dumpstool logo
Which firewall design allows a firewall to forward traffic at layer 2 and layer 3 for the same subnet?
An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching. Which action must be taken to meet these requirements?
Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)
An administrator is optimizing the Cisco FTD rules to improve network performance, and wants to bypass inspection for certain traffic types to reduce the load on the Cisco FTD. Which policy must be configured to accomplish this goal?
Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)
When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance Which deployment mode meets the needs of the organization?
An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment?
Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?
An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighbouring Cisco devices or use multicast in their environment. What must be done to resolve this issue?
On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?
A Cisco FTD has two physical interfaces assigned to a BVI. Each interface is connected to a different VLAN on the same switch. Which firewall mode is the Cisco FTD set up to support?
Which two actions can be used in an access control policy rule? (Choose two.)
Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123?
Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?
An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events filing the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configuration change must be made to alleviate this issue?
An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs. Which two steps must be taken to meet these requirements? (Choose two.)
A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that will be generated. Which configuration addresses this concern?
An engineer is using the configure manager add
An engineer is configuring Cisco FMC and wants to allow multiple physical interfaces to be part of the same VLAN. The managed devices must be able to perform Layer 2 switching between interfaces, including sub-interfaces. What must be configured to meet these requirements?
Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)
Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)
When creating a report template, how can the results be limited to show only the activity of a specific subnet?
A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it What is the reason for this issue?
Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)
What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?
A network administrator reviews the file report for the last month and notices that all file types, except exe. show a disposition of unknown. What is the cause of this issue?
A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic. Which action accomplishes this task?
Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)
Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high- availability?
Which command-line mode is supported from the Cisco Firepower Management Center CLI?
Drag and drop the steps to restore an automatic device registration failure on the standby Cisco FMC from the left into the correct order on the right. Not all options are used.
When do you need the file-size command option during troubleshooting with packet capture?
Which two statements about deleting and re-adding a device to Cisco FMC are true? (Choose two.)
How many report templates does the Cisco Firepower Management Center support?
Within Cisco Firepower Management Center, where does a user add or modify widgets?
Which Cisco Firepower feature is used to reduce the number of events received in a period of time?
Which CLI command is used to generate firewall debug messages on a Cisco Firepower?
Which command is entered in the Cisco FMC CLI to generate a troubleshooting file?
What is the maximum bit size that Cisco FMC supports for HTTPS certificates?
Which group within Cisco does the Threat Response team use for threat analysis and research?
What is the maximum SHA level of filtering that Threat Intelligence Director supports?
Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked? (Choose two.)
Which Cisco Advanced Malware Protection for Endpoints policy is used only for monitoring endpoint actively?
Which two remediation options are available when Cisco FMC is integrated with Cisco ISE? (Choose two.)
Which action should you take when Cisco Threat Response notifies you that AMP has identified a file as malware?
Which connector is used to integrate Cisco ISE with Cisco FMC for Rapid Threat Containment?
In a Cisco AMP for Networks deployment, which disposition is returned if the cloud cannot be reached?
What is a limitation to consider when running a dynamic routing protocol on a Cisco FTD device in IRB mode?
A security engineer is adding three Cisco FTD devices to a Cisco FMC. Two of the devices have successfully registered to the Cisco FMC. The device that is unable to register is located behind a router that translates all outbound traffic to the router's WAN IP address. Which two steps are required for this device to register to the Cisco FMC? (Choose two.)
A network administrator is concerned about (he high number of malware files affecting users' machines. What must be done within the access control policy in Cisco FMC to address this concern?
A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet How is this accomplished on an FTD device in routed mode?
An administrator Is setting up a Cisco PMC and must provide expert mode access for a security engineer. The engineer Is permitted to use only a secured out-of-band network workstation with a static IP address to access the Cisco FMC. What must be configured to enable this access?
An engineer runs the command restore remote-manager-backup location 2.2.2.2 admin /Volume/home/admin FTD408566513.zip on a Cisco FMC. After connecting to the repository, the Cisco FTD device is unable to accept the backup file. What is the reason for this failure?
A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member ingress interface. What must be considered by an engineer tasked with specifying a destination MAC address for a packet trace?
A network administrator is configuring an FTD in transparent mode. A bridge group is set up and an access policy has been set up to allow all IP traffic. Traffic is not passing through the FTD. What additional configuration is needed?
An engineer defines a new rule while configuring an Access Control Policy. After deploying the policy, the rule is not working as expected and the hit counters associated with the rule are showing zero. What is causing this error?
TESTED 23 Feb 2025
