The Securing Networks with Cisco Firepower Next Generation Firewall (SSNGFW) v1.0 course shows you how to deploy and use Cisco Firepower Threat Defense system.
This course gives you knowledge and skills to use and configure Cisco Firepower Threat Defense technology, beginning with initial device setup and configuration and including routing, high availability, Cisco Adaptive Security Appliance (ASA) to Cisco Firepower Threat Defense migration, traffic control, and Network Address Translation (NAT).
This article is designed for technical professionals who need to know how to deploy and manage a Cisco Firepower NGIPS and NGFW in their network environments.
QUESTION 1 – What is a result of enabling Cisco FTD clustering?
A. For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.
B. Integrated Routing and Bridging is supported on the master unit.
C. Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.
D. All Firepower appliances can support Cisco FTD clustering.
Answer: C
QUESTION 2 – Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)
A. The units must be the same version
B. Both devices can be part of a different group that must be in the same domain when configured within the FMC.
C. The units must be different models if they are part of the same series.
D. The units must be configured only for firewall routed mode.
E. The units must be the same model.
Answer: A, E
QUESTION 3 – On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?
A. transparent inline mode
B. TAP mode
C. strict TCP enforcement
D. propagate link state
Answer: D
QUESTION 4 – What are the minimum requirements to deploy a managed device inline?
A. inline interfaces, security zones, MTU, and mode
B. passive interface, MTU, and mode
C. inline interfaces, MTU, and mode
D. passive interface, security zone, MTU, and mode
Answer: C
QUESTION 5 – What is the difference between inline and inline tap on Cisco Firepower?
A. Inline tap mode can send a copy of the traffic to another device.
B. Inline tap mode does full packet capture.
C. Inline mode cannot do SSL decryption.
D. Inline mode can drop malicious traffic.
Answer: D
QUESTION 6 – With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?
A. inline set
B. passive
C. routed
D. inline tap
Answer: B
QUESTION 7 – Which two deployment types support high availability? (Choose two.)
A. transparent
B. routed
C. clustered
D. intra-chassis multi-instance
E. virtual appliance in public cloud
Answer: A, B
QUESTION 8 – Which protocol establishes network redundancy in a switched Firepower device deployment?
A. STP
B. HSRP
C. GLBP
D. VRRP
Answer: A
QUESTION 9 – Which interface type allows packets to be dropped?
A. passive
B. inline
C. ERSPAN
D. TAP
Answer: B
QUESTION 10 – Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)
A. Redundant Interface
B. EtherChannel
C. Speed
D. Media Type
E. Duplex
Answer: C, E
QUESTION 11 – Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)
A. EIGRP
B. OSPF
C. static routing
D. IS-IS
E. BGP
Answer: C, E
QUESTION 12 – Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?
A. a default DMZ policy for which only a user can change the IP addresses.
B. deny ip any
C. no policy rule is included
D. permit ip any
Answer: C
QUESTION 13 – What are two application layer preprocessors? (Choose two.)
A. CIFS
B. IMAP
C. SSL
D. DNP3
E. ICMP
Answer: B, C
QUESTION 14 – Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)
A. OSPFv2 with IPv6 capabilities
B. virtual links
C. SHA authentication to OSPF packets
D. area boundary router type 1 LSA filtering
E. MD5 authentication to OSPF packets
Answer: B, D
QUESTION 15 – When creating a report template, how can the results be limited to show only the activity of a specific subnet?
A. Create a custom search in Firepower Management Center and select it in each section of the report.
B. Add an Input Parameter in the Advanced Settings of the report, and set the type to Network/IP.
C. Add a Table View section to the report with the Search field defined as the network in CIDR format.
D. Select IP Address as the X-Axis in each section of the report.
Answer: B
QUESTION 16 – What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?
A. VPN connections can be re-established only if the failed master unit recovers.
B. Smart License is required to maintain VPN connections simultaneously across all cluster units.
C. VPN connections must be re-established when a new master unit is elected.
D. Only established VPN connections are maintained when a new master unit is elected.
Answer: C
QUESTION 17 – Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)
A. The BVI IP address must be in a separate subnet from the connected network.
B. Bridge groups are supported in both transparent and routed firewall modes.
C. Bridge groups are supported only in transparent firewall mode.
D. Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.
E. Each directly connected network must be on the same subnet.
Answer: C, D
QUESTION 18 – Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP address 10.0.0.10, and that has the registration key Cisco123?
A. configure manager local 10.0.0.10 Cisco123
B. configure manager add Cisco123 10.0.0.10
C. configure manager local Cisco123 10.0.0.10
D. configure manager add 10.0.0.10 Cisco123
Answer: D
QUESTION 19 – Which two actions can be used in an access control policy rule? (Choose two.)
A. Block with Reset
B. Monitor
C. Analyze
D. Discover
E. Block ALL
Answer: A, B
QUESTION 20 – Which two routing options are valid with Cisco Firepower Threat Defense? (Choose two.)
