examen 3

Which action should be taken after editing an object that is used inside an access control policy?. Delete the existing object in use. Refresh the Cisco FMC GUI for the access control policy. Redeploy the updated configuration. Create another rule using a different object name.

Which function is the primary function of Cisco AMP threat Grid? (Choose two). it analyzes copies of packets from the packet flow. The device is deployed in a passive configuration. if a rule is triggered the device generates an intrusion event. The packet flow traverses the device. If a rule is triggered the device drops the packet.

When using Cisco AMP for Networks, which feature copies a file to the Cisco AMP cloud for analysis?. Spero analysis. dynamic analysis. sandbox analysis. malware analysis.

Which report template field format is available in Cisco FMC?. box lever chart. arrow chart. bar chart. benchmark chart.

Which group within Cisco does the Threat Response team use for threat analysis and research?. Cisco Deep Analytics. OpenDNS Group. Cisco Network Response. Cisco Talos.

Which CLI command is used to generate firewall debug messages on a Cisco Firepower?. system support firewall-engine-debug. system support ssl-debug. system support platform. system support dump-table.

Which command-line mode is supported from the Cisco Firepower Management Center CLI?. privileged. configured. configuration. admin.

Which command is entered in the Cisco FMC CLI to generate a troubleshooting file?. show running-config. show tech-support chassis. system support diagnostic-cli. sudo sf_troubleshoot.pl.

With Cisco FTD integrated routing and bridging, which interface does the bridge group use to communicate with a routed interface?. switch virtual. bridge group member. bridge virtual. subinterface.

A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet. How is this accomplished on an FTD device in routed mode?. by leveraging the ARP to direct traffic through the firewall. by assigning an inline set interface. by using a BVI and create a BVI IP address in the same subnet as the user segment. by bypassing protocol inspection by leveraging pre-filter rules.

Refer to the exhibit. An engineer is analyzing the Attacks Risk Report and finds that there are over 300 instances of new operating systems being seen on the network. How is the Firepower configuration updated to protect these new operating systems?. Cisco Firepower automatically updates the policies. The administrator requests a Remediation Recommendation Report from Cisco Firepower. Cisco Firepower gives recommendations to update the policies. The administrator manually updates the policies.

A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules?. utilizing policy inheritance. utilizing a dynamic ACP that updates from Cisco Talos. creating a unique ACP per device. creating an ACP with an INSIDE_NET network object and object overrides.

An administrator is working on a migration from Cisco ASA to the Cisco FTD appliance and needs to test the rules without disrupting the traffic. Which policy type should be used to configure the ASA rules during this phase of the migration?. identity. intrusion. access control. prefilter.

An engineer currently has a Cisco FTD device registered to the Cisco FMC and is assigned the address of 10 10.50.12. The organization is upgrading the addressing schemes and there is a requirement to convert the addresses to a format that provides an adequate amount of addresses on the network. What should the engineer do to ensure that the new addressing takes effect and can be used for the Cisco FTD to Cisco FMC connection?. Delete and reregister the device to Cisco FMC. Update the IP addresses from iFV4 to iPv6 without deleting the device from Cisco FMC. Format and reregister the device to Cisco FMC. Cisco FMC does not support devices that use iPv4 IP addresses.

After using Firepower for some time and learning about how it interacts with the network, an administrator is trying to correlate malicious activity with a user. Which widget should be configured to provide this visibility on the Cisco Firepower dashboards?. Custom Analysis. Current Status. Current Sessions. Correlation Events.

An administrator is attempting to remotely log into a switch in the data centre using SSH and is unable to connect. How does the administrator confirm that traffic is reaching the firewall?. by running Wireshark on the administrator’s PC. by performing a packet capture on the firewall. by running a packet tracer on the firewall. by attempting to access it from a different workstation.

An engineer is configuring a second Cisco FMC as a standby device but is unable to register with the active unit. What is causing this issue?. The primary FMC currently has devices connected to it. The code versions running on the Cisco FMC devices are different. The licensing purchased does not include high availability. There is only 10 Mbps of bandwidth between the two devices.

