Test #2 Flashcards by Procala Procala

Which command must be run to generate troubleshooting files on an FTD?

a. system support view-files
b. sudo sf_troubleshoot.pl
c. system generate-troubleshoot all

How well did you know this?

Not at all

Perfectly

Which two packet captures does the FTD LINA engine support? (Choose Two)

A. Layer 7 Network ID
B. Source IP
C. Application IP
D. Dynamic Firewall Importing
E. Protocol

Source
Protocol

How well did you know this?

Not at all

Perfectly

Which two features of AMP for Endpoints allow for an uploaded file to be blocked? (Choose Two)

A. application blocking
B. Simple Custom detection
C. File repository
D. exclusions
E. application whitelisting

Application Blocking
Simple Custom Detection

How well did you know this?

Not at all

Perfectly

On the Advanced tab under inline set properties, which allows interfaces to emulate a passive interface?

A. transparent inline mode
B. TAP mode
C. strict TCP enforcement
D. propagate link state

Tap mode

How well did you know this?

Not at all

Perfectly

With Cisco Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?

A. inline set
B. passive
C. routed
D. inline tap

Inline Tap

How well did you know this?

Not at all

Perfectly

What are 2 types or forms of suppression on a Firepower Policy?

A. Source
B. port
C. rule
D. protocol
E. Application

Source

Rule

How well did you know this?

Not at all

Perfectly

Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose Two)

Speed
Duplex

How well did you know this?

Not at all

Perfectly

What are two application layer preprocessors?

IMAP

SSL

How well did you know this?

Not at all

Perfectly

Which two OSPF routing features are configured in the Cisco FMC and propagted to the FTD?

Virtual Links

MD5

How well did you know this?

Not at all

Perfectly

With Cisco FTD software, which interface mode do you configure for an IPS deployment, where traffic passes through the appliance but does not require VLAN rewriting?

Routed

How well did you know this?

Not at all

Perfectly

Which two fields can be used to create a new email alert within the Cisco FMC under Policies -> Actions -> Alerts Tab?

From

Relay Host

How well did you know this?

Not at all

Perfectly

What is the disadvantage of setting up site-to-site VPN in a clustered-units enviroment?

VPN connections must be reestablished when a new master unit is elected.

How well did you know this?

Not at all

Perfectly

What are two statement about Bridge-group interfaces in FTD are true?

BGs are supported in Routed and Transparent

Each directly connectd network must be on the same subnet

How well did you know this?

Not at all

Perfectly

Which two routing protocols options are valid with Cisco FTD?

BGPv6

ECMP with a single interface

How well did you know this?

Not at all

Perfectly

Which two TCP ports can allow the CIsco FMC to communicate with FireAMP cloud for File dispostion information?

443

32137

How well did you know this?

Not at all

Perfectly

Which FP feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?

IRB

How well did you know this?

Not at all

Perfectly

Which two places can thresholding settings be configured?

On each IPS rule

Globally, per intrusion policy

How well did you know this?

Not at all

Perfectly

In which two ways do access control policies operate on a Cisco Firepower system?

Traffic inspection can be interrupted temporarily when configuration changes are deployed

They can block traffic based on Security Intelligence Data

How well did you know this?

Not at all

Perfectly

Which two types of objects re reusable and supported by FMC?

Reputation based objects that represent security intelligence

Network based objects that represent IP addresses

How well did you know this?

Not at all

Perfectly

What are two characteristics represented a Cisco device operating in TAP mode?

It analyzes copies of packets from the packet flow

The packet flow traverses the device

How well did you know this?

Not at all

Perfectly

When using AMP for network, which feature copies a file to the Cisco AMP Cloud for analysis?

Dynamic

How well did you know this?

Not at all

Perfectly

WHich command line mode is supported from the Cisco Firepower Management Center CLI?

Configuration

How well did you know this?

Not at all

Perfectly

What command is entered in the Cisco FMC CLI to generate a troubleshooting file?

sudo sf_troubleshoot.pl

How well did you know this?

Not at all

Perfectly

While configuring FTD, a network engineer wants to ensure that traffic passing through the appliance does not require routing or VLAN rewriting.

Which interface mode should the engineer implement to accomplish this task?

Inline SET

How well did you know this?

Not at all

Perfectly

Which Cisco FTD integrated routing and bridging, which interface does the bridge group use to communicate with a routed interface?

bridge virtual

A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet. How is this accomplished on an FTD device in routed mode?

By using a BVI and create a BVI IP address in the same subnet as the user segment.

A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. What technique will return the policy consistency at each location by allow only the locally significant network subnet within the applicable rules?

Create an ACP with an INSIDE_NET network object and object overrides.

An administrator is working on a migration from Cisco ASA to Cisco FTD appliance and needs to test the rules without disrupting the traffic. Which policy type should be used to configure the ASA rules during this phase of the migration?

