An engineer must export a packet capture from Cisco Secure Firewall Management Center to assist in troubleshooting an issue on a Secure Firewall Threat Defense device. When the engineer navigates to the URL for Secure Firewall Management Center at:
https://

A. Disable the proxy setting on the client browser.

B. Disable the HTTPS server and use HTTP.

C. Enable HTTPS in the device platform policy.

D. Enable the proxy setting in the device platform policy.

Within an organization’s high availability environment where both firewalls are passing traffic, traffic must be segmented based on which department it is destined for. Each department is situated on a different LAN. What must be configured to meet these requirements?

A. redundant interfaces

B. span EtherChannel clustering

C. high availability active/standby firewalls

D. multi-instance firewalls

An organization is implementing Cisco FTD using transparent mode in the network. Which rule in the default Access Control Policy ensures that this deployment does not create a loop in the network?

A. Multicast and broadcast packets are denied by default

B. STP BPDU packets are allowed by default.

C. ARP inspection is enabled by default.

D. ARP packets are allowed by default.

Refer to the exhibit. An engineer is analyzing a Network Risk Report from Cisco FMC. Which application must the engineer take immediate action against to prevent unauthorized network use?

A. YouTube

B. TOR

C. Chrome

D. Kerberos

When a Cisco FTD device is configured in transparent firewall mode, on which two interface types can an IP address be configured? (Choose two.)

A. Physical

B. EtherChannel

C. Subinterface

D. BVI

E. Diagnostic

Which two dynamic routing protocols are supported in Cisco FTD without using FlexConfig? (Choose two.)

A. EIGRP

B. OSPF

C. static routing

D. IS-IS

E. BGP

An engineer is creating an URL object on Cisco FMC. How must it be configured so that the object will match for HTTPS traffic in an access control policy?

A. Specify the protocol to match (HTTP or HTTPS).

B. Use the FQDN including the subdomain for the website.

C. Use the subject common name from the website certificate.

D. Define the path to the individual webpage that uses HTTPS.

What is a characteristic of bridge groups on a Cisco FTD?

A. In routed firewall mode, routing between bridge groups is supported.

B. Routing between bridge groups is achieved only with a router-on-a-stick configuration on a connected router.

C. In routed firewall mode, routing between bridge groups must pass through a routed interface.

D. In transparent firewall mode, routing between bridge groups is supported.

A Cisco FTD has two physical interfaces assigned to a BVI. Each interface is connected to a different VLAN on the same switch. Which firewall mode is the Cisco FTD set up to support?

A. high availability clustering

B. active/active failover

C. transparent

D. routed

In a multi-tenant deployment where multiple domains are in use, which update should be applied outside of the Global Domain?

A. minor upgrade

B. local import of intrusion rules

C. Cisco Geolocation Database

D. local import of major upgrade

Which two actions can be used in an access control policy rule? (Choose two.)

A. Block with Reset

B. Monitor

C. Analyze

D. Discover

E. Block ALL

An administrator must fix a network problem whereby traffic from the inside network to a webserver is not getting through an instance of Cisco Secure Firewall Threat Defense. Which command must the administrator use to capture packets to the webserver that are dropped by Secure Firewall Threat Defense and resolve the issue?

A. capture CAP int INSIDE match ip any host WEBSERVERIP

B. capture CAP int OUTSIDE match ip any host WEBSERVERIP

C. capture CAP int INSIDE match tcp any 80 host WEBSERVERIP 80

D. capture CAP type asp-drop all headers-only

What are two features of bridge-group interfaces in Cisco FTD? (Choose two.)

A. The BVI IP address must be in a separate subnet from the connected network.

B. Bridge groups are supported in both transparent and routed firewall modes.

C. Bridge groups are supported only in transparent firewall mode.

D. Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.

E. Each directly connected network must be on the same subnet.

A security engineer needs to configure a network discovery policy on a Cisco FMC appliance and prevent excessive network discovery events from overloading the FMC database? Which action must be taken to accomplish this task?

A. Monitor only the default IPv4 and IPv6 network ranges.

B. Configure NetFlow exporters for monitored networks.

C. Change the network discovery method to TCP/SYN.

D. Exclude load balancers and NAT devices in the policy.

An engineer wants to connect a single IP subnet through a Cisco FTD firewall and enforce policy. There is a requirement to present the internal IP subnet to the outside as a different IP address. What must be configured to meet these requirements?

A. Configure the Cisco FTD firewall in routed mode with NAT enabled.

B. Configure the upstream router to perform NAT.

C. Configure the Cisco FTD firewall in transparent mode with NAT enabled.

D. Configure the downstream router to perform NAT.

Which limitation applies to Cisco FMC dashboards in a multi-domain environment?

