and Spero engines enabled.
D. Add the IP addresses of the malicious sites to the access control policy on the Cisco FMC.
Correct Answer: A
QUESTION 124
A company is deploying a Cisco Secure IPS device configured in inline mode with a single interface set that contains four interface pairs. Which two configurations must be implemented to allow the IPS device to uniquely identify packet flows and prevent the reporting of duplicate traffic and false positives? (Choose two).
A. Modify the security zones used by the Cisco Secure IPS device.
B. Reconfigure access rules to drop all but the first occurrence of the packet.
C. Reassign the interface pairs to separate inline sets.
D. Set the source SPAN ports to tx only on the switches connected to the IPS interfaces
E. Change the MTU for the inline set to at least 1518.
Correct Answer: BC
QUESTION 125
What is the role of realms in the Cisco ISE and Cisco FMC integration?
A. AD definition
B. Cisco Secure Firewall VDC
C. Cisco ISE context
D. TACACS+ database
Correct Answer: A
QUESTION 126
A security engineer must create a malware and file policy on a Cisco Secure Firewall Threat Defense device. The solution must ensure that PDF, DOCX, and XLSX files are not sent to Cisco Secure Malware Analytics. What must be configured to meet the requirements?
A. dynamic analysis
B. Spero analysis
C. local malware analysis
D. capacity handling
Correct Answer: C
QUESTION 127
A company is deploying Cisco Secure Firewall Threat Defense with IPS. What must be implemented in inline mode to pass the traffic without inspection during spikes and ensure that network traffic is kept?
A. Increase the MTU to 9000.
B. Change the interface mode to Routed.
C. Select Propagate Link State.
D. Set the Snort Failsafe option.
Correct Answer: D
QUESTION 128
An administrator configures new threat intelligence sources and must validate that the feeds are being downloaded and that the intelligence is being used within the Cisco Secure Firewall system. Which action accomplishes the task?
A. View the threat intelligence observables to see the downloaded data.
B. Look at the access control policy to validate that the intelligence is being used.
C. Use the source status indicator to validate the usage.
D. Look at the connection security intelligence events.
Correct Answer: C
QUESTION 129
A software development company hosts the website https://dev.company.com for contractors to share code for projects they are working on with internal developers. The web server is on premises and is protected by a Cisco Secure Firewall Threat Defense appliance. The network administrator is worried about someone trying to transmit infected files to internal users via this site. Which type of policy must be associated with an access control policy to enable Cisco Secure Firewall Malware Defense to detect and block malware?
A. SSL policy
B. file policy
C. network discovery policy
D. prefilter policy
Correct Answer: B
QUESTION 130
An engineer must create an access control policy on a Cisco Secure Firewall Threat Defense device. The company has a contact center that utilizes VolP heavily, and it is critical that this traffic is not impacted by performance issues after deploying the access control policy. Which access control action rule must be configured to handle the VolP traffic?
A. trust
B. block
C. monitor
D. allow
Correct Answer: D
QUESTION 131
Users report that Cisco Duo 2FA fails when they attempt to connect to the VPN on a Cisco Secure Firewall Threat Defense (FTD) device. IT staff have VPN profiles that do not require multifactor authentication and they can connect to the VPN without any issues. When viewing the VPN troubleshooting log in Cisco Secure Firewall Management Center (FMC), the network administrator sees an error that the Cisco Duo AAA server has been marked as failed. What is the root cause of the issue?
A. Duo trust certificates are missing from the Secure FTD device.
B. Multifactor authentication is not supported on Secure FMC managed devices.
C. AD Trust certificates are missing from the Secure FTD device.
D. The internal AD server is unreachable from the Secure FTD device.
Correct Answer: A
QUESTION 132
A network administrator is deploying a new Cisco Secure Firewall Threat Defense (FTD) firewall. After Cisco Secure FTD is deployed, inside clients have intermittent connectivity to each other. When reviewing the packet capture on the Secure FTD firewall, the administrator sees that Secure FTD is responding to all the ARP requests on the inside network. Which action must the network administrator take to resolve the issue?