The event dashboard within the Cisco FMC has been inundated with low priority intrusion drop events, which are overshadowing high priority events. An engineer has been tasked with reviewing the policies and reducing the low priority events. Which action should be configured to accomplish this task?. generate events. drop packet. drop connection. drop and generate.

An engineer is implementing Cisco FTD in the network and is determining which Firepower mode to use. The organization needs to have multiple virtual Firepower devices working separately inside of the FTD appliance to provide traffic segmentation. Which deployment mode should be configured in the Cisco Firepower Management Console to support these requirements?. multiple deployment. single-context. single deployment. multi-instance.

An engineer is configuring a cisco FTD appliance in iPS-only mode and needs to utilize fail- to- wire interfaces. Which interface mode should be used to meet these requirements?. transparent. routed. passive. inline set.

An engineer is troubleshooting application failures through a FTD deployment. While using the FMC CLI, it has been determined that the traffic in QoS not matching the desired policy. What should be done to correct this?. Use the system support firewall-engine-debug command to determine which rules the traffic matching and modify the rule accordingly. Use the system support application-identification-debug command to determine which rules the traffic matching and modify the rule accordingly. Use the system support firewall-engine-dump-user-f density-data command to change the policy and allow the application through the firewall. Use the system support network-options command to fine tune the policy.

An engineer has been asked to show application usages automatically on a monthly basis and send the information to management. What mechanism should be used to accomplish this task?. event viewer. reports. dashboards. context explorer.

An organization has noticed that malware was downloaded from a website that does not currently have a known bad reputation. How will this issue be addresses globally in the quickest way possible and with the least amount of impact?. by denying outbound web access. Cisco Talos will automatically update the policies. by isolating the endpoint. by creating a URL object in the policy to block the website.

An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behavior. How is this accomplished?. Modify the network discovery policy to detect new hosts to inspect. Modify the access control policy to redirect interesting traffic to the engine. Modify the intrusion policy to determine the minimum severity of an event to inspect. Modify the network analysis policy to process the packets for inspection.

A hospital network needs to upgrade their Cisco FMC managed devices and needs to ensure that a disaster recovery process is in place. What must be done in order to minimize downtime on the network?. Configure a second circuit to an ISP for added redundancy. Keep a copy of the current configuration to use as backup. Configure the Cisco FMCs for failover. Configure the Cisco FMC managed devices for clustering.

An engineer is monitoring network traffic from their sales and product development departments, which are on two separate networks. What must be configured in order to maintain data privacy for both departments?. Use a dedicated IPS inline set for each department to maintain traffic separation. Use 802 1Q mime set Trunk interfaces with VLANs to maintain logical traffic separation. Use passive IDS ports for both departments. Use one pair of inline set in TAP mode for both departments.

A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface. What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?. The destination MAC address is optional if a VLAN ID value is entered. Only the UDP packet type is supported. The output format option for the packet logs unavailable. The VLAN ID and destination MAC address are optional.

What is a characteristic of bridge groups on a Cisco FTD?. in routed firewall mode, routing between bridge groups must pass through a routed interface. in routed firewall mode, routing between bridge groups is supported. in transparent firewall mode, routing between bridge groups is supported. Routing between bridge groups is achieved only with a router-on-a-stick configuration on a connected router.

Network traffic coining from an organization’s CEA. must never be denied. Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic?. Configure firewall bypass. Change the intrusion policy from security to balance. Configure a trust policy for the CEO. Create a NAT policy just for the CEO.

An organization has a compliance requirement to protect servers from clients, however, the clients and servers all reside on the same Layer 3 network. Without readdressing IP subnets for clients or servers, how is segmentation achieved?. Deploy a firewall in transparent mode between the clients and servers. Change the IP addresses of the clients, while remaining on the same subnet. Deploy a firewall in routed mode between the clients and servers. Change the IP addresses of the servers, while remaining on the same subnet.

