Amp for Firepower Unable to Communicate With Dynamic Analysis Cloud
REALIZAR TEST
CCNP 300-710
Descripción:
Description
Autor:
Fecha de Creación:
09/06/2021
Categoría:
Otros
Número preguntas: 66
No hay ningún comentario sobre este test.
Temario:
Network traffic coming from an organization's CEO must never be denied. Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic? Create a NAT policy just for the CEO Change the intrusion policy from security to balance Configure a trust policy for the CEO Configure firewall bypass.
A network engineer is receiving reports of users randomly getting disconnected from their corporate applications which traverses the data center FTD appliance. Network monitoring tools show that the FTD appliance utilization is peaking above 90% of total capacity. What must be done in order to further analyze this issue? Use the Packet Tracer feature for traffic policy analysis Use the Packet Analysis feature for capturing network data Use the Packet Export feature to save data onto external drives Use the Packet Capture feature to collect real-time network traffic.
An engineer has been asked to show application usages automatically on a monthly basis and send the information to management. What mechanism should be used to accomplish this task? context explorer reports event viewer dashboards.
In a multi-tennant deployment where multiple domains are in use, which udpate should be applied outside of the Global Domain? Local import of major upgrade Cisco Geolocation Database local import of intrusion rules minor upgrade.
An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighboring Cisco devices or use multicast in their environment. What must be done to resolve this issue? Change the firewall mode to transparent Create a firewall rule to allow CDP traffic Create a bridge group with the firewall interfaces Change the firewall mode to routed.
A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally signficant internal network subnets at each location. What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the applicable rules? utilizing a dynamic ACP that updates from Cisco Talos creating a unique ACP per device creating an ACP with an INSIDE_NET network object and object overrides utilizing policy inheritance.
A hospital network needs to upgrade their Cisco FMC managed devices and needs to ensure that a disaster recovery process is in place. What must be done in order to minimize downtime on the network? Keep a copy of the current configuration to use as a backup Configure the Cisco FMCs for failover Configure the Cisco FMC managed devices for clustering Configure a second circuit to an ISP for added redundancy.
An administrator is setting up Cisco Firepower to send data to the Cisco Stealthwatch appliances. The NetFlow_Set_Parameters object is already created, but NetFlow is not being sent to the flow collector. What must be done to prevent this from occurring? Add the NetFlow_Add_destination object to the configuration Create a Security Intelligence object to send the data to Cisco Stealthwatch Create a service identifier to enable the NetFlow service Add the NetFlow_Send_Destination object to the configuration. .
With a recent summer time change, system logs are showing activity that occurred to be an hour behind real time. Which action should be taken to resolve this issue? Manually adjust the time to the correct hour on the Cisco FMC Manually adjust the time to the correct hour on all managed devices Configure the system clock settings to use NTP Configure the system clock settings to use NTP with Daylight Savings checked.
A network administrator is configuring SNORT inspection policies and is seeing failed deployment messages in Cisco FMC. What information should the administrator generate for Cisco TAC to help troubleshoot? A "troubleshoot" file for the device in question A "troubleshoot" file for the Cisco FMC A "show tech" file for the device in question A "show tech" for the Cisco FMC.
An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behavior. How is this accomplished? Modify the access control policy to redirect interesting traffic to the engine Modify the network discovery policy to detect new hosts to inspect Modify the network analysis policy to process the packets for inspection Modify the intrusion policy to determine the minimum severity of an event to inspect.
An organization has a Cisco IPS running in inline mode and is inspecting traffic for malicious activity. When traffic is received by the Cisco IPS, if it is not dropped, how does the traffic get to its destination? It is transmitted out of the Cisco IPS outside interface It is routed back to the Cisco ASA interfaces for transmission The packets are duplicated and a copy is sent to the destination It is retransmitted from the Cisco IPS inline set.
An organization is setting up two new Cisco FTD devices to replace their current firewalls and cannot have any network downtime. During the setup process, the synchronization between the two devices is failing. What action is needed to resolve this issue? Confirm that both devices have the same flash memory sizes Confirm that both devices are configured with the same types of interfaces Confirm that both devices are running the same software version Confirm that both devices have the same port-channel numbering.