Access Control

After using firepower for some time and learning about how it interacts with the network, an administrator is trying to correlate malicious activity with a user. Which widget should be configured to provide this visibility on the Firepower dashboards?

Custom Analysis (NOT) Correlation Events

An administrator is attempting to remotely log into a switch in the data center using SSH and is unable to connect. How does the admin confirm that the traffic is reaching the firewall?

By performing a packet capture on the firewall.

The Event dashboard within the FMC has be inundated with low priority intrusion drop events, which are overshadowing high priority events. An engineer has been tasked with reviewing the policies and reducing the low priority events. Which action should be configured to accomplish this task?

Drop Packet

An engineer is configuring a Cisco FTD appliance in IPS-only mode and needs to utilize fail-to-wire interfaces. Which interfaces mode should be used to meet these requirements?

Inline set

An engineer is troubleshooting application failures through a FTD deployment. While using the FMC CLI, it has been determined that the traffic in question is not matching the desired policy. What should be done about this?

Use the system support firewall-engine-debug command...

An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behavior. How is this accomplished?

Modify the Access Control Policy to redirect interesting traffic to the engine.

An engineer is monitoring network traffic from their sales and product development departments, which are on two separate networks. What must be configured in order to maintain data privacy for both departments?

Use a dedicated IPS inline set for each department to maintain traffic separation.

What is a characteristic of bridge groups on a Cisco FTD?

In routed firewall mode, routing between bridge groups is supported

An organization has a compliancy requirement to protect servers from clients, however, the clients and servers all reside on the same Layer 3 network. Without readdressing IP subnets for clients or servers, how is segmentation achieved?

Deploy a firewall in TRANSPARENT mode between client and servers

An organization has seen a lot of traffic congestion on their links going out to the internet. There is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving the enterprise. How is the congestion alleviated so that legitimate business traffic reaches the destination?

Create a QoS policy rate-limiting high bandwidth applications

An engineer is attempting to create a new dashboard within the Cisco FMC to have a single view with widgets from many of the other dashboards. The goal is to have a mixture of threat and security related widgets along with Cisco Firepower device health information. Which two widgets must be configured to provide this information?

Intrusion Events Appliance Status

An organization is setting up two new Cisco FTD devices to replace their current firewalls and cannot have any network downtime. During the setup process, the synchronization between the two devices is failing. What action is needed to resolve this issue?

Confirm that both devices have the same flash memory sizes.

An organization wants to secure traffic from their branch office to the headquarter building using Cisco Firepower devices. They want to ensure that their device are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements?

Configure FP devices to bypass the access control (NOT prefilter) polices for VPN traffic.

A network administrator is seeing an unknown verdict for a file detected by Cisco FTD. Which malware policy configuration option must be selected in order to further analyze the file in the Talos cloud?

Dynamic Analysis

An engineer has been tasked with providing disaster recovery for an organization's primary Cisco FMC. What must be done on the primary and secondary Cisco FMC to ensure that a copy of the original corporate policy is available if the primary Cisco FMC fails?

Configure high availability on both the primary and secondary FMC.

Refer to Exhibit [Editing Rule - Social] An organization has an access control rule with the intention of sending all social media traffic for inspection. After using the rule for some time, the administrator noticies that the traffic is not being inspected, but is being automatically allowed. What must be done?

Modify the rule action from trust to allow.

A user within an organization opened a malicious file on a workstation which in turn caused a ransomware attack on the network. What should be configured within the Cisco FMC to ensure the file is tested for viruses on a sandbox system?

Dynamic Analysis

An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is noticed that excessive and misleading events filing the database and overloading the Cisco FMC. A monitored NAT device is executing multiple updates of its operating system in a short period of time. What configuration change must be made to alleviate this issue?

Exclude load balancers and NAT devices.

A network engineer is receiving reports of users randomly getting disconnected from their corporate applications which traverses the data center FTD appliance Network monitoring tools show that the FTD appliance utilization is peaking above 90% of total capacity. What must be done in order to further analyze this issue?

Use Packet CAPTURE to collect real-time network traffic.

Which report type for PEAK season?

Risk Report

Refer to Exhibit: Evasive Appliactions

Use SSL decryption

A network administrator notices that SI events are not being updated Cisco FTD device is unable to load all the SI event entries and traffic is not being blocked as expected. What must be done to correct this issue?

Redeploy Configurations to affected devices so that additional memory is allocated to the SI module.

Which feature within the Cisco FMC web interface allows for detecting, analyzing and blocking malware in network traffic?

Cisco AMP for networks.

A network engineer wants to add a third-party threat feed into the Cisco FMC for enhanced threat detection. Which action should be taken to accomplish this goal?

Enable Threat Intelligence Director using STIX and TAXII

An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware. Which two configuration tasks must be performed to achieve this file lookup?

