examen 4

What is the advantage of having Cisco Firepower devices send events to Cisco Threat Response via the security services exchange portal directly as opposed to using syslog?. All types of Cisco Firepower devices are supported. An on-premises proxy server does not need to be set up and maintained. Cisco Firepower devices do not need to be connected to the internet. Supports all devices that are running supported versions of Cisco Firepower.

An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment?. in active/active mode. in a cluster span EtherChannel. in active/passive mode. in cluster interface mode.

When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. it is currently configured to have more than one instance of the same device on the physical appliance. Which deployment mode meets the needs of the organization?. inline tap monitor-only mode. passive monitor-only mode. passive tap monitor-only mode. inline mode.

A network administrator notices that inspection has been interrupted on all non-managed interfaces of a device. What is the cause of this?. The value of the highest MTU assigned to any non-management interface was changed. The value of the highest MSS assigned to any non-management interface was changed. A passive interface was associated with a security zone. Multiple inline interface pairs were added to the same inline interface.

Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two). same flash memory size. same NTP configuration. same DHCP/PPoE configuration. same host name. same number of interfaces.

A network administrator is configuring Snort inspection policies and is seeing failed deployment messages in Cisco FMC. What information should the administrator generate for Cisco TAC to help troubleshoot?. A “show tech” file for the device in question. A “troubleshoot” file for the device in question. A “troubleshoot” file for the Cisco FMC. A “show tech” for the Cisco FMC.

An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching. Which action must be taken to meet these requirements?. Configure an IPS policy and enable per-rule logging. Disable the default IPS policy and enable global logging. Configure an IPS policy and enable global logging. Disable the default IPS policy and enable per-rule logging.

A network administrator needs to create a policy on Cisco Firepower to fast-path traffic to avoid Layer 7 inspection. The rate at which traffic is inspected must be optimized. What must be done to achieve this goal?. Enable the FXOS for multi-instance. Configure a prefilter policy. Configure modular policy framework. Disable TCP inspection.

A network engineer is tasked with minimising traffic interruption during peak traffic limes. When the SNORT inspection engine is overwhelmed, what must be configured to alleviate this issue?. Enable IPS inline link state propagation. Enable Pre-filter policies before the SNORT engine failure. Set a Trust ALL access control policy. Enable Automatic Application Bypass.

A VPN user is unable to conned lo web resources behind the Cisco FTD device terminating the connection. While troubleshooting, the network administrator determines that the DNS responses are not getting through the Cisco FTD. What must be done to address this issue while still utilizing Snort IPS rules?. Uncheck the “Drop when inline” box in the intrusion policy to allow the traffic. Modify the Snort rules to allow legitimate DNS traffic to the VPN users. Disable the intrusion rule threshes to optimize the Snort processing. Decrypt the packet after the VPN flow so the DNS queries are not inspected.

An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?. Modify the Cisco ISE authorization policy to deny this access to the user. Modify Cisco ISE to send only legitimate usernames to the Cisco FTD. Add the unknown user in the Access Control Policy in Cisco FTD. Add the unknown user in the Malware & File Policy in Cisco FTD.

Within an organization’s high availability environment where both firewalls are passing traffic, traffic must be segmented based on which department it is destined for. Each department is situated on a different LAN. What must be configured to meet these requirements?. redundant interfaces. span EtherChannel clustering. high availability active/standby firewalls. multi-instance firewalls.

An engineer is configuring a Cisco IPS to protect the network and wants to test a policy before deploying it. A copy of each incoming packet needs to be monitored while traffic flow remains constant. Which IPS mode should be implemented to meet these requirements?. routed. passive. transparent. inline tap.

A network security engineer must replace a faulty Cisco FTD device in a high availability pair. Which action must be taken while replacing the faulty unit?. Ensure that the faulty Cisco FTD device remains registered to the Cisco FMC. Shut down the active Cisco FTD device before powering up the replacement unit. Shut down the Cisco FMC before powering up the replacement unit. Unregister the faulty Cisco FTD device from the Cisco FMC.

An administrator is optimizing the Cisco FTD rules to improve network performance, and wants to bypass inspection for certain traffic types to reduce the load on the Cisco FTD. Which policy must be configured to accomplish this goal?. intrusion. prefilter. URL filtering. identity.

A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic. Which action accomplishes this task?. Configure IPS mode when creating or editing a policy rule under the Cisco FMC intrusion tab in Access Policies section by checking the “Drop when inline” option. Configure IPS mode when creating or editing a policy rule under the Cisco FMC intrusion tab in Access Policies section by unchecking the “Drop when inline” option. Configure iDS mode when creating or editing a policy rule under the Cisco FMC intrusion tab in Access Policies section by checking the “Drop when inline” option. Configure iDS mode when creating or editing a policy rule under the Cisco FMC intrusion tab in Access Policies section by unchecking the “Drop when inline” option.

An engineer is using the configure manager add <FMC IP> Cisc404225383 command to add a new Cisco FTD device to the Cisco FMC; however, the device is not being added. Why is this occurring?. DONOTRESOLVE must be added to the command. The IP address used should be that of the Cisco FTD, not the Cisco FMC. The registration key is missing from the command. The NAT ID is required since the Cisco FMC is behind a NAT device.