An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching. Which action must be taken to meet these requirements? Disable the default IPS policy and enable global logging Disable the default IPS policy and enable per-rule logging Configure an IPS policy and enable per-rule logging Configure an IPS policy and enable global logging.
Which feature within the Cisco FMC web interface allows for detecting, analyzing, and blocking malware in network traffic? Intrusion and file events File policies Cisco AMP for networks Cisco AMP for endpoints.
Refer to the exhibit. An administrator is looking at some of the reporting capabilities for Cisco Firepower and noticed this section of the Network Risk Report showing a lot of SSL activity that could be used for evasion. Which action will mitigate this risk? Use Cisco Tetration to track SSL connections to servers Use encrypted traffic analytics to detect attacks Use SSL decryption to analyze the packets Use Cisco AMP for Endpoints to block all SSL connection.
An engineer is attempting to create a new dashboard within the Cisco FMC to have a single view with widgets from many of the other dashboards. The goal is to have a mixture of threat and security related widgets along with Cisco Firepower device health information. Which two widgets must be configured to provide this information? (Choose Two) Correlation information Network compliance Appliance status Current sessions Intrusion events.
An engineer is monitoring network traffic from their sales and product development departments, which are on two separate networks. What must be configured in order to maintain data privacy for both departments Use passive IDS ports for both departments Use one pair of inline set in TAP mode for both departments Use 802.1Q inline set trunk interfaces with VLAN to maintain logical tafc separation Use a dedicated IPS inline set for each department to maintain taffi separation.
What is a characteristic of bridge groups on a Cisco FTD? In routed firewall mode, routing between bridge groups is supported In transparent firewall mode, routing between bridge groups is supported In routed firewall mode, routing between bridge groups must pass through a routed interface. Routing between bridge groups is achieved only with a router-on-a-stick configuration on a connected router.
An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events are filling the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configuration change must be made to alleviate this issue? Leave default networks Change the method to TCP/SYN Increase the number of entries on the NAT device Exclude load balancers and NAT devices.
With Cisco FTD integrated routing and bridging, which interface does the bridge group use to communicate with a routed interface? bridge virtual subinterface bridge group member switch virtual.
An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware. Which two configurations task must be performed to achieve this file lookup? (Choose two) The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing The Cisco FMC needs to connect to the Cisco AMP for Endpoints service The Cisco FMC needs to connect with the FireAMP Cloud The Cisco FMC needs to include a file inspection policy for malware lookup The Cisco FMC needs to include a SSL decryption policy.
A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisco FMC generated an alert for the malware event, however the user still remained connected. Which Cisco AMP file rule action within the Cisco FMC must be set to resolve this issue? Malware Cloud Lookup Local Malware analysis Detect Files Reset connection.
What is a feature of Cisco AMP Private Cloud? It supports Security Intelligence filtering It disables direct connections to the public cloud It performs dynamic analysis It supports anonymized retrieval of threat intelligence.
A network administrator notices that SI events are not being updated. The Cisco FTD device is unable to load all of the SI event entries and traffic is not being blocked as expected. What must be done to correct this issue? Restart the affected devices in order to reset the configurations Replace the affected devices with devices that provide more memory Redeploy configurations to affected devices so that additional memory is located to the SI module Manually update the SI event entries so that the appropriate traffic is blocked.
What is the advantage of having Cisco Firepower devices send events to Cisco Threat Response via the security services exchange portal directly as opposed to using syslog? All types of Firepower devices are supported An on-premises proxy server does not need to set up and maintained. Supports all devices that are running supported versions of Firepower Firepower devices do not need to be connected to the Internet.
An organization has a compliancy requirement to protect servers from clients, however, the clients and the servers all reside on the same Layer 3 network. Without readdressing IP subnets for clients or servers, how is segmentation achieved? Change the IP addresses the servers, while remaining on the same subnet Change the IP addresses of the clients, while remaining on the same subnet Deploy a firewall in transparent mode between the clients and servers Deploy a firewall in routed mode between the clients and servers.