1.) FMC needs to include a SSL decryption policy. 2.) FMC needs to include a file inspection policy for malware lookup.

A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire. How should this be implemented?

Configure a bridge group in transparent mode.

An engineer is investigating connectivity problems on Cisco Firepower that is using service group tags. Specific devices are not being tagged correctly, which is preventing clients from using the proper policies when going through the firewall. How is this issue resolved?

use packet CAPTURE with matching criteria

An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs. Each DMZ has a unique private IP subnet range. How is this requirement satisfied?

Deploy the Firewall in routed mode With Access Control Policies.

An engineer must build redundancy into the network and traffic must continuously flow if a redundant switch in front of the firewall goes down. What must be configured to accomplish this task?

vPC on the switches to span EtherChannel on the firewall cluster.

A network administrator notices that remote access VPN users are not reachable from inside the network. It is determined that routing is configured correctly, however return traffic is entering the firewall but not leaving it. What is the reason?

A manual NAT exemption rule does not exist at the top of the NAT table.

An engineer must configure high availability for the Cisco Firepower devices. The current network topology does not allow for two devices to pass traffic concurrently. How must the devices be implemented in this environment?

In active/passive mode

When deploying a Cisco ASA firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance. Which deployment mode meets the needs of the organization?

inline tap monitor-only mode

A network administrator notices that inspection has been interrupted on all non-managed interfaces of a device. What is the cause of this?

The value of the highest MTU was assigned

Which two conditions must be met to enable HA between two FTD devices?

Same NTP configuration Same number of interfaces

An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as wall as log rule matching. Which action must be taken to meet these requirements?

Configure an IPS policy Enable per-rule logging

An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces. They are unable to gather information about neighboring Cisco devices or use multicast in their environment. What must be done to resolve this issue?

Change the Firewall mode to TRANSPARENT

An organization's HA environment where both firewalls are passing traffic, traffic must be segemented based on which department it is destined for. Each department is situated on a different LAN. What must be configured to meet these requirements?

Multi-instance Firewalls

An administration is optimizing the Cisco FTD rules to improve network performance, and wants to bypass inspection for certain traffic types to reduce the load on the FTD. Which policy must be configured to accomplish this goal?

prefilter

A company is in the process of deploying intrusion prevention with Cisco FTDs managed by a Cisco FMC. An engineer must configure policies to detect potential intrusions but not block the suspicious traffic. Which action accomplishes this task?

Configure IPS mode Uncheck 'Drop when Inline" option

An organization does not want to use the default Cisco Firepower block page when blocking HTTP traffic. The organization wants to include information about its policies and procedures to help educate the users whenever a block occurs. Which two steps must be taken?

Create HTML code Change the HTTP Response in the ACP to custom

An administrator must use Cisco FMC to install a backup route within the Cisco FTD to route traffic in case of a routing failure with primary route. Which action accomplish this task?

Create a backup route and use route tracking on both routes to a destination IP address in the network.

A network security engineer must export packet captures from the Cisco FMC web brower while troubleshooting an issue. When navigating to the address https://FMC IP/capture/CAP/pcap/test.pcap, an error 403: Forbidden is given instead of the PCAP file. Which action must the engineer take to resolve this issue?

Enable the HTTPS server for the device platform policy.

An analyst is investigating a potentially compromised endpoint within the network and pulls a host report for the endpoint in question to collect metrics and documentation. What information should be taken from this report for the investigation?

Intrusion Events Host Connections User Sessions

An engineer must investigate a connectivity issue and decides to use the packet capture feature on Cisco FTD. The goal is to see the real packet going through the Cisco FTD device and see Snort detection actions as part of the output. After the 'capture-traffic' command is issued, only the packets are displayed. Which action resolves this issue?

Use the 'capture' command and specify the trace option to get the required information.

An analyst using the security analyst account permissions is trying to view the Correlations Events Widget but is not able to access it. However, other dashboards are accessible. Why is this occurring?

The security analyst doesn't have permission

An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ. Which action should the engineer take to troubleshoot this issue using the real DNS packets?

Use the CONNECTION EVENTS dashboard to check the block reason and adjust the inspection policy as needed.

An engineer integrates Cisco FMC and Cisco ISE using pxGrid. Which role is assigned for Cisco FMC?

client

A company wants a solution to aggregate the capacity of two Cisco FTD devices to make the best use of resources such as bandwidth and connections per second. Which order of steps must be taken across the Cisco FTDs with Cisco FMC to meet this requirement?

Configure the Cisco FTD interfaces and cluster members Add members to FMC Create the cluster in Cisco FMC.

The admin noticies that there is malware present with an .exe extension and needs to verify if any of the systems on the network are running the executable file. What must be configured within the Cisco AMP for Endpoints to show this data?

