cisco 300-710 practice test

Securing Networks with Cisco Firepower (300-710 SNCF)

Last exam update: Nov 23 ,2025
Page 1 out of 26. Viewing questions 1-15 out of 376

Question 1

What is a result of enabling Cisco FTD clustering?

  • A. For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.
  • B. Integrated Routing and Bridging is supported on the master unit.
  • C. Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.
  • D. All Firepower appliances can support Cisco FTD clustering.
Mark Question:
Answer:

C


Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/clustering_for_the_firepower_threat_defense.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

Which two conditions are necessary for high availability to function between two Cisco FTD devices?
(Choose two.)

  • A. The units must be the same version
  • B. Both devices can be part of a different group that must be in the same domain when configured within the FMC.
  • C. The units must be different models if they are part of the same series.
  • D. The units must be configured only for firewall routed mode.
  • E. The units must be the same model.
Mark Question:
Answer:

AE


Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/212699-configure-ftd-high-availability-on-firep.html

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 3

On the advanced tab under inline set properties, which allows interfaces to emulate a passive
interface?

  • A. transparent inline mode
  • B. TAP mode
  • C. strict TCP enforcement
  • D. propagate link state
Mark Question:
Answer:

D


Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

What are the minimum requirements to deploy a managed device inline?

  • A. inline interfaces, security zones, MTU, and mode
  • B. passive interface, MTU, and mode
  • C. inline interfaces, MTU, and mode
  • D. passive interface, security zone, MTU, and mode
Mark Question:
Answer:

C


Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/ips_device_deployments_and_configuration.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

What is the difference between inline and inline tap on Cisco Firepower?

  • A. Inline tap mode can send a copy of the traffic to another device.
  • B. Inline tap mode does full packet capture.
  • C. Inline mode cannot do SSL decryption.
  • D. Inline mode can drop malicious traffic.
Mark Question:
Answer:

A


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

With Cisco Firepower Threat Defense software, which interface mode must be configured to
passively receive traffic that passes through the appliance?

  • A. inline set
  • B. passive
  • C. routed
  • D. inline tap
Mark Question:
Answer:

B


Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/interface_overview_for_firepower_threat_defense.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which two deployment types support high availability? (Choose two.)

  • A. transparent
  • B. routed
  • C. clustered
  • D. intra-chassis multi-instance
  • E. virtual appliance in public cloud
Mark Question:
Answer:

AB


Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/firepower_threat_defense_high_availability.html

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 8

Which protocol establishes network redundancy in a switched Firepower device deployment?

  • A. STP
  • B. HSRP
  • C. GLBP
  • D. VRRP
Mark Question:
Answer:

A


Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/firepower_threat_defense_high_availability.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which interface type allows packets to be dropped?

  • A. passive
  • B. inline
  • C. ERSPAN
  • D. TAP
Mark Question:
Answer:

B


Explanation:
Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuring-firepower-threat-defense-int.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a
routed interface? (Choose two.)

  • A. Redundant Interface
  • B. EtherChannel
  • C. Speed
  • D. Media Type
  • E. Duplex
Mark Question:
Answer:

CE


Explanation:
https://www.cisco.com/c/en/us/td/docs/security/firepower/610/fdm/fptd-fdm-config-guide-610/fptd-fdm-interfaces.html

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 11

Which two dynamic routing protocols are supported in Firepower Threat Defense without using
FlexConfig? (Choose two.)

  • A. EIGRP
  • B. OSPF
  • C. static routing
  • D. IS-IS
  • E. BGP
Mark Question:
Answer:

BE


Explanation:
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-routing.html

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 12

Which policy rule is included in the deployment of a local DMZ during the initial deployment of a
Cisco NGFW through the Cisco FMC GUI?

  • A. a default DMZ policy for which only a user can change the IP addresses.
  • B. deny ip any
  • C. no policy rule is included
  • D. permit ip any
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

What are two application layer preprocessors? (Choose two.)

  • A. CIFS
  • B. IMAP
  • C. SSL
  • D. DNP3
  • E. ICMP
Mark Question:
Answer:

BC


Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Application_Layer_Preprocessors.html

User Votes:
A
50%
B
50%
C
50%
D
50%
E
50%
Discussions
vote your answer:
A
B
C
D
E
0 / 1000

Question 14

An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs
Each DMZ has a unique private IP subnet range. How is this requirement satisfied?

  • A. Deploy the firewall in transparent mode with access control policies.
  • B. Deploy the firewall in routed mode with access control policies.
  • C. Deploy the firewall in routed mode with NAT configured.
  • D. Deploy the firewall in transparent mode with NAT configured.
Mark Question:
Answer:

C


Explanation:
Reference:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/intro-fw.html

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

An engineer must configure high availability for the Cisco Firepower devices. The current network
topology does not allow for two devices to pass traffic concurrently. How must the devices be
implemented in this environment?

  • A. in active/active mode
  • B. in a cluster span EtherChannel
  • C. in active/passive mode
  • D. in cluster interface mode
Mark Question:
Answer:

C


User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2