Which CLI command is used to generate firewall debug messages on a Cisco Firepower?

A. system support firewall-engine-debug

B. system support ssl-debug

C. system support platform

D. system support dump-table

An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behavior. How is this accomplished?

A. Modify the network discovery policy to detect new hosts to inspect.

B. Modify the access control policy to redirect interesting traffic to the engine.

C. Modify the intrusion policy to determine the minimum severity of an event to inspect.

D. Modify the network analysis policy to process the packets for inspection.

An engineer installs a Cisco FTD device and wants to inspect traffic within the same subnet passing through a firewall and inspect traffic destined to the Internet. Which configuration will meet this requirement?

A. transparent firewall mode with IRB only

B. routed firewall mode with BVI and routed interfaces

C. transparent firewall mode with multiple BVIs

D. routed firewall mode with routed interfaces only

When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance. Which deployment mode meets the needs of the organization?

A. inline tap monitor-only mode

B. passive monitor-only mode

C. passive tap monitor-only mode

D. inline mode

An engineer has been tasked with performing an audit of network objects to determine which objects are duplicated across the various firewall models (Cisco Secure Firewall Threat Defense, Cisco Secure Firewall ASA, and Meraki MX Series) deployed throughout the company. Which tool will assist the engineer in performing that audit?

A. Cisco Firepower Device Manager

B. Cisco Defense Orchestrator

C. Cisco Secure Firewall Management Center

D. Cisco SecureX

A security engineer is adding three Cisco FTD devices to a Cisco FMC. Two of the devices have successfully registered to the Cisco FMC. The device that is unable to register is located behind a router that translates all outbound traffic to the router’s WAN IP address. Which two steps are required for this device to register to the Cisco FMC? (Choose two.)

A. Reconfigure the Cisco FMC to use the device’s private IP address instead of the WAN address.

B. Configure a NAT ID on both the Cisco FMC and the device.

C. Reconfigure the Cisco FMC to use the device’s hostname instead of IP address.

D. Remove the IP address defined for the device in the Cisco FMC.

E. Add the port number being used for PAT on the router to the device’s IP address in the Cisco FMC.

In which two places are thresholding settings configured? (Choose two.)

A. on each IPS rule

B. globally, within the network analysis policy

C. globally, per intrusion policy

D. on each access control rule

E. per preprocessor, within the network analysis policy

The CIO asks a network administrator to present to management a dashboard that shows custom analysis tables for the top DNS queries URL category statistics, and the URL reputation statistics. Which action must the administrator take to quickly produce this information for management?

A. Run the Attack report and filter on DNS to show this information.

B. Create a new dashboard and add three custom analysis widgets that specify the tables needed.

C. Modify the Connection Events dashboard to display the information in a view for management.

D. Copy the intrusion events dashboard tab and modify each widget to show the correct charts.

An engineer currently has a Cisco FTD device registered to the Cisco FMC and is assigned the address of 10.10.50.12. The organization is upgrading the addressing schemes and there is a requirement to convert the addresses to a format that provides an adequate amount of addresses on the network. What should the engineer do to ensure that the new addressing takes effect and can be used for the Cisco FTD to Cisco FMC connection?

A. Update the IP addresses from IPv4 to IPv6 without deleting from Cisco FMC.

B. Format and reregister the device to Cisco FMC.

C. Cisco FMC does not support devices that use IPv4 IP addresses.

D. Delete and reregister the device to Cisco FMC.

An engineer is troubleshooting HTTP traffic to a web server using the packet capture tool on Cisco FMC. When reviewing the captures, the engineer notices that there are a lot of packets that are not sourced from or destined to the web server being captured. How can the engineer reduce the strain of capturing packets for irrelevant traffic on the Cisco FTD device?

A. Use an access-list within the packet capture to permit only HTTP traffic to and from the web server.

B. Use the host filter in the packet capture to capture traffic to or from a specific host.

C. Use the –c option to restrict the packet capture to only the first 100 packets.

D. Redirect the packet capture output to a .pcap file that can be opened with Wireshark.

When creating a report template, how are the results limited to show only the activity of a specific subnet?

A. Create a custom search in Cisco FMC and select it in each section of the report.

B. Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/IP.

