Which command-line mode is supported from the Cisco FMC CLI?

A. privileged

B. user

C. configuration

D. admin

Refer to the exhibit. A systems administrator conducts a connectivity test to their SCCM server from a host machine and gets no response from the server. Which action ensures that the ping packets reach the destination and that the host receives replies?

A. Configure a custom Snort signature to allow ICMP traffic after inspection.

B. Modify the Snort rules to allow ICMP traffic.

C. Create an access control policy rule that allows ICMP traffic.

D. Create an ICMP allow list and add the ICMP destination to remove it from the implicit deny list.

Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two.)

A. same flash memory size

B. same NTP configuration

C. same DHCP/PPoE configuration

D. same host name

E. same number of interfaces

Which Cisco Firepower rule action displays an HTTP warning page?

A. Monitor

B. Block

C. Interactive Block

D. Allow with Warning

Which Cisco Firepower feature is used to reduce the number of events received in a period of time?

A. rate-limiting

B. suspending

C. correlation

D. thresholding

Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high-availability?

A. configure high-availability resume

B. configure high-availability disable

C. system support network-options

D. configure high-availability suspend

Which two actions can be used in an access control policy rule? (Choose two.)

A. Block with Reset

B. Monitor

C. Analyze

D. Discover

E. Block ALL

Which two deployment types support high availability? (Choose two.)

A. transparent

B. routed

C. clustered

D. intra-chassis multi-instance

E. virtual appliance in public cloud

A network administrator is reviewing a packet capture. The packet capture from inside of Cisco Secure Firewall Threat Defense shows the inbound TCP traffic. However, the outbound TCP traffic is not seen in the packet capture from outside Secure Firewall Threat Defense. Which configuration change resolves the issue?

A. Packet capture must include UDP traffic.

B. Inside interface must be assigned a higher security level.

C. Route to the destination must be added.

D. Inside interface must be assigned a lower security level.

An engineer must build redundancy into the network and traffic must continuously flow if a redundant switch in front of the firewall goes down. What must be configured to accomplish this task?

A. redundant interfaces on the firewall cluster mode and switches

B. redundant interfaces on the firewall noncluster mode and switches

C. vPC on the switches to the interface mode on the firewall cluster

D. vPC on the switches to the span EtherChannel on the firewall cluster

An engineer is configuring a Cisco Secure Firewall Threat Defense device and wants to create a new intrusion rule based on the detection of a specific pattern in the data payload for a new zero-day exploit. Which keyword type must be used to add a line that identifies the author of the rule and the date it was created?

A. gtp_info

B. metadata

C. reference

D. content

An engineer attempts to pull the configuration for a Cisco FTD sensor to review with Cisco TAC but does not have direct access to the CLI for the device. The CLI for the device is managed by Cisco FMC to which the engineer has access. Which action in Cisco FMC grants access to the CLI for the device?

A. Create a backup of the configuration within the Cisco FMC.

B. Download the configuration file within the File Download section of Cisco FMC.

C. Export the configuration using the Import/Export tool within Cisco FMC.

D. Use the show run all command in the Cisco FTD CLI feature within Cisco FMC.

In a Cisco AMP for Networks deployment, which disposition is returned if the cloud cannot be reached?

A. unavailable

B. unknown

C. clean

D. disconnected

With a recent summer time change, system logs are showing activity that occurred to be an hour behind real time. Which action should be taken to resolve this issue?

A. Manually adjust the time to the correct hour on all managed devices.

B. Configure the system clock settings to use NTP with Daylight Savings checked.

C. Configure the system clock settings to use NTP.

D. Manually adjust the time to the correct hour on the Cisco FMC.

A mid-sized company is experiencing higher network bandwidth utilization due to a recent acquisition. The network operations team is asked to scale up their one
Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth. Which design option should be used to accomplish this goal?

A. Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance.

B. Deploy multiple Cisco FTD appliances in firewall clustering mode to increase performance.

C. Deploy multiple Cisco FTD appliances using VPN load-balancing to scale performance.

D. Deploy multiple Cisco FTD HA pairs to increase performance.

An administrator is configuring their transparent Cisco FTD device to receive ERSPAN traffic from multiple switches on a passive port, but the Cisco FTD is not processing the traffic. What is the problem?

