A security engineer is configuring a remote Cisco FTD that has limited resources and internet bandwidth. Which malware action and protection option should be configured to reduce the requirement for cloud lookups?

A. Block File action and local malware analysis

B. Malware Cloud Lookup and dynamic analysis

C. Block Malware action and dynamic analysis

D. Block Malware action and local malware analysis

A network administrator is configuring a Cisco AMP public cloud instance and wants to capture infections and polymorphic variants of a threat to help detect families of malware. Which detection engine meets this requirement?

A. Ethos

B. Tetra

C. RBAC

D. Spero

An engineer has been asked to show application usages automatically on a monthly basis and send the information to management. What mechanism should be used to accomplish this task?

A. reports

B. context explorer

C. dashboards

D. event viewer

When using Cisco Threat Response, which phase of the Intelligence Cycle publishes the results of the investigation?

A. processing

B. direction

C. dissemination

D. analysis

An engineer is tasked with configuring a custom intrusion rule on Cisco Secure Firewall Management Center to detect and block the malicious traffic pattern with specific payload containing string "|04 68 72 80 87 ff ed cq fg he qm pn|". Which action must the Engineer configure on the IPS policy?

A. reset

B. drop

C. alert

D. disable

E. quarantine

Due to an increase in malicious events, a security engineer must generate a threat report to include intrusion events, malware events, and security intelligence events. How is this information collected in a single report?

A. Run the default Firepower report.

B. Create a Custom report.

C. Generate a malware report.

D. Export the Attacks Risk report.

Which Cisco FMC report gives the analyst information about the ports and protocols that are related to the configured sensitive network for analysis?

A. Malware Report

B. Host Report

C. Firepower Report

D. Network Report

An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs. Each DMZ has a unique private IP subnet range. How is this requirement satisfied?

A. Deploy the firewall in transparent mode with access control policies

B. Deploy the firewall in routed mode with access control policies

C. Deploy the firewall in routed mode with NAT configured

D. Deploy the firewall in transparent mode with NAT configured

Which two routing options are valid with Cisco FTD? (Choose two.)

A. BGPv6

B. ECMP with up to three equal cost paths across multiple interfaces

C. ECMP with up to three equal cost paths across a single interface

D. BGPv4 in transparent firewall mode

E. BGPv4 with nonstop forwarding

Refer to the exhibit. What is the effect of the existing Cisco FMC configuration?

A. The remote management port for communication between the Cisco FMC and the managed device changes to port 8443.

B. The managed device is deleted from the Cisco FMC.

C. The SSL-encrypted communication channel between the Cisco FMC and the managed device becomes plain-text communication channel.

D. The management connection between the Cisco FMC and the Cisco FTD is disabled.

An engineer is configuring Cisco FMC and wants to limit the time allowed for processing packets through the interface. However, if the time is exceeded, the configuration must allow packets to bypass detection. What must be configured on the Cisco FMC to accomplish this task?

A. Cisco ISE Security Group Tag

B. Automatic Application Bypass

C. Inspect Local Traffic Bypass

D. Fast-Path Rules Bypass

A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisco FMC generated an alert for the malware event, however the user still remained connected. Which Cisco AMP file rule action within the Cisco FMC must be set to resolve this issue?

A. Malware Cloud Lookup

B. Reset Connection

C. Detect Files

D. Local Malware Analysis

A network engineer is planning on deploying a Cisco Secure Firewall Threat Defense Virtual appliance in transparent mode. Which two virtual environments support this configuration? (Choose two.)

A. OSI

B. AWS

C. GCP

D. KVM

E. ESXi

A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly; however, return traffic is entering the firewall but not leaving it. What is the reason for this issue?

A. A manual NAT exemption rule does not exist at the top of the NAT table

B. An external NAT IP address is not configured

C. An external NAT IP address is configured to match the wrong interface

D. An object NAT exemption rule does not exist at the top of the NAT table

Which report template field format is available in Cisco FMC?

A. box lever chart

B. arrow chart

C. bar chart

D. benchmark chart

Which limitation applies to Cisco FMC dashboards in a multi-domain environment?

A. Child domains are able to view but not edit dashboards that originate from an ancestor domain.

B. Child domains have access to only a limited set of widgets from ancestor domains.

C. Only the administrator of the top ancestor domain is able to view dashboards.

D. Child domains are not able to view dashboards that originate from an ancestor domain.

The administrator notices that there is malware present with an .exe extension and needs to verify if any of the systems on the network are running the executable file. What must be configured within Cisco AMP for Endpoints to show this data?

A. vulnerable software

B. file analysis

C. threat root cause

D. prevalence

A network administrator is reviewing a packet capture. The packet capture from inside of Cisco Secure Firewall Threat Defense shows the inbound TCP traffic. However, the outbound TCP traffic is not seen in the packet capture from outside Secure Firewall Threat Defense. Which configuration change resolves the issue?

A. Packet capture must include UDP traffic.

B. Inside interface must be assigned a higher security level.

C. Route to the destination must be added.

D. Inside interface must be assigned a lower security level.

What is a result of enabling Cisco FTD clustering?

