Free Cisco 300-710 Practice Questions 2026 | Securing Networks with Cisco Firepower (300-710 SNCF)

A VPN user is unable to conned lo web resources behind the Cisco FTD device terminating
the connection. While troubleshooting, the network administrator determines that the DNS
responses are not getting through the Cisco FTD What must be done to address this issue
while still utilizing Snort IPS rules?

A.

Uncheck the "Drop when Inline" box in the intrusion policy to allow the traffic

B.

Modify the Snort rules to allow legitimate DNS traffic to the VPN users

C.

Disable the intrusion rule threshes to optimize the Snort processing.

D.

Decrypt the packet after the VPN flow so the DNS queries are not inspected

A network engineer sets up a secondary Cisco FMC that is integrated with Cisco
Security Packet Analyzer What occurs when the secondary Cisco FMC synchronizes
with the primary Cisco FMC?

A.

The existing integration configuration is replicated to the primary Cisco FMC

B.

The existing configuration for integration of the secondary Cisco FMC the Cisco Security
Packet Analyzer is overwritten.

C.

The synchronization between the primary and secondary Cisco FMC fails

D.

The secondary Cisco FMC must be reintegrated with the Cisco Security Packet
Analyzer after the synchronization

A network engineer is receiving reports of users randomly getting disconnected from their
corporate applications which traverses the data center FTD appliance Network monitoring
tools show that the FTD appliance utilization is peaking above 90% of total capacity. What
must be done in order to further analyze this issue?

A.

Use the Packet Export feature to save data onto external drives

B.

Use the Packet Capture feature to collect real-time network traffic

C.

Use the Packet Tracer feature for traffic policy analysis

D.

Use the Packet Analysis feature for capturing network data

An engineer is restoring a Cisco FTD configuration from a remote backup using the
command restore remote-manager-backup location 1.1.1.1 admin /volume/home/admin
BACKUP_Cisc394602314.zip on a Cisco FMG. After connecting to the repository, an error
occurred that prevents the FTD device from accepting the backup file. What is the
problem?

A.

The backup file is not in .cfg format.

B.

The backup file is too large for the Cisco FTD device

C.

The backup file extension was changed from tar to zip

D.

The backup file was not enabled prior to being applied

An engainer must add DNS-specific rules to me Cisco FTD intrusion policy. The engineer
wants to use the rules currently in the Cisco FTD Snort database that are not already
enabled but does not want to enable more than are needed. Which action meets these
requirements?

A.

Change the dynamic state of the rule within the policy.

B.

Change the base policy to Security over Connectivity.

C.

Change the rule state within the policy being used

D.

Change the rules using the Generate and Use Recommendations feature.

A network engineer is logged into the Cisco AMP for Endpoints console and sees a
malicious verdict for an identified SHA-256 hash. Which configuration is needed to mitigate
this threat?

A.

Add the hash to the simple custom deletion list.

B.

Use regular expressions to block the malicious file.

C.

Enable a personal firewall in the infected endpoint.

D.

Add the hash from the infected endpoint to the network block list.

A security engineer is configuring a remote Cisco FTD that has limited resources and
internet bandwidth. Which malware action and protection option should be configured to
reduce the requirement for cloud lookups?

A.

Malware Cloud Lookup and dynamic analysis

B.

Block Malware action and dynamic analysis

C.

Block Malware action and local malware analysis

D.

Block File action and local malware analysis

An engineer must configure a Cisco FMC dashboard in a child domain. Which action must
be taken so that the dashboard is visible to the parent domain?

A.

Add a separate tab

B.

Adjust policy inheritance settings

C.

Add a separate widget

D.

Create a copy of the dashboard

Which feature is supported by IRB on Cisco FTD devices?

A.

redundant interface

B.

dynamic routing protocol

C.

EtherChannel interface

D.

high-availability cluster

An engineer is attempting to add a new FTD device to their FMC behind a NAT device with
a NAT ID of ACME001 and a password of Cisco388267669. Which command set must be
used in order to accomplish this?

A.

configure manager add ACME001 <registration key> <FMC IP>

B.

configure manager add <FMC IP> ACME0O1 <registration key>

C.

configure manager add DONTRESOLVE <FMC IP> AMCE001 <registration key>

D.

configure manager add <FMC IP> registration key> ACME001