examen 5

An administrator is adding a QoS policy to a Cisco FTD deployment. When a new rule is added to the policy and QoS is applied on “Interfaces in Destination Interface Objects”, no interface objects are available. What is the problem?. The network segments that the interfaces are on do not have contiguous IP space. The FTD is out of available resources for use, so QoS cannot be added. A conflict exists between the destination interface types that is preventing QoS from being added. QoS is available only on routed interfaces, and this device is in transparent mode.

An organization is migrating a Cisco ASA device running in multi-context mode to Cisco FTD devices. Which action must be taken to ensure that each context on the ASA is logically separated in the FTD devices?. Add a native instance to distribute traffic to each FTD context. Add the FTD device to the ASA port channels. Configure the FTD to use pod channels spanning multiple networks. Configure a container instance in the FTD for each context in the ASA.

A network administrator registered a new Cisco FTD to an existing Cisco FMC and cannot place the FTD in transparent mode. Which action enables transparent mode?. Deregister the FTD device from FMC and configure transparent mode via the CLI. Assign an IP address to two physical interfaces. Add a Bridge Group Interface to the FTD before transparent mode is configured. Obtain an FTD model that supports transparent mode.

Which action must be taken on the Cisco FMC when a packet bypass is configured in case the Snort engine is down or a packet takes too long to process?. Enable Inspect Local Router Traffic. Add a Bypass Threshold policy for failures. Enable Automatic Application Bypass. Configure Fastpath rules to bypass inspection.

What must be implemented on Cisco Firepower to allow multiple logical devices on a single physical device to have access to external hosts?. Define VLAN subinterfaces for each logical device. Add one shared management interface on all logical devices. Set up a duster control link between all logical devices. Add at least two container instances from the same module.

A network administrator notices that SI events are not being updated. The Cisco FTD device is unable to load all of the SI event entries and traffic is not being blocked as expected. What must be done to correct this issue?. Redeploy configurations to affected devices so that additional memory is allocated to the SI module. Restart the affected devices in order to reset the configurations. Manually update the SI event entries to that the appropriate traffic is blocked. Replace the affected devices with devices that provide more memory.

Remote users who connect via Cisco AnyConnect to the corporate network behind a Cisco FTD device report that they get no audio when calling between remote users using their softphones. These same users can call internal users on the corporate network without any issues. What is the cause of this issue?. The hairpinning feature is not available on FTD. Split tunneling is enabled for the Remote Access VPN on FTD. The Enable Spoke to Spoke Connectivity through Hub option is not selected on FTD. FTD has no NAT policy that allows outside to outside communication.

A network administrator is troubleshooting access to a website hosted behind a Cisco FTD device. External clients cannot access the web server via HTTPS. The IP address configured on the web server is 192.168.7.46. The administrator is running the command capture CAP interface outside match ip any 192.168.7.46 255.255.255.255 but cannot see any traffic in the capture. Why is this occurring?. The capture must use the public IP address of the web server. The packet capture shows only blocked traffic. The access policy is blocking the traffi. The FTD has no route to the web server.

A company is deploying intrusion protection on multiple Cisco FTD appliances managed by Cisco FMC. Which system-provided policy must be selected if speed and detection are priorities?. Maximum Detection. Connectivity Over Security. Security Over Connectivity. Balanced Security and Connectivity.

An engineer must configure the firewall to monitor traffic within a single subnet without increasing the hop count of that traffic. How would the engineer achieve this?. Configure Cisco Firepower in FXOS monitor only mode. Set up Cisco Firepower in intrusion prevention mode. Configure Cisco Firepower as a transparent firewall. Set up Cisco Firepower as managed by Cisco FDM.

An engineer is creating an URL object on Cisco FMC. How must it be configured so that the object will match for HTTPS traffic in an access control policy?. Specify the protocol to match (HTTP or HTTPS). Define the path to the individual webpage that uses HTTPS. Use the FQDN including the subdomain for the website. Use the subject common name from the website certificate.

An organization is configuring a new Cisco Firepower High Availability deployment. Which action must be taken to ensure that failover is as seamless as possible to end users?. Set the same FQDN for both chassis. Use a dedicated stateful link between chassis. Load the same software version on both chassis. Set up a virtual failover MAC address between chassis.

An engineer wants to perform a packet capture on the Cisco FTD to confirm that the host using IP address 192.168.100.100 has the MAC address of 0042.8935.603 to help troubleshoot a connectivity issue. What is the correct tcpdump command syntax to ensure that the MAC address appears in the packet capture output?. -ne src 192.168.100.100. -nm src 192.168.100.100. -w capture.pcap -s 1518 host 192.168.100.100 mac. -w capture.pcap -s 1518 host 192.168.100.100 ether.

An engineer must configure a Cisco FMC dashboard in a multidomain deployment. Which action must the engineer take to edit a report template from an ancestor domain?. Add it as a separate widget. Assign themselves ownership of it. Copy it to the current domain. Change the document attributes.