A. For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.

B. Integrated Routing and Bridging is supported on the master unit.

C. Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.

D. All Firepower appliances support Cisco FTD clustering.

Refer to the exhibit. What must be done to fix access to this website while preventing the same communication to all other websites?

A. Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1.50.

B. Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50.

C. Create an access control policy rule to allow port 443 to only 172.1.1.50.

D. Create an access control policy rule to allow port 80 to only 172.1.1.50.

A Cisco FMC administrator wants to configure fastpathing of trusted network traffic to increase performance. In which type of policy would the administrator configure this feature?

A. Network Analysis policy

B. Identity policy

C. Prefilter policy

D. Intrusion policy

A security engineer must create a malware and file policy on a Cisco Secure Firewall Threat Defense device. The solution must ensure that PDF, DOCX, and XLSX files are not sent to Cisco Secure Malware Analytics. What must be configured to meet the requirements?

A. Spero analysis

B. local malware analysis

C. capacity handling

D. dynamic analysis

A network administrator reviews the attack risk report and notices several low-impact attacks. What does this type of attack indicate?

A. All attacks are listed as low until manually recategorized.

B. The host is not vulnerable to those attacks.

C. The host is not within the administrator’s environment.

D. The attacks are not dangerous to the network.

An organization has noticed that malware was downloaded from a website that does not currently have a known bad reputation. How will this issue be addressed globally in the quickest way possible and with the least amount of impact?

A. by creating a URL object in the policy to block the website.

B. Cisco Talos will automatically update the policies.

C. by denying outbound web access

D. by isolating the endpoint

A network engineer must configure IPS mode on a Secure Firewall Threat Defense device to inspect traffic and act as an IDS. The engineer already configured the passive-interface on the Secure Firewall Threat Defense device and SPAN on the switch. What must be configured next by the engineer?

A. intrusion policy on the Secure Firewall Threat Defense device

B. active SPAN port on the switch

C. DHCP on the switch

D. active interface on the Secure Firewall Threat Defense device

A network administrator has converted a Cisco FTD from using LDAP to LDAPS for VPN authentication. The Cisco FMC can connect to the LDAPS server, but the Cisco FTD is not connecting. Which configuration must be enabled on the Cisco FTD?

A. The LDAPS must be allowed through the access control policy.

B. The RADIUS server must be defined.

C. SSL must be set to a use TLSv1.2 or lower.

D. DNS servers must be defined for name resolution.

A company is in the process of deploying intrusion protection with Cisco FTDs managed by a Cisco FMC. Which action must be selected to enable fewer rules detect only critical conditions and avoid false positives?

A. Connectivity Over Security

B. Balanced Security and Connectivity

C. Maximum Detection

D. No Rules Active

An administrator is adding a QoS policy to a Cisco FTD deployment. When a new rule is added to the policy and QoS is applied on “Interfaces in Destination Interface Objects”, no interface objects are available. What is the problem?

A. The FTD is out of available resources for use, so QoS cannot be added.

B. The network segments that the interfaces are on do not have contiguous IP space.

C. A conflict exists between the destination interface types that is preventing QoS from being added.

D. QoS is available only on routed interfaces, and this device is in transparent mode.

An engineer must investigate a connectivity issue and decides to use the packet capture feature on Cisco FTD. The goal is to see the real packet going through the Cisco FTD device and see Snort detection actions as a part of the output. After the capture-traffic command is issued, only the packets are displayed. Which action resolves this issue?

A. Specify the trace using the -T option after the capture-traffic command

B. Perform the trace within the Cisco FMC GUI instead of the Cisco FMC CLI

C. Use the verbose option as a part of the capture-traffic command

D. Use the capture command and specify the trace option to get the required information

An engineer is working on a LAN switch and has noticed that its network connection to the inline Cisco IPS has gone down. Upon troubleshooting, it is determined that the switch is working as expected. What must have been implemented for this failure to occur?

A. The upstream router has a misconfigured routing protocol.

B. Link-state propagation is enabled.

C. The Cisco IPS has been configured to be in fail-open mode.

D. The Cisco IPS is configured in detection mode.

An administrator is configuring their transparent Cisco FTD device to receive ERSPAN traffic from multiple switches on a passive port, but the Cisco FTD is not processing the traffic. What is the problem?

A. The switches do not have Layer 3 connectivity to the FTD device for GRE traffic transmission.

B. The switches were not set up with a monitor session ID that matches the flow ID defined on the Cisco FTD.

C. The Cisco FTD must be in routed mode to process ERSPAN traffic.

D. The Cisco FTD must be configured with an ERSPAN port not a passive port.

Which Cisco AMP for Endpoints policy is used only for monitoring endpoint activity?

A. Windows domain controller

B. audit

C. triage

D. protection

Which action should be taken after editing an object that is used inside an access control policy?

A. Delete the existing object in use.

B. Refresh the Cisco FMC GUI for the access control policy.

C. Redeploy the updated configuration.

D. Create another rule using a different object name.

Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high-availability?

A. configure high-availability resume

B. configure high-availability disable

C. system support network-options

D. configure high-availability suspend

An analyst is reviewing the Cisco FMC reports for the week. They notice that some peer-to-peer applications are being used on the network and they must identify which poses the greatest risk to the environment. Which report gives the analyst this information?