An engineer is configuring Cisco FMC and wants to allow multiple physical interfaces to be part of the same VLAN. The managed devices must be able to perform Layer 2 switching between interfaces, including subinterfaces. What must be configured to meet these requirements?. inter-chassis clustering VLAN. Cisco ISE Security Group Tag. interface-based VLAN switching. integrated routing and bridging.

An engineer must investigate a connectivity issue and decides to use the packet capture feature on Cisco FTD. The goal is to see the real packet going through the Cisco FTD device and see Snort detection actions as a part of the output. After the capture-traffic command is issued, only the packets are displayed. Which action resolves this issue?. Specify the trace using the -T option after the capture-traffic command. Perform the trace within the Cisco FMC GUI instead of the Cisco FMC CLI. Use the verbose option as a part of the capture-traffic command. Use the capture command and specify the trace option to get the required information.

An analyst using the security analyst account permissions is trying to view the Correlations Events Widget but is not able to access it. However, other dashboards are accessible. Why is this occurring?. The widget is configured to display only when active events are present. The security analyst role does not have permission to view this widget. An API restriction within the Cisco FMC is preventing the widget from displaying. The widget is not configured within the Cisco FMC.

An analyst is reviewing the Cisco FMC reports for the week. They notice that some peer-to-peer applications are being used on the network and they must identify which poses the greatest risk to the environment. Which report gives the analyst this information?. Attacks Risk Report. User Risk Report. Network Risk Report. Advanced Malware Risk Report.

A Cisco FTD has two physical interfaces assigned to a BVI. Each interface is connected to a different VLAN on the same switch. Which firewall mode is the Cisco FTD set up to support?. active/active failover. transparent. routed. high availability clustering.

An engineer wants to connect a single IP subnet through a Cisco FTD firewall and enforce policy. There is a requirement to present the internal IP subnet to the outside as a different IP address. What must be configured to meet these requirements?. Configure the downstream router to perform NAT. Configure the upstream router to perform NAT. Configure the Cisco FTD firewall in routed mode with NAT enabled. Configure the Cisco FTD firewall in transparent mode with NAT enabled.

Upon detecting a flagrant threat on an endpoint, which two technologies instruct Cisco identity Services Engine to contain the infected endpoint either manually or automatically? (Choose two). Cisco ASA 5500 Series. Cisco FMC. Cisco AMP. Cisco Stealthwatch. Cisco ASR 7200 Series.

An engineer must configure a Cisco FMC dashboard in a child domain. Which action must be taken so that the dashboard is visible to the parent domain?. Add a separate tab. Adjust policy inheritance settings. Add a separate widget. Create a copy of the dashboard.

An engineer runs the command restore remote-manager-backup location 2.2.2.2 admin /Volume/home/admin FTD408566513.zip on a Cisco FMC. After connecting to the repository, the Cisco FTD device is unable to accept the backup file. What is the reason for this failure?. The backup file is not in .cfg format. The wrong IP address is used. The backup file extension was changed from .tar to .zip. The directory location is incorrect.

An engineer is configuring Cisco FMC and wants to limit the time allowed for processing packets through the interface. However if the time is exceeded the configuration must allow packets to bypass detection. What must be configured on the Cisco FMC to accomplish this task?. Fast-Path Rules Bypass. Cisco ISE Security Group Tag. inspect Local Traffic Bypass. Automatic Application Bypass.

A network engineer sets up a secondary Cisco FMC that is integrated with Cisco Security Packet Analyzer.What occurs when the secondary Cisco FMC synchronizes with the primary Cisco FMC?. The existing integration configuration is replicated to the primary Cisco FMC. The existing configuration for integration of the secondary Cisco FMC the Cisco Security Packet Analyzer is overwritten. The synchronization between the primary and secondary Cisco FMC fails. The secondary Cisco FMC must be reintegrated with the Cisco Security Packet Analyzer after the synchronization.

A network administrator is deploying a Cisco IPS appliance and needs it to operate initially without affecting traffic flows. it must also collect data to provide a baseline of unwanted traffic before being reconfigured to drop it. Which Cisco IPS mode meets these requirements?. failsafe. inline tap. promiscuous. bypass.

A network administrator is implementing an active/passive high availability Cisco FTD pair. When adding the high availability pair, the administrator cannot select the secondary peer. What is the cause?. The second Cisco FTD is not the same model as the primary Cisco FTD. An high availability license must be added to the Cisco FMC before adding the high availability pair. The failover link must be defined on each Cisco FTD before adding the high availability pair. Both Cisco FTD devices are not at the same software version.

A company is in the process of deploying intrusion protection with Cisco FTDs managed by a Cisco FMC. Which action must be selected to enable fewer rules detect only critical conditions and avoid false positives?. Connectivity Over Security. Balanced Security and Connectivity. Maximum Detection. No Rules Active.

An engineer is troubleshooting a file that is being blocked by a Cisco FTD device on the network. The user is reporting that the file is not malicious. Which action does the engineer take to identify the file and validate whether or not it is malicious?. identify the file in the intrusion events and submit it to Threat Grid for analysis. Use FMC file analysis to look for the file and select Analyze to determine its disposition. Use the context explorer to find the file and download it to the local machine for investigation. Right click the connection event and send the file to AMP for Endpoints to see if the hash is malicious.

Which protocol is needed to exchange threat details in rapid threat containment on Cisco FMC?. SGT. SNMP v3. BFD. pxGrid.