Prevalence

An engineer must define a URL object on Cisco FMC. What is the correct method to specify the URL without performing SSL inspection?

Use 'Subject Common Name' value

An analyst is reviewing the Cisco FMC reports for the week. They notice that some peer-to-peer applications are being used on the network and they must identify which poses the greatest risk to the environment. Which report gives the analyst this information?

Network Risk Report

An administrator is adding a new URL-based category feed to the Cisco FMC for use within the policies. The intelligence source does not use STIX but instead uses a .txt file format. Which action ensures that regular updates are provided?

Add a URL source and select the flat file type with the Cisco FMC.

A network administrator reviews the file report for the last month and noticies that all file types, except .exe show a disposition of unknown. What is the cause of this issue?

Only Spero file analysis is enabled.

Which Firewall design allows a firewall to forward traffic at Layer 2 and Layer 3 for the same subnet? A. Cisco Firepower Threat Defense mode B. Transparent Mode C. Routed Mode D. Integrated Routing and Bridging

Cisco Firepower Threat Defense mode

An engineer is reviewing a ticket that requests to allow traffic for some devices that must connect to a server over 8699/udp. The request only mentions one IP address, 172.16.18.15, but the requestor asked for the engineer to open the port for all machines that have been trying to connect to it over the last week. Which action must the engineer take to troubleshoot this issue?

Filter the connection events by destination port 8699/udp

A security engineer is configuring a remote Cisco FTD that has limited resources and internet bandwidth. Which malware action and protection option should be configured to reduce the requirement for cloud lookups?

BLOCK MALWARE ACTION and LOCAL MALWARE ANALYSIS

An administrator receives reports that users cannot access a cloud-hosted web server. The access control policy was recently updated with several new policy additions and URL filtering. What must be done to troubleshoot the issue and restore access without sacrificing the organization's security posture?

Identify the blocked traffic on the Cisco FMC Connection Events to validate block, and modify the policy to allow the traffic to the web server.

A Cisco FTD has two physical interfaces assigned to a BVI. Each interface is connected to a different VLAN on the same switch. Which firewall mode is the Cisco FTD set up to support?

Routed

An engineer wants to connect a single IP subnet through a Cisco FTD Firewall and enforce policy. There is a requirement to present the internal IP subnet to the outside as a different IP address. What must be configured to meet these requirements?

Configure the Cisco FTD firewall in routed mode with NAT enabled.

An organization is migrating their Cisco ASA devices running in multicontext mode to Cisco FTD devices. Which action must be taken to ensure that each context on the Cisco ASA is logically separated in the Cisco FTD devices?

Add the Cisco FTD device to the Cisco ASA port channels.

A network administrator configured a NAT policy that translates a public IP address to an internal web server IP address. An Access policy has also been created that allows any source to reach the public IP address on port 80. The web server is still not reachable from the internet port 80. Which configuration change is needed?

The access policy must allow traffic to the internet web server IP address.

A security engineer found a suspicious file from an employee email address and is trying to upload it for analysis, however the upload is failing. The last registration status is still active. What is the cause for this issue?

Cisco AMP is unable to contact Threat Grid on PREMISE (not cloud)

An engineer is configuring Cisco FMC and wants to limit the time allowed for processing packets through the interface. However if the time is exceeded the configuration must allow packets to bypass detection. What must be configured on the Cisco FMC to accomplish this task?

Automatic Application Bypass

An engineer is working on a LAN switch and has noticied that its network connection to the mime Cisco IPS has gone down. Upon troubleshooting it is determined that the switch is working as expected. What must have been implemented for this failure to occur?

Link-State propagation is enabled.

A network engineer sets up a secondary Cisco FMC that is integrated with Cisco Security Packet Analyzer. What occurs when the secondary Cisco FMC sychornizes with the primary FMC?

The existing configuration for integration of the secondary FMC Packet Analyzer is overwritten

An engineer wants to change an existing transparent Cisco FTD to routed mode. The device controls traffic between two network segments. Which action is mandatory to allow hosts to reestablish communication between these two segments after the change?

Implement non-overlapping IP subnets on each segment.

An engineer installs a Cisco FTD device and wants to inspect traffic within the same subnet passing through a firewall and inspect traffic destined to the internet. Which configuration will meet this requirement?

Transparent firewall mode with multiple BVIs

A network administrator is deploying a Cisco IPS appliance and needs it to operate initially without affecting traffic flows. It must also collect data to provide a baseline of unwanted traffic before being reconfigured to drop it. Which Cisco IPS mode meets these requirements?

inline tap

A network administrator is implementing an active/passive high availability Cisco FTD pair. When adding the high availability pair, the administrator cannot select the secondary peer. What is the cause?

The second Cisco FTD is not the same model as the primary Cisco FTD.

