Page: 1
/ 10
Total 143 questions
An administrator is working on a migration from Cisco ASA to the Cisco FTD appliance and needs to test the rules without disrupting the traffic. Which policy type should be used to configure the ASA rules during this phase of the migration?
- A. Prefilter
- B. Intrusion
- C. Access Control
- D. Identity
Answer : A
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide/ASA2FTD-with-FP-Migration-Tool/ b_Migration_Guide_ASA2FTD_chapter_01011.html
A network administrator is seeing an unknown verdict for a file detected by Cisco FTD. Which malware policy configuration option must be selected in order to further analyze the file in the Talos cloud?
- A. malware analysis
- B. dynamic analysis
- C. sandbox analysis
- D. Spero analysis
Answer : B
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reference_a_wrapper_Chapter_topic_here.html
An engineer has been tasked with providing disaster recovery for an organizationג€™s primary Cisco FMC. What must be done on the primary and secondary Cisco
FMCs to ensure that a copy of the original corporate policy is available if the primary Cisco FMC fails?
- A. Restore the primary Cisco FMC backup configuration to the secondary Cisco FMC device when the primary device fails.
- B. Connect the primary and secondary Cisco FMC devices with Category 6 cables of not more than 10 meters in length.
- C. Configure high-availability in both the primary and secondary Cisco FMCs.
- D. Place the active Cisco FMC device on the same trusted management network as the standby device.
Answer : C
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_management_center_high_availability.html
An engineer is attempting to add a new FTD device to their FMC behind a NAT device with a NAT ID of ACME001 and a password of Cisco0391521107. Which command set must be used in order to accomplish this?
- A. configure manager add<FMC IP> <registration key>ACME001
- B. configure manager add ACME001<registration key> <FMC IP>
- C. configure manager add <FMC IP>ACME001<registration key>
- D. configure manager add DONTRESOLVE <FMC IP> AMCE001<registration key>
Answer : A
Reference:
https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118596-configure-firesight-00.html
Refer to the exhibit. An organization has an access control rule with the intention of sending all social media traffic for inspection. After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed. What must be done to address this issue?
- A. Add the social network URLs to the block list.
- B. Change the intrusion policy to connectivity over security.
- C. Modify the selected application within the rule.
- D. Modify the rule action from trust to allow.
Answer : C
A user within an organization opened a malicious file on a workstation which in turn caused a ransomware attack on the network. What should be configured within the Cisco FMC to ensure the file is tested for viruses on a sandbox system?
- A. Spero analysis
- B. capacity handling
- C. local malware analysis
- D. dynamic analysis
Answer : D
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/ file_policies_and_advanced_malware_protection.html#ID-2199-000005d8
An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events are filling the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configuration change must be made to alleviate this issue?
- A. Exclude load balancers and NAT devices.
- B. Leave default networks.
- C. Increase the number of entries on the NAT device.
- D. Change the method to TCP/SYN.
Answer : A
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Network_Discovery_Policies.html
A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly; however, return traffic is entering the firewall but not leaving it. What is the reason for this issue?
- A. A manual NAT exemption rule does not exist at the top of the NAT table
- B. An external NAT IP address is not configured
- C. An external NAT IP address is configured to match the wrong interface
- D. An object NAT exemption rule does not exist at the top of the NAT table
Answer : D
An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects. What is the reason for this failure?
- A. The interfaces are being used for NAT for multiple networks
- B. The administrator is adding interfaces of multiple types
- C. The administrator is adding an interface that is in multiple zones
- D. The interfaces belong to multiple interface groups
Answer : D
An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?
- A. Modify the Cisco ISE authorization policy to deny this access to the user
- B. Modify Cisco ISE to send only legitimate usernames to the Cisco FTD
- C. Add the unknown user in the Access Control Policy in Cisco FTD
- D. Add the unknown user in the Malware & File Policy in Cisco FTD
Answer : C
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/fptd-fdm-config-guide-640/fptd-fdm- identity.html#concept_655B055575E04CA49B10186DEBDA301A
What is the benefit of selecting the trace option for packet capture?
- A. The option indicates whether the packet was dropped or successful.
- B. The option indicates whether the destination host responds through a different path.
- C. The option limits the number of packets that are captured.
- D. The option captures details of each packet.
Answer : C
After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file?
- A. /etc/sf/DCMIB.ALERT
- B. /sf/etc/DCEALERT.MIB
- C. /etc/sf/DCEALERT.MIB
- D. system/etc/DCEALERT.MIB
Answer : C
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/Intrusion-External-
Responses.pdf -
Which command is run at the CLI when logged in to an FTD unit, to determine whether the unit is managed locally or by a remote FMC server?
- A. system generate-troubleshoot
- B. show configuration session
- C. show managers
- D. show running-config | include manager
Answer : C
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/c_3.html
Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface?
- A. configure coredump packet-engine enable
- B. capture-traffic
- C. capture
- D. capture WORD
Answer : B
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/ac_1.html