Spring Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

A network engineer is deploying a pair of Cisco Secure Firewall Threat Defense devices managed by Cisco Secure Firewall Management Center tor High Availability Internet access is a high priority for the business and therefore they have invested in internet circuits from two different ISPs. The requirement from the customer Is that Internet access must do available to their user’s oven if one of the ISPs is down. Which two features must be deployed to achieve this requirement? (Choose two.)

A.

EtherChannel interfaces

B.

Route Tracking

C.

SLA Monitor

D.

Redundant interfaces

E.

BGP

Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

A.

The units must be the same version

B.

Both devices can be part of a different group that must be in the same domain when configured within the FMC.

C.

The units must be different models if they are part of the same series.

D.

The units must be configured only for firewall routed mode.

E.

The units must be the same model.

An engineer is configuring two new Cisco FTD devices to replace the existing high availability firewall pair in a highly secure environment. The information exchanged between the FTD devices over the failover link must be encrypted. Which protocol supports this on the Cisco FTD?

A.

IPsec

B.

SSH

C.

SSL

D.

MACsec

An engineer must define a URL object on Cisco FMC. What is the correct method to specify the URL without performing SSL inspection?

A.

Use Subject Common Name value.

B.

Specify all subdomains in the object group.

C.

Specify the protocol in the object.

D.

Include all URLs from CRL Distribution Points.

Which action must be taken on the Cisco FMC when a packet bypass is configured in case the Snort engine is down or a packet takes too long to process?

A.

Enable Inspect Local Router Traffic

B.

Enable Automatic Application Bypass

C.

Configure Fastpath rules to bypass inspection

D.

Add a Bypass Threshold policy for failures

A network administrator reviews the file report for the last month and notices that all file types, except exe. show a disposition of unknown. What is the cause of this issue?

A.

The malware license has not been applied to the Cisco FTD.

B.

The Cisco FMC cannot reach the Internet to analyze files.

C.

A file policy has not been applied to the access policy.

D.

Only Spero file analysis is enabled.

Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?

A.

FlexConfig

B.

BDI

C.

SGT

D.

IRB

Refer to the exhibit.

An engineer is modifying an access control policy to add a rule to Inspect all DNS traffic that passes it making the change and deploying the policy, they see that DNS traffic Is not being Inspected by the Snort engine. What is......

A.

The action of the rule is set to trust instead of allow.

B.

The rule must specify the security zone that originates the traffic.

C.

The rule Is configured with the wrong setting for the source port.

D.

The rule must define the source network for inspection as well as the port.

An engineer must deploy a Cisco FTD appliance via Cisco FMC to span a network segment to detect malware and threats. When setting the Cisco FTD interface mode, which sequence of actions meets this requirement?

A.

Set to passive, and configure an access control policy with an intrusion policy and a file policy defined

B.

Set to passive, and configure an access control policy with a prefilter policy defined

C.

Set to none, and configure an access control policy with a prefilter policy defined

D.

Set to none, and configure an access control policy with an intrusion policy and a file policy defined

On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?

A.

transparent inline mode

B.

TAP mode

C.

strict TCP enforcement

D.

propagate link state