An administrator is configuring their transparent Cisco FTD device to receive ERSPAN traffic from multiple switches on a passive port, but the Cisco FTD is not processing the traffic. What is the problem?

The Cisco FTD must be in routed mode to process ERSPAN traffic.

What is an advantage of adding multiple inline interface pairs to the same inline interface set when deploying an asynchronous routing configuration?

Allows the IPS to identify inbound and outbound traffic as part of the same traffic flow.

A network administrator cannot select the link to be used for failover when configuring an active/passive HA Cisco FTD paid. Which configuration must be changed before setting up the HA pair?

An IP address in the same subnet must be added to each Cisco FTD on the interface.

An organization recently implemented a transparent Cisco FTD in their network. They must ensure that the device does not respond to insecure TLS/SSL protocols. Which action accomplishes this task?

Use the Cisco FTD platform policy to change the minimum SSL version on the device to TLS 1.2

A network administrator is migrating from a Cisco ASA to a Cisco FTD. EIGRP is configured on the Cisco ASA but it is not available in the Cisco FMC. Which action must the administrator take to enable this feature on the Cisco FTD?

Configure EIGRP parameters using FlexConfig objects.

The CIO asks a network administrator to present to management a dashboard that shows custom analysis tables for the top DNS queries URL category statistics, and the URL reputation statistics. Which action must the admin take to quickly produce this information to management?

Create a New Dashbaord Add 3 customer analysis widgets that specify the tables needed.

A network administrator is trying to convert LDAP to LDAPS for VPN user authentication on a Cisco FTD. Which action must be taken on the Cisco FTD objects to accomplish this task?

Create a Certificate Enrollement object to get the LDAPS certificate needed.

What is the RTC workflow when the infected endpoint is identified?

Cisco FMC instructs Cisco ISE to contain the infected endpoint

Which feature is supported by IRB on Cisco FTD devices? A. Redundant Interface B. Dynamic Routing Protocol C. EtherChannel Interface D. High-Availabilty Cluster?

A. Redundant Interface

A security engineer must configure a Cisco FTD appliance to inspect traffic from the internet. The internet traffic will be mirrored from the Cisco Catalyst 9300 Switch. Which configuration accomplishes the task?

Set interface configurtation mode to passive.

Machine Learning for Malware Detection

Spero

Capture infections and polymorphic variants of a threat

Ethos

A network engineer must provide redundancy between two Cisco FTD devices. The redundancy configuration must include automatic configuration, translation, and connection updates. After the initial configuration of the two appliance, which two steps must be taken to proceed with the redundancy configuration?

Configure the standby IP address Configure the failover link with stateful properties

A network administrator registered a new FTD to an existing FMC. The adminstrator cannot place the FTD in transparent mode. Which action enables transparent mode?

Deregister the FTD device from FMC and configure transparent mode via the CLI

A security engineer must deploy a Cisco FTD appliance as a bump in the wire to detect intrusion events without disrupting the flow of network traffic. Which two features must be configured to accomplish this task?

Inline Set Pair Tap Mode

Due to an Increase malicious events, a security engineer must generate a threat report to include intrusion events, malware events, and security intelligence events. How is this information collected in a single report?

Create a custom report

An engineer attempts to pull the configuration for a Cisco FTD sensor to review with Cisco TAC but does not have direct access to the CU for the device. The CLI for the device is managed by Cisco FMC to which the engineer has access. Which action in the Cisco FMC grants access to the CLI for the device?

Use the show run all command in the Cisco FTD CLI feature within Cisco FMC

A security analyst must create a new report within the Cisco FMC to show an overview of the daily attacks, vulnerabilities, and connections. The analyst wants to reuse specific dashboards from other reports to create this consolidated one. Which action accomplishes this task?

Use the import feature in the newly created report to select which dashboards to add.

A network administrator has converted a Cisco FTD from using LDAP to LDAPS for VPN authentication. The Cisco FMC can connect to the LDAPS server, but the Cisco FTD is not connecting. Which configuration must be enabled on the Cisco FTD?

DNS servers must be defined for name resolution.

Which description of a passive interface on a Cisco Firepower NGFW is true?

Receives traffic that is specified on an NGIPS

Which Cisco deployment architectures support clustering? (Choose 2) A. Cisco Firepower Management Center B. Cisco ASAv C. Cisco Firepower Appliance (NGIPS) D. Cisco ASA with FIrewpower Services

An engineer is deploying the Cisco Firepower NGIPS for VmWare. Which two aspects are unsupported during this deployment? (Choose 2)

Returing a backup Cloning a Virtual Machine

What is a purpose of the network analysis policy on a Cisco Firepower NGIPS?

It governs how traffic is preprocessed before inspection.

Which two descriptions of a Cisco Firepower NGIPS deployment that uses an Inline Pair interface in tap mode are true?