A. BGPv6
B. ECMP with up to three equal cost paths across multiple interfaces
C. ECMP with up to three equal cost paths across a single interface
D. BGPv4 in transparent firewall mode
E. BGPv4 with nonstop forwarding
Answer: A, C
QUESTION 21 – Which object type supports object overrides?
A. time range
B. security group tag
C. network object
D. DNS server group
Answer: C
QUESTION 22 – Which Cisco Firepower rule action displays an HTTP warning page?
A. Monitor
B. Block
C. Interactive Block
D. Allow with Warning
Answer: C
QUESTION 23 – What is the result of specifying of QoS rule that has a rate limit that is greater than the maximum throughput of an interface?
A. The rate-limiting rule is disabled.
B. Matching traffic is not rate limited.
C. The system rate-limits all traffic.
D. The system repeatedly generates warnings.
Answer: B
QUESTION 24 – Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?
A. FlexConfig
B. BDI
C. SGT
D. IRB
Answer: D
QUESTION 25 – In which two places can thresholding settings be configured? (Choose two.)
A. on each IPS rule
B. globally, within the network analysis policy
C. globally, per intrusion policy
D. on each access control rule
E. per preprocessor, within the network analysis policy
Answer: A, C
QUESTION 26 – In which two ways do access control policies operate on a Cisco Firepower system? (Choose two.)
A. Traffic inspection can be interrupted temporarily when configuration changes are deployed.
B. The system performs intrusion inspection followed by file inspection.
C. They can block traffic based on Security Intelligence data.
D. File policies use an associated variable set to perform intrusion prevention.
E. The system performs a preliminary inspection on trusted traffic to validate that it matches the trusted parameters.
Answer: A, C
QUESTION 27 – Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)
A. dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.
B. reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists
C. network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country
D. network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country
E. reputation-based objects, such as URL categories
Answer: B, C
QUESTION 28 – What is the benefit of selecting the trace option for packet capture?
A. The option indicates whether the packet was dropped or successful.
B. The option indicated whether the destination host responds through a different path.
C. The option limits the number of packets that are captured.
D. The option captures details of each packet.
Answer: C
QUESTION 29 – After deploying a network-monitoring tool to manage and monitor networking devices in your organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which folder should you upload the MIB file?
A. /etc/sf/DCMIB.ALERT
B. /sf/etc/DCEALERT.MIB
C. /etc/sf/DCEALERT.MIB
D. system/etc/DCEALERT.MIB
Answer: C
QUESTION 30 – Which command is run at the CLI when logged in to an FTD unit, to determine whether the unit is managed locally or by a remote FMC server?
A. system generate-troubleshoot
B. show configuration session
C. show managers
D. show running-config | include manager
Answer: C
QUESTION 31 – Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface?
A. configure coredump packet-engine enable
B. capture-traffic
C. capture
D. capture WORD
Answer: B
QUESTION 32 – How many report templates does the Cisco Firepower Management Center support?
A. 20
B. 10
C. 5
D. unlimited
Answer: D
QUESTION 33 – Which action should be taken after editing an object that is used inside an access control policy?
A. Delete the existing object in use.
B. Refresh the Cisco FMC GUI for the access control policy.
C. Redeploy the updated configuration.
D. Create another rule using a different object name.
Answer: C
QUESTION 34 – Which Cisco Firepower feature is used to reduce the number of events received in a period of time?
A. rate-limiting
B. suspending
C. correlation
D. thresholding
Answer: D
QUESTION 35 – Which report template field format is available in Cisco FMC?
A. box lever chart
B. arrow chart
C. bar chart
D. benchmark chart
Answer: C
QUESTION 36 – Which group within Cisco does the Threat Response team use for threat analysis and research?
A. Cisco Deep Analytics
B. OpenDNS Group
C. Cisco Network Response
D. Cisco Talos
Answer: D
QUESTION 37 – **– Removed –**
QUESTION 38 – Which CLI command is used to generate firewall debug messages on a Cisco Firepower?
A. system support firewall-engine-debug
B. system support ssl-debug
C. system support platform
D. system support dump-table
Answer: A
QUESTION 39 – Which command-line mode is supported from the Cisco Firepower Management Center CLI?
A. privileged
B. user
C. configuration
D. admin
Answer: C
QUESTION 40 – Which command is entered in the Cisco FMC CLI to generate a troubleshooting file?
A. show running-config
B. show tech-support chassis
C. system support diagnostic-cli
D. sudo sf_troubleshoot.pl
Answer: D
QUESTION 41 – Which CLI command is used to control special handling of ClientHello messages?
A. system support ssl-client-hello-tuning
B. system support ssl-client-hello-display
C. system support ssl-client-hello-force-reset
D. system support ssl-client-hello-enabled
Answer: D
QUESTION 42 – Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high-availability?
A. configure high-availability resume
B. configure high-availability disable
C. system support network-options
D. configure high-availability suspend
Answer: B
QUESTION 43 – Which command must be run to generate troubleshooting files on an FTD?
A. system support view-files
B. sudo sf_troubleshoot.pl
C. system generate-troubleshoot all
D. show tech-support
Answer: B
QUESTION 44 – When do you need the file-size command option during troubleshooting with packet capture?
