Spring Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

examout.co

Network traffic coining from an organization's CEO must never be denied. Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic?

A.

Configure firewall bypass.

B.

Change the intrusion policy from security to balance.

C.

Configure a trust policy for the CEO.

D.

Create a NAT policy just for the CEO.

When a Cisco FTD device is configured in transparent firewall mode, on which two interface types can an IP address be configured? (Choose two.)

A.

Diagnostic

B.

EtherChannel

C.

BVI

D.

Physical

E.

Subinterface

An administrator is optimizing the Cisco FTD rules to improve network performance, and wants to bypass inspection for certain traffic types to reduce the load on the Cisco FTD. Which policy must be configured to accomplish this goal?

A.

prefilter

B.

intrusion

C.

identity

D.

URL filtering

A company wants a solution to aggregate the capacity of two Cisco FTD devices to make the best use of resources such as bandwidth and connections per second. Which order of steps must be taken across the Cisco FTDs with Cisco FMC to meet this requirement?

A.

Configure the Cisco FTD interfaces, add members to FMC, configure cluster members in FMC, and create cluster in Cisco FMC.

B.

Add members to Cisco FMC, configure Cisco FTD interfaces in Cisco FMC. configure cluster members in Cisco FMC, create cluster in Cisco FMC. and configure cluster members in Cisco FMC.

C.

Configure the Cisco FTD interfaces and cluster members, add members to Cisco FMC. and create the cluster in Cisco FMC.

D.

Add members to the Cisco FMC, configure Cisco FTD interfaces, create the cluster in Cisco FMC, and configure cluster members in Cisco FMC.

Which object type supports object overrides?

A.

time range

B.

security group tag

C.

network object

D.

DNS server group

A Cisco FMC administrator wants to configure fastpathing of trusted network traffic to increase performance. In which type of policy would the administrator configure this feature?

A.

Identity policy

B.

Prefilter policy

C.

Network Analysis policy

D.

Intrusion policy

A Cisco FTD has two physical interfaces assigned to a BVI. Each interface is connected to a different VLAN on the same switch. Which firewall mode is the Cisco FTD set up to support?

A.

active/active failover

B.

transparent

C.

routed

D.

high availability clustering

An engineer must configure an ERSPAN passive interface on a Cisco Secure IPS by using the Cisco Secure Firewall Management Center. These configurations have been performed already:

    Configure the passive interface.

    Configure the ERSPAN IP address.

Which two additional settings must be configured to complete the configuration? (Choose two.)

A.

Source IP

B.

Bypass Mode

C.

TCP Intercept

D.

Flow ID

E.

Destination MAC

A company is deploying Cisco Secure Endpoint private cloud. The Secure Endpoint private cloud instance has already been deployed by the server administrator. The server administrator provided the hostname of the private cloud instance to the network engineer via email. What additional information does the network engineer require from the server administrator to be able to make the connection to Secure Endpoint private cloud in Cisco Secure Firewall Management Centre?

A.

SSL certificate for the Secure Endpoint ornate cloud instance

B.

Internet access for the Secure End point private cloud to reach the Secure Endpoint public cloud

C.

Username and password to the Secure Endpoint private cloud instance

D.

IP address and port number for the connection proxy

Refer to the exhibit. An engineer is configuring a high-availability solution that has the hardware devices and software versions:

two Cisco Secure Firewall 9300 Security Appliances with FXOS SW 2.0(1.23)

software Cisco Secure Firewall Threat Defense 6.0.1.1 (build 1023) on both appliances

one Cisco Secure Firewall Management Center with SW 6.0.1.1 (build 1023)

Which condition must be met to complete the high-availability configuration?

A.

DHCP must be configured on at least one firewall interface.

B.

The version numbers must have the same patch number.

C.

Both firewalls must have the same number of interfaces.

D.

Both firewalls must be in transparent mode.