An engineer must deploy a Cisco FTD appliance via Cisco FMC to span a network segment to detect malware and threats. When setting the Cisco FTD interface mode, which sequence of actions meets this requirement?. Set to passive, and configure an access control policy with an intrusion policy and a file policy defined. Set to none, and configure an access control policy with a prefilter policy defined. Set to passive, and configure an access control policy with a prefilter policy defined. Set to none, and configure an access control policy with an intrusion policy and a file policy defined.

Drag and drop the configuration steps from the left into the sequence on the right to enable external authentication on Cisco FMC to a RADIUS server. Select Users and External Authentication. Add External Authentication Object. Select Authentication Method and RADIUS. Configure the primary and secondary servers end user roles.

A network administrator wants to block traffic to a known malware site at https://www.badsite.com and all subdomains while ensuring no packets from any internal client are sent to that site. Which type of policy must the network administrator use to accomplish this goal?. SSL policy. Access Control policy with URL filtering. Prefilter policy. DNS policy.

An engineer is configuring multiple Cisco FTD appliances for use in the network. Which rule must the engineer follow while defining interface objects in Cisco FMC for use with interfaces across multiple devices?. Two security zones can contain the same interface. An interface cannot belong to a security zone and an interface group. Interface groups can contain multiple interface types. Interface groups can contain interfaces from many devices.

Refer to the exhibit. An engineer is modifying an access control policy to add a rule to inspect all DNS traffic that passes through the firewall. After making the change and deploying the policy, they see that DNS traffic is not being inspected by the Snort engine. What is the problem?. The rule is configured with the wrong setting for the source port. The rule must specify the security zone that originates the traffic. The action of the rule is set to trust instead of allow. The rule must define the source network for inspection as well as the port.

An administrator is configuring a transparent Cisco FTD device to receive ERSPAN traffic from multiple switches on a passive port, but the FTD is not processing the traffic. What is the problem?. The FTD must be configured with an ERSPAN port, not a passive port. The FTD must be in routed mode to process ERSPAN traffic. The switches do not have Layer 3 connectivity to the FTD device for GRE traffic transmission. The switches were not set up with a monitor session ID that matches the flow ID defined on the FTD.

A security engineer must configure a Cisco FTD appliance to inspected traffic coming from the internet. The internet traffic will be mirrored from the Cisco Catalyst 9300 Switch. Which configuration accomplishes the task?. Set interface configuration mode to passive. Set interface configuration mode to none. Set the firewall mode to routed. Set the firewall mode to transparent.

Refer to the exhibit. An engineer is analyzing a Network Risk Report from Cisco FMC. Which application must the engineer take immediate action against to prevent unauthorized network use?. TOR. Chrome. Kerberos. YouTube.

A Cisco FMC administrator wants to configure fastpathing of trusted network traffic to increase performance. In which type of policy would the administrator configure this feature?. Prefilter policy. Network Analysis policy. Identity policy. Intrusion policy.

Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used. Unregister the device from the active Cisco FMC. Enter the “configure manager delete” command at the CLI of the affected device. Enter the “configure manager add” command at the CLI of the affected device. Register the affected device on the active Cisco FMC. Unregister the device from standby cisco FMC. Register the affected devicedont the standby cisco FMC.

With Cisco FTD software, which interface mode must be configured to passively receive traffic that passes through the appliance?. ERSPAN. IPS-only. Firewall. Tap o inline tap.

An engineer is attempting to add a new FTD device to their FMC behind a NAT device with a NAT ID of ACME001 and a password of Cisco388267669. Which command set must be used in order to accomplish this?. configure manager add ACME001 <registration key> <FMC IP>. configure manager add <FMC IP> ACME0O1 <registration key>. configure manager add DONTRESOLVE <FMC IP> AMCE001 <registration key>. configure manager add <FMC IP> <registration key> ACME001.

A security engineer needs to configure a network discovery policy on a Cisco FMC appliance and prevent excessive network discovery events from overloading the FMC database. Which action must be taken to accomplish this task?. Change the network discovery method to TCP/SYN. Configure NetFlow exporters for monitored networks. Monitor only the default IPv4 and IPv6 network ranges. Exclude load balancers and NAT devices in the policy.

An engineer is configuring two new Cisco FTD devices to replace the existing high availability firewall pair in a highly secure environment. The information exchanged between the FTD devices over the failover link must be encrypted. Which protocol supports this on the Cisco FTD?. IPsec. SSH. SSL. MACsec.

An administrator needs to configure Cisco FMC to send a notification email when a data transfer larger than 10 MB is initiated from an internal host outside of standard business hours. Which Cisco FMC feature must be configured to accomplish this task?. file and malware policy. application detector. intrusion policy. correlation policy.

Which process should be checked when troubleshooting registration issues between Cisco FMC and managed devices to verify that secure communication is occurring?. fpcollect. dhclient. sfmgr. sftunnel.