Transit traffic can be dropped Two physical interfaces are bridged internally

Which option is the main function of Cisco Firepower impact flags?

The correlate data about intrusions and vulnerabilties

Which two tasks can the network discovery feature perform?

Host Discovery User Discovery

Which access control policy action must be selected to inspect traffic for malware using Cisco AMP for Networks?

Allow

With AMP, what is meant by simple custom detection?

It's a method for identifying and quarantining a specific file by its SHA-256

With Cisco AMP for Endpoints, which option shows a list of all files that have been executed in your environment?

Prevalence

When using Cisco Talos Threat Response, which phase of the Intelligence Cycle publishes the results of the investigation?

Dissemination

A security engineer must integrate an external feed containing STIX/TAXII data with Cisco FMC. Which feature must be enabled on the Cisco FMC to support this connection?

Threat Intelligence Director

A network administrator wants to block traffic to a known malware site at www.badsite.com, and all subdomains while ensuring no packets from any internal client are sent to that site. Which type of policy must be used?

DNS policy

An organization is configuring a new Cisco Firepower HA deployment. Which action must be taken to ensure that failover is as seamless as possible to end users?

Use a dedicated stateful link between chassis.

An engineer must deploy a Cisco FTD appliance via Cisco FMC to span a network segment to detect malware and threats. When setting the Cisco FTD interface mode, which sequence of actions meets this requirements?

Set to PASSIVE CONFIGURE an ACCESS CONTROL POLICY with INTRUSION POLICY and FILE POLICY defined.

An administrator is adding a QoS policy to a Cisco FTD deployment. When a new rule is added to the policy and QoS is applied on 'interfaces in destination interface objects', no interface objects are available. What is the problem?

QoS is only available on routed interfaces.

A Cisco FMC administrator wants to configure fastpathing of trusted network traffic to increase performance. In which type of policy would the administrator configure this feature?

Prefilter Policy

An engineer must configure the firewall to monitor traffic within a single subnet without increasing the hop count of that traffic. How would the engineer achieve this?

Configure Cisco Firepower as a transparent firewall.

What action must be taken on the Cisco FMC when a packet bypass is configured in case the Snort engine is down or a packet takes too long to process?

Enable Automatic Application Bypass

An engineer is configuring multiple Cisco FTD appliances (or use in the network. Which rule must the engineer follow while defining interface objects in Cisco FMC for use with interfaces across multiple devices?

Interface groups can contain interfaces from many devices.

An engineer is creating a URL object on Cisco FMC. How must it be configured so that the object will match for HTTPS traffic in an access control policy?

Specify the protocol to match (HTTP or HTTPS)

An engineer must configure a Cisco FMC Dashboard in a multidomain deployment. Which action must the engineer take to edit a report template from an ancestor domain?

Copy it to the current domain

What must be implemented on Cisco Firepower to allow multiple logical devices on a single physical device to have access to external hosts?

Add one shared management interface on all logical devices.

An administrator is configuring a transparent Cisco FTD device to receive ERSPAN traffic from multiple switches on a passive port but the FTD is not processing the traffic. What is the problem? A. The switches do not have Layer 3 connectivity to the FTD device for GRE traffic inspection B. The FTD must be configured with an ERSPAN port, not a passive port. C. The FTD must be in routed mode to process ERSPAN traffic. D. The swtiches were not set up with a monitor session ID

C The FTD must be in routed mode to process ERSPAN traffic.

A company is deploying intrusion protection on multiple Cisco FTD appliances managed by Cisco FMC. Which system-provided policy must be selected if speed and detection are priorities?

Balanced Security and Connectivity.

An organization is installing a new FTD appliance in the network. An engineer is tasked with configuring access between two network segemetns within the same IP subnet. Which step is needed to accomplish this task?

Assign an IP address to the Bridge Virtual Interface

When a Cisco FTD device is configured in transparent firewall mode, on which two interface types can an IP address be configured?

Diagnostic BVI

A security engineer is adding three Cisco FTD devices to a Cisco FMC. Two of the devices have successfuly registered to the Cisco FMC. The device that is unable to register is located behind a router that translates all outbound traffic to the router's WAN IP address. Which two steps are required for this device to register to the Cisco FMC?

Configure a NAT ID on both the Cisco FMC and the device Remove the IP address defined for the device in the Cisco FMC.

An engineer defines a new rules while configuring an Access Control Policy. After deploying the policy, the rule is not working as expected and the hit counters associated with the rule are showing zero. What is causing this error?

An incorrect application signature was being used in the rule.

A network administrator is configuring a site-to-site IPsec VPN to a router sitting behind a Cisco FTD. The administrator has configured an access policy to allow traffic to this device on UDP 500, 4500, and ESP. VPN traffic is not working. Which action resolves this issue?

Enable IPSec inspection on the Access Policy.