A. when capture packets are less than 16 MB
B. when capture packets are restricted from the secondary memory
C. when capture packets exceed 10 GB
D. when capture packets exceed 32 MB
Answer: D
QUESTION 45 – What is a functionality of port objects in Cisco FMC?
A. to mix transport protocols when setting both source and destination port conditions in a rule
B. to represent protocols other than TCP, UDP, and ICMP
C. to represent all protocols in the same way
D. to add any protocol other than TCP or UDP for source port conditions in access control rules.
Answer: B
QUESTION 46 – Within Cisco Firepower Management Center, where does a user add or modify widgets?
A. dashboard
B. reporting
C. context explorer
D. summary tool
Answer: A
QUESTION 47 – A network engineer is configuring URL Filtering on Firepower Threat Defense. Which two port requirements on the Firepower Management Center must be validated to allow communication with the cloud service? (Choose two.)
A. outbound port TCP/443
B. inbound port TCP/80
C. outbound port TCP/8080
D. inbound port TCP/443
E. outbound port TCP/80
Answer: A, E
QUESTION 48 – What is the maximum bit size that Cisco FMC supports for HTTPS certificates?
A. 1024
B. 8192
C. 4096
D. 2048
Answer: D
QUESTION 49 – Which limitation applies to Cisco Firepower Management Center dashboards in a multidomain environment?
A. Child domains can view but not edit dashboards that originate from an ancestor domain.
B. Child domains have access to only a limited set of widgets from ancestor domains.
C. Only the administrator of the top ancestor domain can view dashboards.
D. Child domains cannot view dashboards that originate from an ancestor domain.
Answer: D
QUESTION 50 – Which two statements about deleting and re-adding a device to Cisco FMC are true? (Choose two.)
A. An option to re-apply NAT and VPN policies during registration is available, so users do not need to re-apply the policies after registration is completed.
B. Before re-adding the device in Cisco FMC, you must add the manager back in the device.
C. No option to delete and re-add a device is available in the Cisco FMC web interface.
D. The Cisco FMC web interface prompts users to re-apply access control policies.
E. No option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.
Answer: D, E
QUESTION 51 – What is a behavior of a Cisco FMC database purge?
A. User login and history data are removed from the database if the User Activity check box is selected.
B. Data can be recovered from the device.
C. The appropriate process is restarted.
D. The specified data is removed from Cisco FMC and kept for two weeks.
Answer: C
QUESTION 52 – Which two packet captures does the FTD LINA engine support? (Choose two.)
A. Layer 7 network ID
B. source IP
C. application ID
D. dynamic firewall importing
E. protocol
Answer: B, E
QUESTION 53 – Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked? (Choose two.)
A. application blocking
B. simple custom detection
C. file repository
D. exclusions
E. application whitelisting
Answer: A, B
QUESTION 54 – Which action should you take when Cisco Threat Response notifies you that AMP has identified a file as malware?
A. Add the malicious file to the block list.
B. Send a snapshot to Cisco for technical support.
C. Forward the result of the investigation to an external threat-analysis engine.
D. Wait for Cisco Threat Response to automatically block the malware.
Answer: A
QUESTION 55 – Which Cisco Advanced Malware Protection for Endpoints policy is used only for monitoring endpoint actively?
A. Windows domain controller
B. audit
C. triage
D. protection
Answer: B
QUESTION 56 – What is a valid Cisco AMP file disposition?
A. non-malicious
B. malware
C. known-good
D. pristine
Answer: B
QUESTION 57 – In a Cisco AMP for Networks deployment, which disposition is returned if the cloud cannot be reached?
A. unavailable
B. unknown
C. clean
D. disconnected
Answer: A
QUESTION 58 – Which two remediation options are available when Cisco FMC is integrated with Cisco ISE? (Choose two.)
A. dynamic null route configured
B. DHCP pool disablement
C. quarantine
D. port shutdown
E. host shutdown
Answer: C, D
QUESTION 59 – Which connector is used to integrate Cisco ISE with Cisco FMC for Rapid Threat Containment?
A. pxGrid
B. FTD RTC
C. FMC RTC
D. ISEGrid
Answer: A
QUESTION 60 – What is the maximum SHA level of filtering that Threat Intelligence Director supports?
A. SHA-1024
B. SHA-4096
C. SHA-512
D. SHA-256
Answer: D
You may also like:- Top 30 Linux Questions (MCQs) with Answers and Explanations
- 75 Important Cybersecurity Questions (MCQs with Answers)
- 260 One-Liner Information Security Questions and Answers for Fast Learning
- Top 20 HTML5 Interview Questions with Answers
- 80 Most Important Network Fundamentals Questions With Answers
- 100 Most Important SOC Analyst Interview Questions
- Top 40 Cyber Security Questions and Answers
- Top 10 React JS Interview Theory Questions and Answers
- CISSP – Practice Test Questions – 2024 – Set 20 (53 Questions)
- Part 2: Exploring Deeper into CCNA – Wireless (145 Practice Test Questions)