Refer to the exhibit. What must be done to fix access to this website while preventing the same communication to all other websites? Create an access control policy rule to allow port 443 to only 172.1.1.50 Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50 Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1.50 Create an access control policy rule to allow port 80 only 172.1.1.50.
An organization is using a cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic? Modify the Cisco ISE authorization policy to deny this access to the user Add the unknown user in the Malware & File Policy in Cisco FTD Modify Cisco ISE to send only legitimate usernames to the Cisco FTD Add the unknown user in the Access Control Policy in Cisco FTD.
An organization must be able to ingest Netflow traffic from their Cisco FTD devices to Cisco Stealthwatch for behavioral analysis. What must be configured on the Cisco FTD to meet this requirement? variable set object for Netflow interface object to export Netflow flexconfig object for Netflow security intelligence object for Netflow.
An engineer is investigating connectivity problems on Cisco Firepower that is using service group tags. Specific devices are not being tagged correctly, which is preventing clients from using the proper policies when going through the firewall. How is this issue resolved? Use a packet capture with match criteria Use Wireshark with an IP subnet filter Use trace route with advanced options Use a packet sniffer with correct filtering.
An engineer is tasked with deploying an internal pentameter firewall that will support multiple DMZs. Each DMZ has a unique private IP subnet range. How is the requirement satisfied? Deploy the firewall in transparent mode with access control policies Deploy the firewall in transparent mode with NAT configured Deploy the firewall in routed mode with NAT configured Deploy the firewall in routed mode with access control policies.
An engineer is restoring a Cisco FTD configuration from a remote backup using the command 'restore remote-manager-backup location 1.1.1.1 admin /Volume/home/admin/BACKUP.zip' on a Cisco FMC. After connecting to the repository, an error occurred that prevents the FTD device from accepting the backup file. What is the problem? The backup file was not enabled prior to being applied The backup file extension was changed from tar to zip The backup file is too large for the Cisco FTD device The backup file is not in cfg format.
When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance. Which deployment mode meets the needs of the organization? passive monitor-only mode inline mode passive tap monitor-only mode inline tap monitor-only mode.
A network administrator notices that inspection has been interrupted on all non-managed interfaces of a device. What is the cause of this? A passive interface was associated with a security zone The value of the highest MSS assigned to any non-management interface was changed Multiple inline interface pairs were added to the same inline interface The value of the highest MTU assigned to any non-management interface was changed.
A network engineers is logged in the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash. Which configuration is needed to mitigate this threat? Add the hash to the simple custom detection list Add the hash from the infected endpoint to the network blacklist Enable a personal firewall in the infected end point Use regular expressions to block the malicious file.
Which two conditions must be met to enable high availability between two Cisco FTD devices? (Choose two) same DHCP/PPeE configuration same number of interfaces same flash memory size same NTP configuration same hostname.
A network administrator needs to create a policy on Cisco Firepower to fast-path traffic to avoid Layer 7 inspection. The rate at which traffic is inspected must be optimized. What must be done to achieve this goal? Disable TCP inspection Configure a prefilter policy Enable the FXOS for multi-instance Configure module policy framework.
What is the difference between inline and inline tap on Cisco Firepower? Inline mode cannot do SSE decryption Inline tap mode can send a copy of the traffic to another device Inline tap mode does full packet capture Inline mode can drop malicious traffic.
What are two application layer preprocessors? CIFS SSL DNPS ICMP IMAP .
Which limitation applies to Cisco FMC dashboards in a multi-domain environment? Only the administrator of the top ancestor domain is able to view dashboards Child domains have access to only a limited set of widgets from ancestor domains Child domains can view but not edit dashboards that originate from an ancestor domain Child domains cannot view dashboards that originate from an ancestor domain.
Refer to the exhibit. An organization has an access control rule with the intention of sending all social media traffic for inspection. After using the rule for some time, the administrator notices that the traffic is not being inspected, but is being automatically allowed. What must be done to address this issue? Add the social network URLs to the block list Change the intrusion policy to connectivity over security Modify the rule action from trust to allow.
