Free Access to Cisco.300-710.v2026-01-08.q393 with Valid Practice Test (Page 63)

Question 306

An engineer is configuring a Cisco Secure Firewall Threat Defence device managed by Cisco Secure Firewall Management Centre. The device must have SSH enabled and the accessible from the inside interface for remote administration. Which type of policy must the engineer configure to accomplish this?

A.Identify
B.Access control
C.Prefilter
D.Platform settings

Question 307

An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ. Which action should the engineer take to troubleshoot this issue using the real DNS packets?

A.Use the Connection Events dashboard to check the block reason and adjust the inspection policy as needed.
B.Use the packet capture tool to check where the traffic is being blocked and adjust the access control or intrusion policy as needed.
C.Use the packet tracer tool to determine at which hop the packet is being dropped.
D.Use the show blocks command in the Threat Defense CLI tool and create a policy to allow the blocked traffic.

Question 308

A network administrator is reviewing a monthly advanced malware risk report and notices a host that Is listed as CnC Connected. Where must the administrator look within Cisco FMC to further determine if this host is infected with malware?

A.Analysis > Hosts > indications of Compromise
B.Analysts > Files > Malware Events
C.Analysis > Hosts > Host Attributes
D.Analysis > Flies > Network File Trajectory

Correct Answer: A

To determine if a host is infected with malware, the network administrator can look at the Indications of Compromise (IOC) feature in Cisco FMC. The IOC feature analyzes network and endpoint data collected by Firepower sensors and AMP for Endpoints connectors, and identifies hosts that exhibit signs of compromise or infection. The IOC feature uses predefined rules based on Cisco Talos intelligence and other sources to detect IOCs on hosts. One of these rules is CnC Connected, which indicates that a host has communicated with a command-and-control (CnC) server that is known to be associated with malware activity2.
To view the IOC information for a host, the network administrator can navigate to Analysis > Hosts > Indications of Compromise in Cisco FMC, and select a host from the table. The IOC Details page will show the IOC events for that host, including the CnC Connected event, along with other information such as severity, timestamp, source, destination, protocol, and rule name. The network administrator can also view more details about each IOC event by clicking on it2.
The other options are incorrect because:
* Analysis > Files > Malware Events shows information about files that have been detected as malware by
* Firepower sensors or AMP for Endpoints connectors. This does not show information about hosts that are infected with malware or have communicated with CnC servers3.
* Analysis > Hosts > Host Attributes shows information about hosts that have been discovered by Firepower sensors, such as IP address, MAC address, operating system, applications, users, vulnerabilities, and so on. This does not show information about IOCs or CnC connections on hosts4.
* Analysis > Files > Network File Trajectory shows information about files that have traversed your network and have been detected by Firepower sensors or AMP for Endpoints connectors. This allows you to track where a file came from, where it went, and what happened to it along the way. This does not show information about hosts that are infected with malware or have communicated with CnC servers5.

Question 309

A company is deploying Cisco Secure Endpoint private cloud. The Secure Endpoint private cloud instance has already been deployed by the server administrator. The server administrator provided the hostname of the private cloud instance to the network engineer via email. What additional information does the network engineer require from the server administrator to be able to make the connection to Secure Endpoint private cloud in Cisco Secure Firewall Management Centre?

A.SSL certificate for the Secure Endpoint ornate cloud instance
B.Internet access for the Secure End point private cloud to reach the Secure Endpoint public cloud
C.Username and password to the Secure Endpoint private cloud instance
D.IP address and port number for the connection proxy

Question 310

The administrator notices that there is malware present with an .exe extension and needs to verify if any of the systems on the network are running the executable file. What must be configured within Cisco AMP for Endpoints to show this data?

A.file analysis
B.prevalence
C.vulnerable software
D.threat root cause

Question 306

Question 307

Question 308

Question 309

Question 310

Download PDF File