A. The switches do not have Layer 3 connectivity to the FTD device for GRE traffic transmission.

B. The switches were not set up with a monitor session ID that matches the flow ID defined on the Cisco FTD.

C. The Cisco FTD must be in routed mode to process ERSPAN traffic.

D. The Cisco FTD must be configured with an ERSPAN port not a passive port.

An engineer must configure a Cisco FMC dashboard in a child domain. Which action must be taken so that the dashboard is visible to the parent domain?

A. Adjust policy inheritance settings

B. Add a separate widget

C. Create a copy of the dashboard

D. Add a separate tab

An administrator receives reports that users cannot access a cloud-hosted web server. The access control policy was recently updated with several new policy additions and URL filtering. What must be done to troubleshoot the issue and restore access without sacrificing the organization's security posture?

A. Download a PCAP of the traffic attempts to verify the blocks and use the flexconfig objects to create a rule that allows only the required traffic to the destination server.

B. Identify the blocked traffic in the Cisco FMC connection events to validate the block, and modify the policy to allow the traffic to the web server.

C. Create a new access control policy rule to allow ports 80 and 443 to the FQDN of the web server.

D. Verify the blocks using the packet capture tool and create a rule with the action monitor for the traffic.

An engineer must investigate a connectivity issue from an endpoint behind a Cisco FTD device and a public DNS server. The endpoint cannot perform name resolution queries. Which action must the engineer perform to troubleshoot the issue by simulating real DNS traffic on the Cisco FTD while verifying the Snort verdict?

A. Use the Capture w/Trace wizard in Cisco FMC.

B. Run the system support firewall-engine-debug command from the FTD CLI.

C. Create a Custom Workflow in Cisco FMC.

D. Perform a Snort engine capture using tcpdump from the FTD CLI.

An engineer is configuring URL filtering for a Cisco FTD device in Cisco FMC. Users must receive a warning when they access http://www.badadultsite.com with the option of continuing to the website if they choose to. No other websites should be blocked. Which two actions must the engineer take to meet these requirements? (Choose two.)

A. On the HTTP Responses tab of the access control policy editor, set the Interactive Block Response Page to System-provided.

B. Configure the default action for the access control policy to Interactive Block.

C. Configure an access control rule that matches an URL object for http://www.badadultsite.com/ and set the action to Interactive Block.

D. Configure an access control rule that matches the Adult URL category and set the action to Interactive Block.

E. On the HTTP Responses tab of the access control policy editor, set the Block Response Page to Custom.

An engineer is configuring Cisco FMC and wants to limit the time allowed for processing packets through the interface. However, if the time is exceeded, the configuration must allow packets to bypass detection. What must be configured on the Cisco FMC to accomplish this task?

A. Cisco ISE Security Group Tag

B. Automatic Application Bypass

C. Inspect Local Traffic Bypass

D. Fast-Path Rules Bypass

Which connector is used to integrate Cisco ISE with Cisco FMC for Rapid Threat Containment?

A. pxGrid

B. FTD RTC

C. FMC RTC

D. ISEGrid

An engineer must define a URL object on Cisco FMC. What is the correct method to specify the URL without performing SSL inspection?

A. Include all URLs from CRL Distribution Points.

B. Use Subject Common Name value.

C. Specify all subdomains in the object group.

D. Specify the protocol in the object.

A Cisco FTD has two physical interfaces assigned to a BVI. Each interface is connected to a different VLAN on the same switch. Which firewall mode is the Cisco FTD set up to support?

A. high availability clustering

B. active/active failover

C. transparent

D. routed

Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked? (Choose two.)

A. application blocking

B. simple custom detection

C. file repository

D. exclusions

E. application allow listing

Users report that Cisco Duo 2FA fails when they attempt to connect to the VPN on a Cisco Secure Firewall Threat Defense (FTD) device. IT staff have VPN profiles that do not require multifactor authentication and they can connect to the VPN without any issues. When viewing the VPN troubleshooting log in Cisco Secure Firewall Management Center (FMC), the network administrator sees an error that the Cisco Duo AAA server has been marked as failed. What is the root cause of the issue?

A. AD Trust certificates are missing from the Secure FTD device.

B. Multifactor authentication is not supported on Secure FMC managed devices.

C. The internal AD server is unreachable from the Secure FTD device.

D. Duo trust certificates are missing from the Secure FTD device.

What is the maximum bit size that Cisco FMC supports for HTTPS certificates?