A mid sized company is experiencing higher network bandwidth utilization due to a recent acquisition. The network operations team is asked to scale up their one Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth. Which design option should be used to accomplish this goal? Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance Deploy multiple Cisco FTD appliances using VPN load-balancing to scale performance Deploy multiple Cisco FTD HA pairs to increase performance Deploy multiple Cisco FTD appliances in firewall clustering mode to increase performance. .
A VPN user is unable to connect to web resources behind the Cisco FTF device terminating the connection. While troubleshooting, the networking administrator determine that the DNS responses are not getting through the FTD. What must be done to address the issues while still utilizing Snort IPS rules? Uncheck the "Drop when Inline" box in the intrusion policy to allow the traffic Modify the Snort rules to allow legitimate DNS traffic to the VPN users Decrypt the packet after the VPN flow so the DNS queries are not inspected Disable the intrusion rule threshold to optimize the snort process.
There is an increased amount of traffic on the network and for compliance reasons, management needs visibility into the encrypted traffic.What is a result of enabling TLS/SSL decryption to allow this visibility? It is not subject to any privacy regulations It will fail if certificate pinning is not enforced It prompts the need for a corporate managed certificate It has minimal performance impact.
An administrator is attempting to remotely log into a switch in the data center using SSH and is unable to connect. How does the administrator confirm that traffic is reaching the firewall? by running a packet tracer on the firewall by running Wireshark on the administrator's PC by performing a packet capture on the firewall by attempting to access it from a different workstation.
A network administrator is creating interface objects to better segment their network but is having trouble adding interface to the objects. What is the reason cause this failure? The interfaces belong to multiple interface groups The interfaces are being used for NAT for multiple networks. The administrator is adding an interface that is in multiple zones The administrator is adding interfaces of multiple types.
A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire. How should this be implemented? Enable routing on the Cisco Firepower Add an IP address to physical cisco Firepower interfaces Specify the BVI IP address as the default gateway for connected devices Configure a bridge group in transparent mode.
A network engineer wants to add a third-party threat feed into the Cisco FMC for enhanced threat detection. Which action should be taken to accomplish this goal? Enable Threat Intelligence Director using STIX and TAXII Enable Threat Intelligence Director using REST APIs Enable Rapid Threat Containment using REST APIs Enable Rapid Threat Containment using STIX and TAXII.
IT management is asking the network engineer to provide high-level summary statistics of the Cisco FTD appliance in the network. The business is approaching a peak season so the need to maintain business uptime is high. Which report type should be used to gather this information? Risk Report Malware Report SNMP Report Standard Report.
An engineer configures an access control rule that deploys file policy configurations to security zones or tunnel zones, and it causes the device to restart. What is the reason for the restart? Source or destination security zones in the source tunnel zone do not match the security zones that are associated with interfaces on the target devices. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the destination policy Source or destination security zones in the access role do not match the security zones that are associated with interfaces on the target devices The source tunnel zone in the rule does not match a tunnel zone that is assigned to a tunnel rule in the source policy.
An organization wants to secure traffic from their branch office to the headquarters building using Cisco Firepower devices. They want to ensure that their Cisco Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements? Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic Tune the intrusion policies in order to allow the VPN traffic through without inspection Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic. .
A user within an organization opened a malicious file on a workstation which in turn caused a ransomware attack on the network. What should be configured within the Cisco FMC to ensure the file is tested for viruses on a sandbox system? dynamic analysis Spero analysis capacity handling local malware analysis.
A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface. What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace? The destination MAC address is optional if a VLAN ID value is entered Only the UDP packet type is supported The VLAN ID and destination MAC address are optional The output format option for the packet logs is unavailable.
An engineer has been tasked with providing disaster recovery for an organization's primary Cisco FMC. What must be done on the primary and secondary Cisco FMCs to ensure that a copy of the original corporate policy is available if the primary Cisco FMC fails? Configure high-availability in both the primary and secondary Cisco FMCs Restore the primary Cisco FMC backup configuration to the secondary Cisco FMC device when the primary device fails Connect the primary and secondary Cisco FMC devices with Category 6 cables of not more than 10 meters in length Place the active Cisco FMC device on the same trusted management network as the standby device.