An engineer is troubleshooting HTTP traffic to a web server using the packet capture tool on Cisco FMC. When reviewing the captures, the engineer notices that there are a lot of packets that are not sourced from or destined to the web server being captured. How can the engineer reduce the strain of capturing packets for irrelevant traffic on the Cisco FTD device? A. Use the -c option to restrict the packet capture B. Redirect the packet capture output C. Use the Host filter in the packet capture D. Use an access-list with the packet capture

C use the Host Filter in the packet capture

An engineer needs to configure remote storage on Cisco FMC. Configuration backups must be available from a secure location on the network for disaster recovery. Reports need to back up to a shared location that auditors can access with their AD logins. Which strategy must the engineer use to meet these objectives?

Use SMB for both backups and reports. NOT NFS...DO NOT USE NFS.

Which Firewall design will allow it to forward traffic at Layers 2 and 3 for the same subnet? A. Cisco FTD Mode B. Transparent Mode C. Routed Mode

D. Integrated Routing and Bridging

Drag and Drop: Enable External Authentication on Cisco FMC to RADIUS - Select Authentication Method & Radius - Configure the primary and secondary servers - Select Users and External Authentication - Add External Authentication Object

1. Configure Primary and Seconday 2. Select Users 3. Add External Authentication 4. Select Authentication Method and Radius CUAS C, U ASs

Drag and Drop Deploy Multi Instance - Add a MAC Pair - Configure Interfaces - Add a HA Pair - Add a resource profile - Add a standalone FTD

A Retard & A Mormon Configure Adding a FTD to a HA Pair Add a resource Add a MAC Pool Configure Interfaces Add a Standalone FTD Add a HA Pair

A host that is flagged for a level 2 impact attack?

Host Attributes

Host is listed as CnC Connected?

Indicators of Compromise

An engineer is configuring a Cisco FTD device to place on the Finance VLAN to provide additional protection for company financial data. The device must be deployed without requiring any changes on the end user workstations, which currently use DHCP to obtain an IP address. How must the engineer deploy the device to meet this requirement?

Deploy the device in Transparent Mode Allow DHCP traffic in the access control policies

An engineer plans to reconfigure an existing Cisco FTD from transparent mode to routed mode. Which additional action must be taken to maintain communication between the two network segments?

Update the IP addressing

Network users are experiencing intermittent issues with internet access. An engineer identified that the issue is being caused by NAT exhaustion. How must the engineer change the dynamic NAT configuration to provide internet access for more users without running out of resources ?

Configure fallthrough to interface PAT

An engineer must investigate a connectivity issue from an endpoint behind a Cisco FTD device and a public DNS server. The endpoint cannot perform name resolution queries. Which action must the engineer perform to troubleshoot the issue by simulating real DNS traffic on the Cisco FTD while verifying the Snort Verdict?

Use the Capture /w Trace wizard in Cisco FMC

What is a limitation to consider when running a dynamic routing protocol on a Cisco FTD device in IRB mode?

Only nonbridge interfaces are supported.

An engineer is configuring URL filtering for a Cisco FTD Device in FMC. Users recieve warning when going to a site, with the option of continuing to the webiste if they choose to. No other websites should be blocked. Which two actions?

On the HTTP Response Page tab of the ACP editor, set the Interactive Block Response Page to system-provided Configure an AC rule that matches an URL object for 'website' and set to interactive block

An engineer is configuring a customer application detector for HTTP traffic and wants to import a file that was provided by a third party. Which type of files are advanced application detectors creates and uploaded as?

LUA Script

A network admin reviews me attack report and notices several low-impact attacks. What does this type of attack indicate?

The host is not vulnerable to those attacks.

When an engineer captures traffic on a Cisco FTD to troublehsoot connectivity problems, they recieve a large amount of output data in the GUI tool. The engineer is found that viewing the captures this way is time-consuming and difficult to son and filter. Which file type must the engineer export the data in so that it can be reviewed using a tool built for this kind of analysis?

PCAP

An Engineer must deploy a Cisco FTD device. Management wants to examine traffic without requiring network changes that will disrupt end users. Corporate security policy requires the separation of management traffic from data traffic and the use of SSH over telnet for remote administration. How must the device be deployed to meet these requirements?

In TRANSPARENT MODE with a MANAGEMENT INTERFACE

A network administrator reviews the attack risk report and notices several low-impact attacks. What does this type of attack indicate?

The attacks are not dangerous to the network

What is a limitation to consider when running a dynamic routing protocol on a Cisco Secure Firewall Threat Defense device in IRB mode?

Only nonbridge interfaces are supported.

The security engineer reviews the syslog server events of an organization and sees many outbound connections to malicious sites initated from hosts running Cisco Secure Endpoint. The hosts are on a separate network from the Cisco FTD device. Which action blocks the connections?

Add the IP addresses of the malicious sites to the access control policy on teh Cisco FMC.