C. Add a Table View section to the report with the Search field defined as the network in CIDR format.

D. Select IP Address as the X-Axis in each section of the report.

When a Cisco FTD device is configured in transparent firewall mode, on which two interface types can an IP address be configured? (Choose two.)

A. Physical

B. EtherChannel

C. Subinterface

D. BVI

E. Diagnostic

A network engineer wants to add a third-party threat feed into the Cisco FMC for enhanced threat detection. Which action should be taken to accomplish this goal?

A. Enable Rapid Threat Containment using REST APIs.

B. Enable Rapid Threat Containment using STIX and TAXII.

C. Enable Threat Intelligence Director using REST APIs.

D. Enable Threat Intelligence Director using STIX and TAXII.

What is the RTC workflow when the infected endpoint is identified?

A. Cisco ISE instructs Cisco AMP to contain the infected endpoint.

B. Cisco ISE instructs Cisco FMC to contain the infected endpoint.

C. Cisco FMC instructs Cisco ISE to contain the infected endpoint.

D. Cisco AMP instructs Cisco FMC to contain the infected endpoint.

Which feature within the Cisco FMC web interface allows for detecting, analyzing, and blocking malware in network traffic?

A. intrusion and file events

B. Cisco AMP for Networks

C. file policies

D. Cisco AMP for Endpoints

A security engineer is deploying Cisco Secure Endpoint to detect a zero day malware attack with an SHA-256 hash of 47ea931f3e9dc23ec0b0885a80663e30ea013d493f8e88224b570a0464084628. What must be configured in Cisco Secure Endpoint to enable the application to take action based on this hash?

A. access control rule

B. correlation policy

C. transform set

D. custom detection list

Users report that Cisco Duo 2FA fails when they attempt to connect to the VPN on a Cisco Secure Firewall Threat Defense (FTD) device. IT staff have VPN profiles that do not require multifactor authentication and they can connect to the VPN without any issues. When viewing the VPN troubleshooting log in Cisco Secure Firewall Management Center (FMC), the network administrator sees an error that the Cisco Duo AAA server has been marked as failed. What is the root cause of the issue?

A. AD Trust certificates are missing from the Secure FTD device.

B. Multifactor authentication is not supported on Secure FMC managed devices.

C. The internal AD server is unreachable from the Secure FTD device.

D. Duo trust certificates are missing from the Secure FTD device.

Remote users who connect via Cisco Secure Client to the corporate network behind a Cisco Secure Firewall Threat Defense device are reporting no audio on calls when calling between remote users using their softphones. These same users can call internal users on the corporate network without any issues. What is the cause of this issue?

A. The hairpinning feature is not available on Cisco Secure Firewall Threat Defense

B. Cisco Secure Firewall Threat Defense needs a NAT policy that allows outside to outside communication

C. The Enable Spoke to Spoke Connectivity through Hub option is not selected on Cisco Secure Firewall Threat Defense

D. Split tunneling is enabled for the Remote Access VPN on Cisco Secure Firewall Threat Defense

A network administrator is configuring an FTD in transparent mode. A bridge group is set up and an access policy has been set up to allow all IP traffic. Traffic is not passing through the FTD. What additional configuration is needed?

A. An IP address must be assigned to the BVI.

B. The security levels of the interfaces must be set.

C. A default route must be added to the FTD.

D. A mac-access control list must be added to allow all MAC addresses.

Which two deployment types support high availability? (Choose two.)

A. transparent

B. routed

C. clustered

D. intra-chassis multi-instance

E. virtual appliance in public cloud

An engineer is configuring a Cisco IPS to protect the network and wants to test a policy before deploying it. A copy of each incoming packet needs to be monitored while traffic flow remains constant. Which IPS mode should be implemented to meet these requirements?

A. routed

B. passive

C. transparent

D. inline tap

Which object type supports object overrides?

A. time range

B. security group tag

C. network object

D. DNS server group

When an engineer captures traffic on a Cisco Secure Firewall Threat Defense device to troubleshoot a connectivity problem, they receive a large amount of output data in the GUI tool. The engineer found that viewing the captures this way is time-consuming and difficult to sort and filter. Which file type must the engineer export the data in so that it can be reviewed using a tool built for this type of analysis?