Which license type is required on Cisco ISE to integrate with Cisco FMC pxGrid? base mobility apex plus.
An engineer is troubleshooting a device that cannot connect to a web server. The connection is initiated from Cisco FTD inside interface and attempting to reach 10.0.1.100 over the non-standard port of 9443. The host the engineer is attempting the connection from is at the IP address of 10.20.10.20. In order to determine what is happening to the packets on the network, the engineer decides to use the FTD packet capture tool. Which capture configuration should be used to gather the information needed to troubleshoot this issue? Name: Server1_Capture | Interface: Inside Protocol: IP Source Host: 10.0.1.100 Destin Host: 10.20.10.20 Name: Server1_Capture | Interface: diagnostic Protocol: IP Source Host: 10.20.10.20 Destination Host: 10.0.1.100 Name: Server1_Capture | Interface: diagnostic Protocol: IP Source Host: 10.0.1.100 Destination Host: 10.20.10.20 Name: Server1_Capture | Interface: Inside Protocol: IP Source Host: 10.20.10.20 Destination Host: 10.0.1.100.
An organization has seen a lot of traffic congestion on their links going out to the internet. There is a Cisco Firepower device that processes all of the traffic going to the Internet prior to leaving the enterprise. How is the congestion alleviated so that legitimate business traffic reaches the destination? Create a NAT policy so that the Cisco Firepower device does not have to translate as many addresses Create a VPN policy so that direct tunnels are established to the business applications Create a flexConfig policy to use WCCP for application aware bandwidth limiting Create a QoS policy rate-limiting high bandwidth applications.
A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly. However, return traffic is entering the firewall but not leaving it. What is the reason for this issue? An external NAT IP address is configured to match the wrong interface An external NAT IP address is not configured A manual NAT exemption rule does not exist at the top of the NAT table An object NAT exemption rule does not exist at the top of the NAT table.
An engineer must build redundancy into the network and traffic must continuously flow if a redundant switch in front of the firewall goes down. What must be configured to accomplish this task? vPC on the switches to the span EtherChannel on the firewall cluster redundant interfaces on the firewall cluster mode and switches vPC on the switches to the interface mode on the firewall cluster redundant interfaces on the firewall non cluster mode and switches.
A connectivity issue is occurring between a client and a server which are communicating through a Cisco Firepower device. While troubleshooting, a network administrator sees that traffic is reaching the server, but the client is not getting a response. Which step must be taken to resolve this issue without initiating traffic from the client? Use packet-tracer to ensure that traffic is not being blocked by an access-list Use packet-tracer to validate that the packet passes through the firewall and is NATed to the corrected IP address. Use packet capture to validatee that the packet passes through the firewall and is NATed to the corrected IP addresses. Use packet capture to ensure that traffic is not being blocked by an access list.
An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment? In active/passive mode In cluster interface mode In active/active mode In a cluster span EtherChannel.
A network administrator is concerned about the high number of malware files affecting users' machines. What must be done within the access control policy in Cisco FMC to address this concern? Create a file policy and set the access control policy to allow Create a file policy and set the access control policy to block Create an intrusion policy and set the access control policy to block Create an intrusion policy and set the access control policy to allow.
A network engineer is tasked with minimizing traffic interruption during peak traffic times. When the SNORT inspection engine is overwhelmed, what must be configured to alleviate this issue? Set a Trust ALL access control policy Enable Pre-filter policies before the SNORT engine failure Enable IPS inline link state propagation Enable Automatic Application Bypass.
What are the minimum requirements to deploy managed device inline? inline interfaces, security zones, MTU, and mode passive interface, security zone, MTU and mode passive interface, MTU,and mode inline interfaces, MTU and mode.
Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI? deny ip any a default DMZ policy for which only a user can change the IP addresses permit ip any no policy rule is included.
Amp for Firepower Unable to Communicate With Dynamic Analysis Cloud
Source: https://www.daypo.com/ccnp-300-710.html
0 Response to "Amp for Firepower Unable to Communicate With Dynamic Analysis Cloud"
Post a Comment