Online Access Free Cisco.300-710.v2025-09-08.q388 Practice Test (Page 50)

300-710 Exam Question 241

Refer to the exhibit. An engineer is configuring a high-availability solution that has the hardware devices and software versions:
* two Cisco Secure Firewall 9300 Security Appliances with FXOS SW 2.0(1.23)
* software Cisco Secure Firewall Threat Defense 6.0.1.1 (build 1023) on both appliances
* one Cisco Secure Firewall Management Center with SW 6.0.1.1 (build 1023) Which condition must be met to complete the high-availability configuration?

A.Both firewalls must be in transparent mode.

B.The version numbers must have the same patch number.

C.DHCP must be configured on at least one firewall interface.

D.Both firewalls must have the same number of interfaces.

300-710 Exam Question 242

Which default action setting in a Cisco FTD Access Control Policy allows all traffic from an undefined application to pass without Snort inspection?

A.Trust All Traffic

B.Network Discovery Only

C.Inherit from Base Policy

D.Intrusion Prevention

300-710 Exam Question 243

A network administrator is reviewing a packet capture. The packet capture from inside of Cisco Secure Firewall Threat Defense shows the inbound TCP traffic. However, the outbound TCP traffic is not seen in the packet capture from outside Secure Firewall Threat Defense. Which configuration change resolves the issue?

A.Route to the destination must be added.

B.Inside interface must be assigned a higher security level.

C.Packet capture must include UDP traffic.

D.Inside interface must be assigned a lower security level.

300-710 Exam Question 244

An engineer must investigate a connectivity issue from an endpoint behind a Cisco FTD device and a public DNS server. The endpoint cannot perform name resolution queries. Which action must the engineer perform to troubleshoot the issue by simulating real DNS traffic on the Cisco FTD while verifying the Snarl verdict?

A.Perform a Snort engine capture using tcpdump from the FTD CLI.

B.Use the Capture w/Trace wizard in Cisco FMC.

C.Create a Custom Workflow in Cisco FMC.

D.Run me system support firewall-engine-debug command from me FTD CLI.

Correct Answer: B

The Capture w/Trace wizard in Cisco FMC allows you to capture packets on an FTD device and trace their path through the Snort engine. This can help you troubleshoot connectivity issues from an endpoint behind an FTD device and a public DNS server, as well as verify the Snort verdict for the DNS traffic. The Capture w
/Trace wizard lets you specify the source and destination IP addresses, ports, and protocols for the packets you want to capture and trace, as well as the FTD device and interface where you want to perform the capture.
You can also apply filters to limit the capture size and duration. After you start the capture, you can ping the DNS server from the endpoint and then view the captured packets and their Snort verdicts in the FMC web interface2.
To use the Capture w/Trace wizard in Cisco FMC, you need to follow these steps2:
* In the FMC web interface, navigate to Troubleshooting > Capture/Trace.
* Click New Capture.
* Choose an FTD device from the Device drop-down list.
* Choose an interface from the Interface drop-down list.
* Enter the source and destination IP addresses, ports, and protocols for the packets you want to capture and trace. For example, if you want to capture DNS queries from an endpoint with IP address
10.1.1.100 to a DNS server with IP address 8.8.8.8, you can enter these values:
* Source IP: 10.1.1.100
* Source Port: any
* Destination IP: 8.8.8.8
* Destination Port: 53
* Protocol: UDP
* Optionally, apply filters to limit the capture size and duration. For example, you can set the maximum number of packets to capture, the maximum capture file size, or the maximum capture time.
* Click Start.
* Ping the DNS server from the endpoint and wait for some packets to be captured.
* Click Stop to stop the capture.
* Click View Capture to see the captured packets and their Snort verdicts.
The other options are incorrect because:
* Performing a Snort engine capture using tcpdump from the FTD CLI will not allow you to trace the path of the packets through the Snort engine or verify their Snort verdicts. Tcpdump is a command-line tool that can capture packets on an FTD device, but it does not provide any information about how Snort processes those packets or what actions Snort takes on them2.
* Creating a Custom Workflow in Cisco FMC will not help you troubleshoot a connectivity issue from an endpoint behind an FTD device and a public DNS server. A Custom Workflow is a user-defined set of pages that display event data in different formats, such as tables, charts, maps, and so on. A Custom Workflow does not allow you to capture or trace packets on an FTD device3.
* Running the system support firewall-engine-debug command from the FTD CLI will not allow you to simulate real DNS traffic on the FTD device or verify the Snort verdict for that traffic. The firewall- engine-debug command is a diagnostic tool that can generate synthetic packets and send them through the Snort engine on an FTD device. The synthetic packets are not real network traffic and do not affect any connections or policies on the FTD device4.

300-710 Exam Question 245

An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ. Which action should the engineer take to troubleshoot this issue using the real DNS packets?

A.Use the packet tracer tool to determine at which hop the packet is being dropped.

B.Use the show blocks command in the Threat Defense CLI tool and create a policy to allow the blocked traffic.

C.Use the packet capture tool to check where the traffic is being blocked and adjust the access control or intrusion policy as needed.

D.Use the Connection Events dashboard to check the block reason and adjust the inspection policy as needed.

Other Version: 1383Cisco.300-710.v2023-12-22.q112; 1482Cisco.300-710.v2023-05-18.q126; 1585Cisco.300-710.v2023-04-13.q122; 1940Cisco.300-710.v2022-12-28.q137; 88Cisco.Pdfdumps.300-710.v2022-06-09.by.geoff.113q.pdf; 3397Cisco.300-710.v2022-02-21.q121; 3280Cisco.300-710.v2022-01-25.q113; 111Cisco.Prepawayete.300-710.v2021-09-06.by.sebastian.108q.pdf

Latest Upload: 170NREMT.EMT.v2026-06-06.q125; 124Juniper.JN0-232.v2026-06-06.q60; 156Oracle.1D0-1057-25-D.v2026-06-03.q29; 290NAHQ.CPHQ.v2026-06-03.q396; 264CompTIA.220-1201.v2026-06-03.q196; 168GIAC.GCFE.v2026-06-03.q78; 163HIMSS.CPHIMS.v2026-06-03.q45; 254Google.Professional-Cloud-Architect.v2026-06-03.q165; 166HP.HPE7-A09.v2026-06-02.q48; 186ACDIS.CCDS-O.v2026-06-02.q56

300-710 Exam Question 241

300-710 Exam Question 242

300-710 Exam Question 243

300-710 Exam Question 244

300-710 Exam Question 245

Download PDF File