In a multi-tenant deployment where multiple domains are in use. Which update should be applied outside of the Global Domain?. minor upgrade. local import of intrusion rules. Cisco Geolocation Database. local import of major upgrade.

A mid-sized company is experiencing higher network bandwidth utilization due to a recent acquisition. The network operations team is asked to scale up their one Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth. Which design option should be used to accomplish this goal?. Deploy multiple Cisco FTD appliances in firewall clustering mode to increase performance. Deploy multiple Cisco FTD appliances using VPN load-balancing to scale performance. Deploy multiple Cisco FTD HA pairs to increase performance. Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance.

An organization has seen a lot of traffic congestion on their links going out to the internet. There is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving the enterprise. How is the congestion alleviated so that legitimate business traffic reaches the destination?. Create a flexconfig policy to use WCCP for application aware bandwidth limiting. Create a VPN policy so that direct tunnels are established to the business applications. Create a NAT policy so that the Cisco Firepower device does not have to translate as many addresses. Create a QoS policy rate-limiting high bandwidth applications.

An engineer configures an access control rule that deploys file policy configurations to security zone or tunnel zones, and it causes the device to restart. What is the reason for the restart?. Source or destination security zones in the access control rule matches the security zones that are associated with interfaces on the target devices. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the destination policy. Source or destination security zones in the source tunnel zone do not match the security zones that are associated with interfaces on the target devices. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the source policy.

An engineer is attempting to create a new dashboard within the Cisco FMC to have a single view with widgets from many of the other dashboards. The goal is to have a mixture of threat and security related widgets along with Cisco Firepower device health information. Which two widgets must be configured to provide this information? (Choose two). intrusion Events. Correlation information. Appliance Status. Current Sessions. Network Compliance.

An organization is setting up two new Cisco FTD devices to replace their current firewalls and cannot have any network downtime. During the setup process, the synchronization between the two devices is failing. What action is needed to resolve this issue?. Confirm that both devices have the same port-channel numbering. Confirm that both devices are running the same software version. Confirm that both devices are configured with the same types of interfaces. Confirm that both devices have the same flash memory sizes.

There is an increased amount of traffic on the network and for compliance reasons, management needs visibility into the encrypted traffic. What is a result of enabling TLS/SSL decryption to allow this visibility?. it prompts the need for a corporate managed certificate. it has minimal performance impact. it is not subject to any Privacy regulations. it will fail if certificate pinning is not enforced.

An organization wants to secure traffic from their branch office to the headquarter building using Cisco Firepower devices, They want to ensure that their Cisco Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements. Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies. Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic. Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic. Tune the intrusion policies in order to allow the VPN traffic through without inspection.

A network administrator is seeing an unknown verdict for a file detected by Cisco FTD. Which malware policy configuration option must be selected in order to further analyse the file in the Talos cloud?. Spero analysis. Malware analysis. Dynamic analysis. Sandbox analysis.

An engineer has been tasked with providing disaster recovery for an organization’s primary Cisco FMC. What must be done on the primary and secondary Cisco FMCs to ensure that a copy of the original corporate policy is available if the primary Cisco FMC fails?. Configure high-availability in both the primary and secondary Cisco FMCs. Connect the primary and secondary Cisco FMC devices with Category 6 cables of not more than 10 meters in length. Place the active Cisco FMC device on the same trusted management network as the standby device. Restore the primary Cisco FMC backup configuration to the secondary Cisco FMC device when the primary device fails.

Refer to the exhibit. An organization has an access control rule with the intention of sending all social media traffic for inspection. After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed. What must be done to address this issue?. Modify the selected application within the rule. Change the intrusion policy to connectivity over security. Modify the rule action from trust to allow. Add the social network URLs to the block list.

A user within an organization opened a malicious file on a workstation which in turn caused a ransomware attack on the network. What should be configured within the Cisco FMC to ensure the file is tested for viruses on a sandbox system?. Capacity handling. Local malware analysis. Spere analysis. Dynamic analysis.