A. User Risk Report

B. Advanced Malware Risk Report

C. Attacks Risk Report

D. Network Risk Report

Refer to the exhibit. A security engineer must improve security in an organization and is producing a risk mitigation strategy to present to management for approval. Which action must the security engineer take based on this Attacks Risk Report?

A. Block NetBIOS.

B. Inspect TCP port 80 traffic.

C. Block Internet Explorer.

D. Inspect DNS traffic.

A security engineer needs to configure a network discovery policy on a Cisco FMC appliance and prevent excessive network discovery events from overloading the FMC database? Which action must be taken to accomplish this task?

A. Monitor only the default IPv4 and IPv6 network ranges.

B. Configure NetFlow exporters for monitored networks.

C. Change the network discovery method to TCP/SYN.

D. Exclude load balancers and NAT devices in the policy.

Upon detecting a flagrant threat on an endpoint, which two technologies instruct Cisco Identity Services Engine to contain the infected endpoint either manually or automatically? (Choose two.)

A. Cisco Stealthwatch

B. Cisco ASA 5500 Series

C. Cisco FMC

D. Cisco ASR 7200 Series

E. Cisco AMP

An engineer is troubleshooting HTTP traffic to a web server using the packet capture tool on Cisco FMC. When reviewing the captures, the engineer notices that there are a lot of packets that are not sourced from or destined to the web server being captured. How can the engineer reduce the strain of capturing packets for irrelevant traffic on the Cisco FTD device?

A. Use an access-list within the packet capture to permit only HTTP traffic to and from the web server.

B. Use the host filter in the packet capture to capture traffic to or from a specific host.

C. Use the –c option to restrict the packet capture to only the first 100 packets.

D. Redirect the packet capture output to a .pcap file that can be opened with Wireshark.

A network administrator is concerned about the high number of malware files affecting users' machines. What must be done within the access control policy in
Cisco FMC to address this concern?

A. Create an intrusion policy and set the access control policy to block

B. Create an intrusion policy and set the access control policy to allow

C. Create a file policy and set the access control policy to allow

D. Create a file policy and set the access control policy to block

After using Firepower for some time and learning about how it interacts with the network, an administrator is trying to correlate malicious activity with a user. Which widget should be configured to provide this visibility on the Cisco Firepower dashboards?

A. Current Sessions

B. Correlation Events

C. Current Status

D. Custom Analysis

An engineer configures an access control rule that deploys file policy configurations to security zone or tunnel zones, and it causes the device to restart. What is the reason for the restart?

A. Source or destination security zones in the access control rule matches the security zones that are associated with interfaces on the target devices.

B. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the destination policy.

C. Source or destination security zones in the source tunnel zone do not match the security zones that are associated with interfaces on the target devices.

D. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the source policy.

An engineer is implementing Cisco FTD in the network and is determining which Firepower mode to use. The organization needs to have multiple virtual
Firepower devices working separately inside of the FTD appliance to provide traffic segmentation. Which deployment mode should be configured in the Cisco
Firepower Management Console to support these requirements?

A. multi-instance

B. multiple deployment

C. single deployment

D. single-context

What are the minimum requirements to deploy a managed device inline?

A. inline interfaces, security zones, MTU, and mode

B. passive interface, MTU, and mode

C. inline interfaces, MTU, and mode

D. passive interface, security zone, MTU, and mode

An organization created a custom application that is being flagged by Cisco Secure Endpoint. The application must be exempt from being flagged. What is the process to meet the requirement?

A. Configure the custom application to use the information-store paths.

B. Add the custom application to the DFC list and update the policy.

C. Precalculate the hash value of the custom application and add it to the allowed applications.

D. Modify the custom detection list to exclude the custom application.

A network administrator is trying to convert from LDAP to LDAPS for VPN user authentication on a Cisco FTD. Which action must be taken on the Cisco FTD objects to accomplish this task?

A. Identify the LDAPS cipher suite and use a Cipher Suite List object to define the Cisco FTD connection requirements.

B. Modify the Policy List object to define the session requirements for LDAPS.

C. Add a Key Chain object to acquire the LDAPS certificate.

D. Create a Certificate Enrollment object to get the LDAPS certificate needed.

An engineer integrates Cisco FMC and Cisco ISE using pxGrid. Which role is assigned for Cisco FMC?

A. server

B. controller

C. publisher

D. client

What are two application layer preprocessors? (Choose two.)

A. CIFS

B. IMAP

C. SSL

D. DNP3

E. ICMP

Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface?

A. configure coredump packet-engine enable

B. capture-traffic

C. capture

D. capture WORD

Which two features can be used with Cisco Secure Firewall Threat Defense remote access VPN? (Choose two.)

A. enable Duo two-factor authentication using LDAPS

B. support for Cisco Secure Firewall 4100 Series in cluster mode

C. SSL remote access VPN supports port sharing with other Cisco FTD features using SSL port 443

D. use of license utilization for zero-touch network deployment

E. support for Rapid Threat Containment using RADIUS dynamic authorization