A. Child domains are able to view but not edit dashboards that originate from an ancestor domain.

B. Child domains have access to only a limited set of widgets from ancestor domains.

C. Only the administrator of the top ancestor domain is able to view dashboards.

D. Child domains are not able to view dashboards that originate from an ancestor domain.

A mid-sized company is experiencing higher network bandwidth utilization due to a recent acquisition. The network operations team is asked to scale up their one
Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth. Which design option should be used to accomplish this goal?

A. Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance.

B. Deploy multiple Cisco FTD appliances in firewall clustering mode to increase performance.

C. Deploy multiple Cisco FTD appliances using VPN load-balancing to scale performance.

D. Deploy multiple Cisco FTD HA pairs to increase performance.

Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?

A. a default DMZ policy for which only a user can change the IP addresses.

B. deny ip any

C. no policy rule is included

D. permit ip any

An administrator is attempting to remotely log into a switch in the data center using SSH and is unable to connect. How does the administrator confirm that traffic is reaching the firewall?

A. by performing a packet capture on the firewall

B. by attempting to access it from a different workstation

C. by running Wireshark on the administrator’s PC

D. by running a packet tracer on the firewall

Cisco SecureX is classified as which type of threat detection and response solution?

A. MDR

B. EDR

C. XDR

D. NDR

When an engineer captures traffic on a Cisco Secure Firewall Threat Defense device to troubleshoot a connectivity problem, they receive a large amount of output data in the GUI tool. The engineer found that viewing the captures this way is time-consuming and difficult to sort and filter. Which file type must the engineer export the data in so that it can be reviewed using a tool built for this type of analysis?

A. NetFlow v9

B. PCAP

C. IPFIX

D. NetFlow v5

Which two packet captures does the FTD LINA engine support? (Choose two.)

A. Layer 7 network ID

B. source IP

C. application ID

D. dynamic firewall importing

E. protocol

An administrator is working on a migration from Cisco ASA to the Cisco FTD appliance and needs to test the rules without disrupting the traffic. Which policy type should be used to configure the ASA rules during this phase of the migration?

A. Prefilter

B. Intrusion

C. Access Control

D. Identity

A company is deploying a Cisco Secure IPS device configured in inline mode with a single Interface set that contains four interface pairs. Which two configurations must be implemented to allow the IPS device to uniquely identify packet flows and prevent the reporting of duplicate traffic and false positives? (Choose two.)

A. Set the source SPAN ports to tx only on the switches connected to the IPS interfaces

B. Modify the security zones used by the Cisco Secure IPS device

C. Change the MTU for the inline set to at least 1518

D. Reconfigure access rules to drop all but the first occurrence of the packet

E. Reassign the interface pairs to separate inline sets

Which two remediation options are available when Cisco FMC is integrated with Cisco ISE? (Choose two.)

A. dynamic null route configured

B. DHCP pool disablement

C. quarantine

D. port shutdown

E. host shutdown

DRAG DROP
-
Drag and drop the configuration steps from the left into the sequence on the right to enable external authentication on Cisco FMC to a RADIUS server.
 

An engineer is configuring a Cisco FTD appliance in IPS-only mode and needs to utilize fail-to-wire interfaces. Which interface mode should be used to meet these requirements?

A. passive

B. routed

C. transparent

D. inline set

In which two places are thresholding settings configured? (Choose two.)

A. on each IPS rule

B. globally, within the network analysis policy

C. globally, per intrusion policy

D. on each access control rule

E. per preprocessor, within the network analysis policy

A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the application rules?

A. utilizing a dynamic ACP that updates from Cisco Talos

B. creating a unique ACP per device

C. utilizing policy inheritance

D. creating an ACP with an INSIDE_NET network object and object overrides

Which rule action is only available in Snort 3?

A. Pass

B. Generate

C. Alert

D. Rewrite

An engineer runs the command restore remote-manager-backup location 2.2.2.2 admin/Volume/home/admin FTD411247145.zip on a Cisco FMC. After connecting to the repository, the Cisco FTD device is unable to accept the backup file. What is the reason for this failure?

A. The wrong IP address is used.

B. The directory location is incorrect.

C. The backup file is not in .cfg format.

D. The backup file extension was changed from .tar to .zip.

A network administrator is configuring SNORT inspection policies and is seeing failed deployment messages in Cisco FMC. What information should the administrator generate for Cisco TAC to help troubleshoot?

A. A ג€troubleshootג€ file for the device in question.

B. A ג€show techג€ file for the device in question.

C. A ג€troubleshootג€ file for the Cisco FMC.

D. A ג€show techג€ for the Cisco FMC.

An engineer must configure a Cisco FMC dashboard in a multidomain deployment. Which action must the engineer take to edit a report template from an ancestor domain?