An engineer has been tasked with preforming an audit of network objects to determine which objects are duplicated across the various firewall models. (FTD, ASA, MX) deployed throughout the company. Which tool will assist the engineer in performing that audit?

CDO

A network engineer is deploying a pair of Cisco Secure Firewall Threat Defense deices managed by Cisco Secure Firewall Management Center for HA. Internet access is a high priority for the business and therefore they have invested in internet circuits from two different ISPs. The requirement from the customer is that internet access must be available to their users even if one of the ISP is down. Which two features must be deployed?

Route Tracking SLA Monitor

Which two virtual environments support the HA configuration?

ESXi KVM

What additional information does the network engineer reuiqre from the server administrator to be able to make the connection to the AMP private cloud in the Cisco FMC?

Username and Password fto the AMP private cloud instance

A security engineer must create a malware and file policy on a Cisco Secure Firewall Threat Defense Device. The solution must ensure that PDF, DOCX, and XLSX files are not sent to Cisco Secure Malware Analystics. What must be configured to meet these requirements?

Local malware analysis

EVE is under what tab?

Advanced

An engineer is configuring a FTD managed by FMC. The device must have SSH enabled and be accessible from the inside interface for remote administration. What type of policy?

Access Control

What happens when two users modify a VPN policy at the same time?

Both users can edit, but the last config persists.

A network administrator is configuring a BVI interface on a routed FTD. The administrator wants to isolate traffic on the interfaces conencted to the bridge group and not have the FTD route this traffic using the routing table. What must be configured?

BVI interface must be configured for transparent mode.

Which file formate can standard reports from FMC be downloaded in?

csv

An administrator is configuring the interface of a FTD device in a passive IPS deployment. The device and interface have been identified. Which set of configurations steps must the admin perform next to complete the implementation.

Set the interface mode to passive Associate the Interface with a security zone Enable Interface Set the MTU parameter

Which two statements are valid regarding the licensing model used on Cisco Secure FTDv appliances? (Choose Two)

Licenses can be used on both physical and virtual Licenses can be used on any supported cloud platform

A company is deploying Cisco Secure FTD with IPS. What must be implemented in inline mode to pass the traffic without inspection during spikes and ensure that network traffic is kept?

Set the Snort Failsafe option

A Secure FTD is configured in inline IPS mode to inspect all traffic that passes through the interfaces in the inline set. Which setting in the inline set configuration must be selected to allow traffic to pass through uninterrupted when VDB updates are being applied?

Snort Fail Open

Which two features can be used with Cisco Secure Firewall Threat Defense remote access VPN? (Choose Two)

Enable Duo two-factor authentication using LDAPS SSL remote access VPN supports port sharing with other Cisco FTD features using SSL port 443

Which rule action is only available in Snort 3?

Alert

A company is deploying a Secure IPS device configured in inline mode with a single interface set that contains four interface pairs. Which two configurations must be implemented to allow the IPS device to uniquely identify packet flows and prevent the reporting of duplicate traffic and false positives? (Choose Two)

Set the source SPAN ports to tx only Reassign the interface pairs

An administrator configrues new threat intelligence sources and must validate that the feeds are being downloaded and that the intelligence is being used with the Cisco Firewall System. Which action accomplishes this task?

use the source status indicator to validate the usage

Security Analytics and Loss come with how many days of data retention by default?

An external vendor is reporting that they are unable to access an ordering website hosted behind a Cisco Secure Firewall Threat Defence Device. The administrator of the device wants to verify that the access policy and NAT policy are configured correctly to allow traffic from the public IP of the external vendor to TCP port 443 on the web server. Which two tools are used to verify which rules the traffic from the external vendor is matching?

Packet Capture Packet Tracer

An org create a custom application that is being flagged by AMP. The appliace must be exempt from being flagged? How?

Precalculate the hash value of the custom application and add it to the allowed applications.

An engineer is configuring a new dashboard within Secure FMC and is having tourble implementing a custom widget. What a custom analysis widget is configured, which option is mandatory for the system to display the information?

table

An engineer is configuring a Secure FTD device and wants to create a new intrusion rule based on the detection of a specific pattern in the data payload for a new zero-day exploit. Which keyword type must be used?

metadata

What is the role of realms in the Cisco ISE and FMC integration?

Cisco ISE context

A network engineer must configure IPS mode on a Secure Firewall Threat Defense device to inspect traffic and act as an IDS. The engineer already configured the passive-interface on the Secure FTD device and SPAN on the switch. What must be configured next by the engineer?

Intrusion policy on the Secure FTD device

A software development company hosts the website " " for contractors to share code for projects they are working on. What type of policy must be associated with an access control policy to enable Cisco Firewall Malware Defense to detect and block malware?

file policy

Test #2 Flashcards

(193 cards)