cisco 300-710 practice test

Question 1 Topic 4

Topic 4
The administrator notices that there is malware present with an .exe extension and needs to verify if any of the systems on
the network are running the executable file. What must be configured within Cisco AMP for Endpoints to show this data?

• A. vulnerable software
• B. file analysis
• C. threat root cause
• D. prevalence

Answer:

B

Question 2 Topic 4

Topic 4
A company wants a solution to aggregate the capacity of two Cisco FTD devices to make the best use of resources such as
bandwidth and connections per second. Which order of steps must be taken across the Cisco FTDs with Cisco FMC to meet
this requirement?

• A. Add members to the Cisco FMC, configure Cisco FTD interfaces, create the cluster in Cisco FMC, and configure cluster members in Cisco FMC
• B. Add members to Cisco FMC, configure Cisco FTD interfaces in Cisco FMC, configure cluster members in Cisco FMC, create cluster in Cisco FMC, and configure cluster members in Cisco FMC
• C. Configure the Cisco FTD interfaces, add members to FMC, configure cluster members in FMC, and create cluster in Cisco FMC
• D. Configure the Cisco FTD interfaces and cluster members, add members to Cisco FMC, and create the cluster in Cisco FMC

Answer:

D

Question 3 Topic 4

Topic 4
An engineer integrates Cisco FMC and Cisco ISE using pxGrid. Which role is assigned for Cisco FMC?

• A. server
• B. controller
• C. publisher
• D. client

Answer:

D

Explanation:

It must be Subscriber.
Reference: https://www.ciscopress.com/articles/article.asp?p=2963461&seqNum=2

Question 4 Topic 4

Topic 4
A network administrator is concerned about the high number of malware files affecting users machines. What must be done
within the access control policy in Cisco FMC to address this concern?

• A. Create an intrusion policy and set the access control policy to block
• B. Create an intrusion policy and set the access control policy to allow
• C. Create a file policy and set the access control policy to allow
• D. Create a file policy and set the access control policy to block

Answer:

D

Question 5 Topic 4

Topic 4
A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-
256 hash. Which configuration is needed to mitigate this threat?

• A. Add the hash to the simple custom detection list
• B. Use regular expressions to block the malicious file
• C. Enable a personal firewall in the infected endpoint
• D. Add the hash from the infected endpoint to the network block list

Answer:

A

Question 6 Topic 4

Topic 4
A network engineer wants to add a third-party threat feed into the Cisco FMC for enhanced threat detection. Which action
should be taken to accomplish this goal?

• A. Enable Rapid Threat Containment using REST APIs.
• B. Enable Rapid Threat Containment using STIX and TAXII.
• C. Enable Threat Intelligence Director using REST APIs.
• D. Enable Threat Intelligence Director using STIX and TAXII.

Answer:

D

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-
v623/cisco_threat_intelligence_director__tid_.html

Question 7 Topic 4

Topic 4
An engineer has been tasked with using Cisco FMC to determine if files being sent through the network are malware. Which
two configuration tasks must be performed to achieve this file lookup? (Choose two.)

• A. The Cisco FMC needs to include a SSL decryption policy.
• B. The Cisco FMC needs to connect to the Cisco AMP for Endpoints service.
• C. The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for sandboxing.
• D. The Cisco FMC needs to connect with the FireAMP Cloud.
• E. The Cisco FMC needs to include a file inspection policy for malware lookup.

Answer:

C E

Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-
v60/Reference_a_wrapper_Chapter_topic_here.html#ID-2193-00000296

Question 8 Topic 4

Topic 4
A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisco FMC
generated an alert for the malware event, however the user still remained connected. Which Cisco AMP file rule action within
the Cisco FMC must be set to resolve this issue?

• A. Malware Cloud Lookup
• B. Reset Connection
• C. Detect Files
• D. Local Malware Analysis

Answer:

A

Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-
user-guide-v541/AMP-Config.pdf

Question 9 Topic 4

Topic 4
Which feature within the Cisco FMC web interface allows for detecting, analyzing, and blocking malware in network traffic?

• A. intrusion and file events
• B. Cisco AMP for Networks
• C. file policies
• D. Cisco AMP for Endpoints

Answer:

B

Question 10 Topic 4

Topic 4
What is a feature of Cisco AMP private cloud?

• A. It disables direct connections to the public cloud.
• B. It supports security intelligence filtering.
• C. It support anonymized retrieval of threat intelligence.
• D. It performs dynamic analysis.

Answer:

D

Explanation:
Reference:
https://www.cisco.com/c/en/us/products/collateral/security/fireamp-private-cloud-virtual-appliance/datasheet-c78-
742267.html