A. Copy it to the current domain.

B. Add it as a separate widget.

C. Change the document attributes.

D. Assign themselves ownership of it.

An engineer attempts to pull the configuration for a Cisco FTD sensor to review with Cisco TAC but does not have direct access to the CLI for the device. The CLI for the device is managed by Cisco FMC to which the engineer has access. Which action in Cisco FMC grants access to the CLI for the device?

A. Create a backup of the configuration within the Cisco FMC.

B. Download the configuration file within the File Download section of Cisco FMC.

C. Export the configuration using the Import/Export tool within Cisco FMC.

D. Use the show run all command in the Cisco FTD CLI feature within Cisco FMC.

An administrator configures new threat intelligence sources and must validate that the feeds are being downloaded and that the intelligence is being used within the Cisco Secure Firewall system. Which action accomplishes the task?

A. Look at the connection security intelligence events

B. Use the source status indicator to validate the usage

C. View the threat intelligence observables to see the downloaded data

D. Look at the access control policy to validate that the intelligence is being used

Which report template field format is available in Cisco FMC?

A. box lever chart

B. arrow chart

C. bar chart

D. benchmark chart

A network security engineer must replace a faulty Cisco FTD device in a high availability pair. Which action must be taken while replacing the faulty unit?

A. Ensure that the faulty Cisco FTD device remains registered to the Cisco FMC

B. Shut down the active Cisco FTD device before powering up the replacement unit

C. Shut down the Cisco FMC before powering up the replacement unit

D. Unregister the faulty Cisco FTD device from the Cisco FMC

A company is deploying intrusion protection on multiple Cisco FTD appliances managed by Cisco FMC. Which system-provided policy must be selected if speed and detection are priorities?

A. Maximum Detection

B. Connectivity Over Security

C. Security Over Connectivity

D. Balanced Security and Connectivity

A network engineer is planning on deploying a Cisco Secure Firewall Threat Defense Virtual appliance in transparent mode. Which two virtual environments support this configuration? (Choose two.)

A. OSI

B. AWS

C. GCP

D. KVM

E. ESXi

An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events are filling the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configuration change must be made to alleviate this issue?

A. Exclude load balancers and NAT devices.

B. Leave default networks.

C. Increase the number of entries on the NAT device.

D. Change the method to TCP/SYN.

A Cisco FMC administrator wants to configure fastpathing of trusted network traffic to increase performance. In which type of policy would the administrator configure this feature?

A. Network Analysis policy

B. Identity policy

C. Prefilter policy

D. Intrusion policy

What is the result a specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?

A. The rate-limiting rule is disabled.

B. Matching traffic is not rate limited.

C. The system rate-limits all traffic.

D. The system repeatedly generates warnings.

Encrypted Visibility Engine (EVE) is enabled under which tab on an access control policy in Cisco Secure Firewall Management Center?

A. Network Analysis Policy

B. SSL

C. Advanced

D. Security Intelligence

An administrator is creating interface objects to better segment their network but is having trouble adding interfaces to the objects. What is the reason for this failure?

A. The interfaces are being used for NAT for multiple networks

B. The administrator is adding interfaces of multiple types

C. The administrator is adding an interface that is in multiple zones

D. The interfaces belong to multiple interface groups

Which object type supports object overrides?

A. time range

B. security group tag

C. network object

D. DNS server group

Which two features can be used with Cisco Secure Firewall Threat Defense remote access VPN? (Choose two.)

A. enable Duo two-factor authentication using LDAPS

B. support for Cisco Secure Firewall 4100 Series in cluster mode

C. SSL remote access VPN supports port sharing with other Cisco FTD features using SSL port 443

D. use of license utilization for zero-touch network deployment

E. support for Rapid Threat Containment using RADIUS dynamic authorization

An organization is installing a new Cisco FTD appliance in the network. An engineer is tasked with configuring access between two network segments within the same IP subnet. Which step is needed to accomplish this task?

A. Specify a name for the bridge group.

B. Assign an IP address to the Bridge Virtual Interface.

C. Permit BPDU packets to prevent loops.

D. Add a separate bridge group for each segment.

The administrator notices that there is malware present with an .exe extension and needs to verify if any of the systems on the network are running the executable file. What must be configured within Cisco AMP for Endpoints to show this data?

A. vulnerable software

B. file analysis

C. threat root cause

D. prevalence

An engineer is implementing Cisco FTD in the network and is determining which Firepower mode to use. The organization needs to have multiple virtual
Firepower devices working separately inside of the FTD appliance to provide traffic segmentation. Which deployment mode should be configured in the Cisco
Firepower Management Console to support these requirements?

A. multi-instance

B. multiple deployment

C. single deployment

D. single-context

Refer to the exhibit. A security engineer must improve security in an organization and is producing a risk mitigation strategy to present to management for approval. Which action must the security engineer take based on this Attacks Risk Report?

A. Block NetBIOS.

B. Inspect TCP port 80 traffic.

C. Block Internet Explorer.

D. Inspect DNS traffic.