A. 1024

B. 8192

C. 4096

D. 2048

A security engineer manages a firewall console and an endpoint console and finds it challenging and time consuming to review events and modify blocking of specific files in both consoles. Which action must the engineer take to streamline this process?

A. Within the Cisco Secure Endpoint console, copy the connector GUID and paste into the Cisco Secure Firewall Management Center (FMC) AMP tab.

B. From the Cisco Secure Endpoint console, create and copy an API key and paste into the Cisco Secure AMP tab.

C. From the Secure FMC, create a Cisco Secure Endpoint object and reference the object in the Cisco Secure Endpoint console.

D. Initiate the integration between Secure FMC and Cisco Secure Endpoint from the Secure FMC using the AMP tab.

Which group within Cisco does the Threat Response team use for threat analysis and research?

A. Cisco Deep Analytics

B. OpenDNS Group

C. Cisco Network Response

D. Cisco Talos

A network engineer sets up a secondary Cisco FMC that is integrated with Cisco Security Packet Analyzer. What occurs when the secondary Cisco FMC synchronizes with the primary Cisco FMC?

A. The existing configuration for integration of the secondary Cisco FMC the Cisco Security Packet Analyzer is overwritten.

B. The synchronization between the primary and secondary Cisco FMC fails.

C. The existing integration configuration is replicated to the primary Cisco FMC.

D. The secondary Cisco FMC must be reintegrated with the Cisco Security Packet Analyzer after the synchronization.

An organization is setting up two new Cisco FTD devices to replace their current firewalls and cannot have any network downtime. During the setup process, the synchronization between the two devices is failing. What action is needed to resolve this issue?

A. Confirm that both devices are running the same software version.

B. Confirm that both devices are configured with the same types of interfaces.

C. Confirm that both devices have the same flash memory sizes.

D. Confirm that both devices have the same port-channel numbering.

Which limitation applies to Cisco FMC dashboards in a multi-domain environment?

A. Child domains are able to view but not edit dashboards that originate from an ancestor domain.

B. Child domains have access to only a limited set of widgets from ancestor domains.

C. Only the administrator of the top ancestor domain is able to view dashboards.

D. Child domains are not able to view dashboards that originate from an ancestor domain.

An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment?

A. in active/active mode

B. in a cluster span EtherChannel

C. in active/passive mode

D. in cluster interface mode

Refer to the exhibit. What must be done to fix access to this website while preventing the same communication to all other websites?

A. Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1.50.

B. Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50.

C. Create an access control policy rule to allow port 443 to only 172.1.1.50.

D. Create an access control policy rule to allow port 80 to only 172.1.1.50.

A security engineer must create a malware and file policy on a Cisco Secure Firewall Threat Defense device. The solution must ensure that PDF, DOCX, and XLSX files are not sent to Cisco Secure Malware Analytics. What must be configured to meet the requirements?

A. Spero analysis

B. local malware analysis

C. capacity handling

D. dynamic analysis

An administrator receives reports that users cannot access a cloud-hosted web server. The access control policy was recently updated with several new policy additions and URL filtering. What must be done to troubleshoot the issue and restore access without sacrificing the organization's security posture?

A. Download a PCAP of the traffic to verify the blocks and use the FlexConfig to override the existing policy.

B. Review the output in connection events to validate the block, and modify the policy to allow the traffic.

C. Create a new access control policy rule to allow ports 80 and 443 to the FQDN of the web server.

D. Verify the blocks using the packet capture tool and create a rule with the action monitor for the traffic.

A consultant is working on a project where the customer is upgrading from a single Cisco Firepower 2130 managed by FDM to a pair of Cisco Firepower 2130s managed by FMC for high availability. The customer wants the configuration of the existing device being managed by FDM to be carried over to FMC and then replicated to the additional device being added to create the high availability pair. Which action must the consultant take to meet this requirement?

A. The current FDM configuration must be configured by hand into FMC before the devices are registered.

B. The current FDM configuration must be migrated to FMC using the Secure Firewall Migration Tool.

C. The FTD configuration must be converted to ASA command format, which can then be migrated to FMC.

D. The current FDM configuration will be converted automatically into FMC when the device registers.

A security engineer is deploying a pair of primary and secondary Cisco FMC devices. The secondary must also receive updates from Cisco Talos. Which action achieves this goal?