An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events filing the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configuration change must be made to alleviate this issue?. Leave default networks. Change the method to TCP/SYN. increase the number of entries on the NAT device. Exclude load balancers and NAT devices.

A network administrator is configuring SNORT inspection policies and is seeing failed deployment messages in Cisco FMC. What information should the administrator generate for Cisco TAC to help troubleshoot?. A Troubleshoot” file for the device in question. A “show tech” file for the device in question. A “show tech” for the Cisco FMC. A “troubleshoot” file for the Cisco FMC.

A network engineer is receiving reports of users randomly getting disconnected from their corporate applications which traverses the data center FTD appliance Network monitoring tools show that the FTD appliance utilization is peaking above 90% of total capacity. What must be done in order to further analyze this issue?. Use the Packet Export feature to save data onto external drives. Use the Packet Capture feature to collect real-time network traffic. Use the Packet Tracer feature for traffic policy analysis. Use the Packet Analysis feature for capturing network data.

IT management is asking the network engineer to provide high-level summary statistics of the Cisco FTD appliance in the network. The business is approaching a peak season so the need to maintain business uptime is high. Which report type should be used to gather this information?. Malware Report. Standard Report. SNMP Report. Risk Report.

An administrator is looking at some of the reporting capabilities for Cisco Firepower and noticed this section of the Network Risk report showing a lot of SSL activity that cloud be used for evasion. Which action will mitigate this risk?. Use SSL decryption to analyze the packets. Use encrypted traffic analytics to detect attacks. Use Cisco AMP for Endpoints to block all SSL connection. Use Cisco Tetration to track SSL connections to servers.

An administrator is setting up Cisco Firepower to send data to the Cisco Stealthwatch appliances. The NetFlow_Set_Parameters object is already created, but NetFlow is not being sent to the flow collector. What must be done to prevent this from occurring?. Add the NetFlow_Send_Destination object to the configuration. Create a Security intelligence object to send the data to Cisco Stealthwatch. Create a service identifier to enable the NetFlow service. Add the NetFlow_Add_Destination object to the configuration.

With a recent summer time change, system logs are showing activity that occurred to be an hour behind real time. Which action should be taken to resolve this issue?. Manually adjust the time to the correct hour on all managed devices. Configure the system clock settings to use NTP with Daylight Savings checked. Manually adjust the time to the correct hour on the Cisco FMC. Configure the system clock settings to use NTP.

What must be done to fix access to this website while preventing the same communication to all other websites?. Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1.50. Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50. Create an access control policy rule to allow port 443 to only 172.1.1.50. Create an access control policy rule to allow port 80 to only 172.1.1.50.

A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisc FMC generated an alert for the malware event, however the user still remained connected. Which Cisco APM file rule action within the Cisco FMC must be set to resolve this issue?. Detect Files. Malware Cloud Lookup. Local Malware Analysis. Reset Connection.

Which feature within the Cisco FMC web interface allows for detecting, analyzing and blocking malware in network traffic?. intrusion and file events. Cisco AMP for Endpoints. Cisco AMP for Networks. file policies.

Which license type is required on Cisco ISE to integrate with Cisco FMC pxGrid?. mobility. plus. base. apex.

A network engineer wants to add a third-party threat feed into the Cisco FMC for enhanced threat detection Which action should be taken to accomplish this goal?. Enable Threat intelligence Director using STIX and TAXII. Enable Rapid Threat Containment using REST APis. Enable Threat intelligence Director using REST APis. Enable Rapid Threat Containment using STIX and TAXII.

What is a feature of Cisco AMP private cloud?. it supports anonymized retrieval of threat intelligence. it supports security intelligence filtering. it disables direct connections to the public cloud. it performs dynamic analysis.

An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware. Which two configuration tasks must be performed to achieve this file lookup? (Choose two). The Cisco FMC needs to include a SSL decryption policy. The Cisco FMC needs to connect to the Cisco AMP for Endpoints service. The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing. The Cisco FMC needs to connect with the FireAMP Cloud. The Cisco FMC needs to include a file inspection policy for malware lookup.