A. Review NAT policy and disable incorrect proxy ARP configuration.
B. Convert the FTD to transparent mode to allow ARP requests.
C. Hardcode the MAC address of the FTD to IP mapping on client machines.
D. Review the access policy and verify that ARP is allowed from inside to inside.
Correct Answer: A
QUESTION 133
When packet capture is used on a Cisco Secure Firewall Threat Defense device and the packet flow is waiting on the malware query, which Snort verdict appears?
A. retry
B. replace
C. blockflow
D. block
Correct Answer: A
QUESTION 134
A network administrator wants to configure a Cisco Secure Firewall Threat Defense instance managed by Cisco Secure Firewall Management Center to block traffic to known cryptomining networks. Which system settings must the administrator configure in Secure Firewall Management Center to meet the requirement?
A. Access Policy, Security Intelligence
B. Access Policy, Rules
C. Intrusion Policy, Security Intelligence
D. Malware Policy, Rules
Correct Answer: A
QUESTION 135
A network engineer detects a connectivity issue between Cisco Secure Firewall Management Center and Cisco Secure Firewall Threat Defense. Initial troubleshooting indicates that heartbeats and events are not being received. The engineer re-establishes the secure channels between both peers. Which two commands must the engineer run to resolve the issue? (Choose two.)
A. sudo perfstats -Cq < /var/sf/rna/correlator-stats/now
B. show history
C. manage_procs.pl
D. show disk-manager
E. sudo stats_unified.pl
Correct Answer: CE
QUESTION 136
A security engineer manages a firewall console and an endpoint console and finds it challenging and time consuming to review events and modify blocking of specific files in both consoles. Which action must the engineer take to streamline this process?
A. Initiate the integration between Secure FMC and Cisco Secure Endpoint from the Secure FMC using the AMP tab.
B. Within the Cisco Secure Endpoint console, copy the connector GUID and paste into the Cisco Secure Firewall Management Center (FMC) AMP tab.
C. From the Cisco Secure Endpoint console, create and copy an API key and paste into the Cisco Secure AMP tab.
D. From the Secure FMC, create a Cisco Secure Endpoint object and reference the object in the Cisco Secure Endpoint console.
Correct Answer: A
QUESTION 137
A network engineer must configure an existing firewall to have a NAT configuration. The new configuration must support more than two interfaces per context. The firewall has previously been operating in transparent mode. The Cisco Secure Firewall Threat Defense (FTD) device has been deregistered from Cisco Secure Firewall Management Center (FMC). Which set of configuration actions must the network engineer take next to meet the requirements?
A. Run the configure manager add routed command from the Secure FMC CLI, and reregister with Secure FMC.
B. Run the configure firewall routed command from the Secure FTD device CLI, and reregister with Secure FMC.
C. Run the configure manager add routed command from the Secure FTD device CLI, and reregister with Secure FMC.
D. Run the configure firewall routed command from the Secure FMC CLI, and reregister with Secure FMC.
Correct Answer: B
QUESTION 138
An engineer is tasked with configuring a custom intrusion rule on Cisco Secure Firewall Management Center to detect and block the malicious traffic pattern with specific payload containing string “lff ed cq fg hc qm pnl”. Which action must the Engineer configure on the IPS policy?
A. quarantine
B. alert
C. drop
D. reset
E. disable
Correct Answer: C
QUESTION 139
An engineer is troubleshooting an intermittent connectivity issue on a Cisco Secure Firewall Threat Defense appliance and must collect 24 hours’ worth of data. The engineer started a packet capture, however it stops prematurely during this time period. The engineer notices that the packet capture buffer size is set to the default of 32 MB. Which buffer size is the maximum that the engineer must set to enable the packet capture to run successfully?
A. 64 MB
B. 1 GB
C. 10 GB
D. 100 GB
Correct Answer: C
QUESTION 140
An engineer must integrate a third-party security intelligence feed with Cisco Secure Firewall Management Center. Secure Firewall Management Center is running Version 6.2.3 and has 8GB of memory. Which two actions must be taken to implement Threat Intelligence Director? (Choose two.)
A. Add 7 GB of memory.
B. Add a TAXII server.
C. Upgrade to version 6.6.
D. Add the URL of the TAXII server.
E. Enable REST API access.
Correct Answer: AE
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.