A. Manually import rule updates onto the secondary Cisco FMC device.

B. Force failover for the secondary Cisco FMC to synchronize the rule updates from the primary.

C. Configure the primary Cisco FMC so that the rules are updated.

D. Configure the secondary Cisco FMC so that it receives updates from Cisco Talos.

Which object type supports object overrides?

A. time range

B. security group tag

C. network object

D. DNS server group

An engineer is configuring a custom application detector for HTTP traffic and wants to import a file that was provided by a third party. Which type of files are advanced application detectors created and uploaded as?

A. Perl script

B. NBAR protocol

C. LUA script

D. Python program

An engineer needs to configure remote storage on Cisco FMC. Configuration backups must be available from a secure location on the network for disaster recovery. Reports need to back up to a shared location that auditors can access with their Active Directory logins. Which strategy must the engineer use to meet these objectives?

A. Use NFS for both backups and reports.

B. Use SSH for backups and NFS for reports.

C. Use SMB for backups and NFS for reports.

D. Use SMB for both backups and reports.

Encrypted Visibility Engine (EVE) is enabled under which tab on an access control policy in Cisco Secure Firewall Management Center?

A. Network Analysis Policy

B. SSL

C. Advanced

D. Security Intelligence

An organization must be able to ingest NetFlow traffic from their Cisco FTD device to Cisco Stealthwatch for behavioral analysis. What must be configured on the
Cisco FTD to meet this requirement?

A. flexconfig object for NetFlow

B. interface object to export NetFlow

C. security intelligence object for NetFlow

D. variable set object for NetFlow

A network engineer wants to add a third-party threat feed into the Cisco FMC for enhanced threat detection. Which action should be taken to accomplish this goal?

A. Enable Rapid Threat Containment using REST APIs.

B. Enable Rapid Threat Containment using STIX and TAXII.

C. Enable Threat Intelligence Director using REST APIs.

D. Enable Threat Intelligence Director using STIX and TAXII.

A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly; however, return traffic is entering the firewall but not leaving it. What is the reason for this issue?

A. A manual NAT exemption rule does not exist at the top of the NAT table

B. An external NAT IP address is not configured

C. An external NAT IP address is configured to match the wrong interface

D. An object NAT exemption rule does not exist at the top of the NAT table

A company is deploying a Cisco Secure IPS device configured in inline mode with a single Interface set that contains four interface pairs. Which two configurations must be implemented to allow the IPS device to uniquely identify packet flows and prevent the reporting of duplicate traffic and false positives? (Choose two.)

A. Set the source SPAN ports to tx only on the switches connected to the IPS interfaces

B. Modify the security zones used by the Cisco Secure IPS device

C. Change the MTU for the inline set to at least 1518

D. Reconfigure access rules to drop all but the first occurrence of the packet

E. Reassign the interface pairs to separate inline sets

An engineer is configuring a Cisco IPS to protect the network and wants to test a policy before deploying it. A copy of each incoming packet needs to be monitored while traffic flow remains constant. Which IPS mode should be implemented to meet these requirements?

A. routed

B. passive

C. transparent

D. inline tap

A network administrator reviews the file report for the last month and notices that all file types, except exe, show a disposition of unknown. What is the cause of this issue?

A. Only Spero file analysis is enabled.

B. The Cisco FMC cannot reach the Internet to analyze files.

C. A file policy has not been applied to the access policy.

D. The malware license has not been applied to the Cisco FTD.

An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events are filling the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configuration change must be made to alleviate this issue?

A. Exclude load balancers and NAT devices.

B. Leave default networks.

C. Increase the number of entries on the NAT device.

D. Change the method to TCP/SYN.

A network administrator cannot select the link to be used for failover when configuring an active/passive HA Cisco FTD pair. Which configuration must be changed before setting up the high availability pair?

A. An IP address in the same subnet must be added to each Cisco FTD on the interface.

B. The interface name must be removed from the interface on each Cisco FTD.

C. The name Failover must be configured manually on the interface on each Cisco FTD.

D. The interface must be configured as part of a LACP Active/Active EtherChannel.