An engineer is restoring a Cisco FTD configuration from a remote backup using the command restore remote-manager-backup location 1.1.1.1 admin /volume/home/admin BACKUP_Cisc394602314.zip on a Cisco FMG. After connecting to the repository, an error occurred that prevents the FTD device from accepting the backup file.. What is the problem?. The backup file is not in .cfg format. The backup file is too large for the Cisco FTD device. The backup file extension was changed from tar to zip. The backup file was not enabled prior to being applied.

A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash. Which configuration is needed to mitigate this threat?. Add the hash to the simple custom deletion list. Use regular expressions to block the malicious file. Enable a personal firewall in the infected endpoint. Add the hash from the infected endpoint to the network block list.

An organization has a Cisco IPS running in inline mode and is inspecting traffic for malicious activity. When traffic is received by the Cisco IRS, if it is not dropped, how does the traffic get to its destination?. it is retransmitted from the Cisco IPS inline set. The packets are duplicated and a copy is sent to the destination. it is transmitted out of the Cisco IPS outside interface. it is routed back to the Cisco ASA interfaces for transmission.

A network administrator is concerned about (he high number of malware files affecting users’ machines. What must be done within the access control policy in Cisco FMC to address this concern?. Create an intrusion policy and set the access control policy to block. Create an intrusion policy and set the access control policy to allow. Create a file policy and set the access control policy to allow. Create a file policy and set the access control policy to block.

An engineer is investigating connectivity problems on Cisco Firepower that is using service group tags. Specific devices are not being tagged correctly, which is preventing clients from using the proper policies when going through the firewall How is this issue resolved?. Use traceroute with advanced options. Use Wireshark with an IP subnet filter. Use a packet capture with match criteria. Use a packet sniffer with correct filtering.

An organization must be able to ingest NetFlow traffic from their Cisco FTD device to Cisco Stealthwatch for behavioral analysis. What must be configured on the Cisco FTD to meet this requirement?. flexconfig object for NetFlow. interface object to export NetFlow. security intelligence object for NetFlow. variable set object for NetFlow.

An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs Each DMZ has a unique private IP subnet range. How is this requirement satisfied?. Deploy the firewall in transparent mode with access control policies. Deploy the firewall in routed mode with access control policies. Deploy the firewall in routed mode with NAT configured. Deploy the firewall in transparent mode with NAT configured.

An engineer must build redundancy into the network and traffic must continuously flow if a redundant switch in front of the firewall goes down. What must be configured to accomplish this task?. redundant interfaces on the firewall cluster mode and switches. redundant interfaces on the firewall noncluster mode and switches. vPC on the switches to the interface mode on the firewall duster. vPC on the switches to the span EtherChannel on the firewall cluster.

A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet. How is this accomplished on an FTD device in routed mode?. by assigning an inline set interface. by using a BVI and creating a BVI IP address in the same subnet as the user segment. by leveraging the ARP to direct traffic through the firewall. by bypassing protocol inspection by leveraging pre-filter rules.

An engineer is configuring a Cisco FTD appliance in IPS-only mode and needs to utilize fail-to-wire interfaces. Which interface mode should be used to meet these requirements?. passive. routed. transparent. inline set.

While configuring FTD, a network engineer wants to ensure that traffic passing though the appliance does not require routing or VLAN rewriting. Which interface mode should the engineer implement to accomplish this task?. inline set. passive. transparent. inline tap.

In a multi-tenant deployment where multiple domains are in use, which update should be applied outside of the Global Domain?. minor upgrade. local import of intrusion rules. Cisco Geolocation Database. local import of major upgrade.

An organization has a compliancy requirement to protect servers from clients, however, the clients and servers all reside on the same Layer 3 network. Without readdressing IP subnets for clients or servers, how is segmentation achieved?. Change the IP addresses of the servers, while remaining on the same subnet. Deploy a firewall in routed mode between the clients and servers. Change the IP addresses of the clients, while remaining on the same subnet. Deploy a firewall in transparent mode between the clients and servers.