A. NetFlow v9

B. PCAP

C. IPFIX

D. NetFlow v5

Which license type is required on Cisco ISE to integrate with Cisco FMC pxGrid?

A. apex

B. plus

C. base

D. mobility

An analyst using the security analyst account permissions is trying to view the Correlations Events Widget but is not able to access it. However, other dashboards are accessible. Why is this occurring?

A. The widget is configured to display only when active events are present

B. The security analyst role does not have permission to view this widget

C. An API restriction within the Cisco FMC is preventing the widget from displaying

D. The widget is not configured within the Cisco FMC

Which two statements are valid regarding the licensing model used on Cisco Secure Firewall Threat Defense Virtual appliances? (Choose two.)

A. All licenses support a maximum of 250 VPN peers

B. All licenses support up to 16 vCPUs

C. All licenses require 500G of available storage for the VM

D. Licenses can be used on both physical and virtual appliances

E. Licenses can be used on any supported cloud platform

After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file?

A. /etc/sf/DCMIB.ALERT

B. /sf/etc/DCEALERT.MIB

C. /etc/sf/DCEALERT.MIB

D. system/etc/DCEALERT.MIB

Which Cisco FMC report gives the analyst information about the ports and protocols that are related to the configured sensitive network for analysis?

A. Malware Report

B. Host Report

C. Firepower Report

D. Network Report

An engineer has been asked to show application usages automatically on a monthly basis and send the information to management. What mechanism should be used to accomplish this task?

A. reports

B. context explorer

C. dashboards

D. event viewer

A security engineer must integrate an external feed containing STIX/TAXII data with Cisco FMC. Which feature must be enabled on the Cisco FMC to support this connection?

A. Threat Intelligence Director

B. Cisco Success Network

C. Security Intelligence Feeds

D. Cisco Secure Endpoint Integration

An engineer must create an access control policy on a Cisco Secure Firewall Threat Defense device. The company has a contact center that utilizes VoIP heavily, and it is critical that this traffic is not impacted by performance issues after deploying the access control policy. Which access control action rule must be configured to handle the VoIP traffic?

A. block

B. trust

C. monitor

D. allow

A network administrator is configuring a BVI interface on a routed FTD. The administrator wants to isolate traffic on the interfaces connected to the bridge group and not have the FTD route this traffic using the routing table. What must be configured?

A. A new VRF must be created for the BVI interface

B. An IP address must be configured on the BVI

C. IP routing must be removed from the physical interfaces connected to the BVI

D. The BVI interface must be configured for transparent mode

A network administrator is reviewing a packet capture. The packet capture from inside of Cisco Secure Firewall Threat Defense shows the inbound TCP traffic. However, the outbound TCP traffic is not seen in the packet capture from outside Secure Firewall Threat Defense. Which configuration change resolves the issue?

A. Packet capture must include UDP traffic.

B. Inside interface must be assigned a higher security level.

C. Route to the destination must be added.

D. Inside interface must be assigned a lower security level.

Refer to the exhibit. An administrator is looking at some of the reporting capabilities for Cisco Firepower and noticed this section of the Network Risk Report showing a lot of SSL activity that could be used for evasion. Which action will mitigate this risk?

A. Use SSL decryption to analyze the packets.

B. Use Cisco Tetration to track SSL connections to servers.

C. Use encrypted traffic analytics to detect attacks.

D. Use Cisco AMP for Endpoints to block all SSL connection.

DRAG DROP
-
Drag and drop the configuration steps from the left into the sequence on the right to enable external authentication on Cisco FMC to a RADIUS server.
 

An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?

A. Modify the Cisco ISE authorization policy to deny this access to the user

B. Modify Cisco ISE to send only legitimate usernames to the Cisco FTD

C. Add the unknown user in the Access Control Policy in Cisco FTD

D. Add the unknown user in the Malware & File Policy in Cisco FTD

What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

A. VPN connections can be re-established only if the failed master unit recovers.

B. Smart License is required to maintain VPN connections simultaneously across all cluster units.

C. VPN connections must be re-established when a new master unit is elected.

D. Only established VPN connections are maintained when a new master unit is elected.

With Cisco FTD integrated routing and bridging, which interface does the bridge group use to communicate with a routed interface?