An engineer needs to configure remote storage on Cisco FMC. Configuration backups must be available from a secure location on the network for disaster recovery. Reports need to back up to a shared location that auditors can access with their Active Directory logins. Which strategy must the engineer use to meet these objectives?. Use SMB for backups and NFS for reports. Use NFS for both backups and reports. Use SMB for both backups and reports. Use SSH for backups and NFS for reports.

A security engineer must integrate an external feed containing STIX/TAXII data with Cisco FMC. Which feature must be enabled on the Cisco FMC to support this connection?. Cisco Success Network. Cisco Secure Endpoint Integration. Threat Intelligence Director. Security Intelligence Feeds.

Which two considerations must be made when deleting and re-adding devices while managing them via Cisco FMC (Choose two). Before re-adding the device In Cisco FMC, the manager must be added back. The Cisco FMC web interface prompts users to re-apply access control policies. Once a device has been deleted, It must be reconfigured before it is re-added to the Cisco FMC. An option to re-apply NAT and VPN policies during registration is available, so users do not need to re-apply the polices after registration is completed. There is no option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

An engineer defines a new rule while configuring an Access Control Policy. After deploying the policy, the rule is not working as expected and the hit counters associated with the rule are showing zero. What is causing this error?. Logging is not enabled for the rule. The rule was not enabled after being created. The wrong source interface for Snort was selected in the rule. An incorrect application signature was used in the rule.

When using Cisco Threat Response, which phase of the Intelligence Cycle publishes the results of the investigation?. direction. dissemination. processing. analysis.

An engineer is setting up a remote access VPN on a Cisco FTD device and wants to define which traffic gets sent over the VPN tunnel. Which named object type in Cisco FMC must be used to accomplish this task?. split tunnel. crypto map. access list. route map.

An engineer is troubleshooting HTTP traffic to a web server using the packet capture tool on Cisco FMC. When reviewing the captures, the engineer notices that there are a lot of packets that are not sourced from or destined to the web server being captured. How can the engineer reduce the strain of capturing packets for irrelevant traffic on the Cisco FTD device?. Use the host filter in the packet capture to capture traffic to or from a specific host. Redirect the packet capture output to a .pcap file that can be opened with Wireshark. Use the -c option to restrict the packet capture to only the first 100 packets. Use an access-list within the packet capture to permit only HTTP traffic to and from the web server.

A network administrator is configuring a site-to-site IPsec VPN to a router sitting behind a Cisco FTD. The administrator has configured an access policy to allow traffic to this device on UDP 500, 4500, and ESP VPN traffic is not working. Which action resolves this issue?. Set the allow action in the access policy to trust. Enable IPsec inspection on the access policy. Modify the NAT policy to use the interface PAT. Change the access policy to allow all ports.

An organization is installing a new Cisco FTD appliance in the network. An engineer is tasked with configuring access between two network segments within the same IP subnet. Which step is needed to accomplish this task?. Assign an IP address to the Bridge Virtual Interface. Permit BPDU packets to prevent loops. Specify a name for the bridge group. Add a separate bridge group for each segment.

A security engineer is adding three Cisco FTD devices to a Cisco FMC. Two of the devices have successfully registered to the Cisco FMC. The device that is unable to register is located behind a router that translates all outbound traffic to the router’s WAN IP address. Which two steps are required for this device to register to the Cisco FMC? (Choose two). Reconfigure the Cisco FMC lo use the device’s private IP address instead of the WAN address. Configure a NAT ID on both the Cisco FMC and the device. Add the port number being used for PAT on the router to the device’s IP address in the Cisco FMC. Reconfigure the Cisco FMC to use the device’s hostname instead of IP address. Remove the IP address defined for the device in the Cisco FMC.

An engineer is troubleshooting a device that cannot connect to a web server. The connection is initiated from the Cisco FTD inside interface and attempting to reach 10.0.1.100 over the non-standard port of 9443 The host the engineer is attempting the connection from is at the IP address of 10.20.10.20. In order to determine what is happening to the packets on the network, the engineer decides to use the FTD packet capture tool Which capture configuration should be used to gather the information needed to troubleshoot this issue?. source host 10.0.1.100 destination host 10.20.10.20 interface inside. source host 10.20.10.20 destination host 10.0.1.100 interface inside. source host 10.20.10.20 destination host 10.0.1.100 interface diagnostic. source host 10.0.1.100 destination host 10.20.10.20 interface diagnostic.

An organization is implementing Cisco FTD using transparent mode in the network. Which rule in the default Access Control Policy ensures that this deployment does not create a loop in the network?. ARP inspection is enabled by default. Multicast and broadcast packets are denied by default. STP BPDU packets are allowed by default. ARP packets are allowed by default.

When a Cisco FTD device is configured in transparent firewall mode, on which two interface types can an IP address be configured? (Choose two). Diagnostic. EtherChannel. BVI. Physical. Subinterface.

While configuring FTD, a network engineer wants to ensure that traffic passing though the appliance does not require routing or VLAN rewriting. Which interface mode should the engineer implement to accomplish this task?. inline set. passive. transparent. inline tap.