A. subinterface

B. switch virtual

C. bridge virtual

D. bridge group member

Which Cisco Firepower rule action displays an HTTP warning page?

A. Monitor

B. Block

C. Interactive Block

D. Allow with Warning

An engineer is configuring URL filtering for a Cisco FTD device in Cisco FMC. Users must receive a warning when they access http://www.badadultsite.com with the option of continuing to the website if they choose to. No other websites should be blocked. Which two actions must the engineer take to meet these requirements? (Choose two.)

A. On the HTTP Responses tab of the access control policy editor, set the Interactive Block Response Page to System-provided.

B. Configure the default action for the access control policy to Interactive Block.

C. Configure an access control rule that matches an URL object for http://www.badadultsite.com/ and set the action to Interactive Block.

D. Configure an access control rule that matches the Adult URL category and set the action to Interactive Block.

E. On the HTTP Responses tab of the access control policy editor, set the Block Response Page to Custom.

An administrator configures new threat intelligence sources and must validate that the feeds are being downloaded and that the intelligence is being used within the Cisco Secure Firewall system. Which action accomplishes the task?

A. Look at the connection security intelligence events

B. Use the source status indicator to validate the usage

C. View the threat intelligence observables to see the downloaded data

D. Look at the access control policy to validate that the intelligence is being used

An administrator is attempting to remotely log into a switch in the data center using SSH and is unable to connect. How does the administrator confirm that traffic is reaching the firewall?

A. by performing a packet capture on the firewall

B. by attempting to access it from a different workstation

C. by running Wireshark on the administrator’s PC

D. by running a packet tracer on the firewall

Which rule action is only available in Snort 3?

A. Pass

B. Generate

C. Alert

D. Rewrite

A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet. How is this accomplished on an
FTD device in routed mode?

A. by assigning an inline set interface

B. by using a BVI and creating a BVI IP address in the same subnet as the user segment

C. by leveraging the ARP to direct traffic through the firewall

D. by bypassing protocol inspection by leveraging pre-filter rules

An engineer is configuring a custom intrusion rule on Cisco FMC. The engineer needs the rule to search the payload or stream for the string "|44 78 97 13 2 0A|". Which keyword must the engineer use with this string to create an argument for packet inspection?

A. protected_content

B. content

C. data

D. metadata

A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the application rules?

A. utilizing a dynamic ACP that updates from Cisco Talos

B. creating a unique ACP per device

C. utilizing policy inheritance

D. creating an ACP with an INSIDE_NET network object and object overrides

An administrator receives reports that users cannot access a cloud-hosted web server. The access control policy was recently updated with several new policy additions and URL filtering. What must be done to troubleshoot the issue and restore access without sacrificing the organization's security posture?

A. Download a PCAP of the traffic attempts to verify the blocks and use the flexconfig objects to create a rule that allows only the required traffic to the destination server.

B. Identify the blocked traffic in the Cisco FMC connection events to validate the block, and modify the policy to allow the traffic to the web server.

C. Create a new access control policy rule to allow ports 80 and 443 to the FQDN of the web server.

D. Verify the blocks using the packet capture tool and create a rule with the action monitor for the traffic.

A security analyst must create a new report within Cisco FMC to show an overview of the daily attacks, vulnerabilities, and connections. The analyst wants to reuse specific dashboards from other reports to create this consolidated one. Which action accomplishes this task?

A. Copy the Malware Report and modify the sections to pull components from other reports.

B. Create a new dashboard object via Object Management to represent the desired views.

C. Use the import feature in the newly created report to select which dashboards to add.

D. Modify the Custom Workflows within the Cisco FMC to feed the desired data into the new report.

What is a valid Cisco AMP file disposition?

A. non-malicious

B. malware

C. known-good

D. pristine

An engineer is restoring a Cisco FTD configuration from a remote backup using the command restore remote-manager-backup location 1.1.1.1 admin /
Volume/home/admin BACKUP_Cisc394602314.zip on a Cisco FMC. After connecting to the repository, an error occurred that prevents the FTD device from accepting the backup file. What is the problem?

A. The backup file is not in .cfg format

B. The backup file is too large for the Cisco FTD device

C. The backup file extension was changed from .tar to .zip

D. The backup file was not enabled prior to being applied