Jump to content
samooel

300-710 sncf passing dump

Recommended Posts

anyone doing 300-715 exam and want to group study please pm. let us target ccie seuciryt lab also next year

  • Like 5

Share this post


Link to post
Share on other sites
18 hours ago, roohin said:

Hi Samooel,

What was your score, I can see some wrong answers in this.

Thanks,

Roohin.

hi roohin. yes is wrong answers. my score was low 84x. you can share correction here. it will help other forum members and discuss with them also. good luck for your exam

  • Like 2

Share this post


Link to post
Share on other sites
26 minutes ago, samooel said:

hi roohin. yes is wrong answers. my score was low 84x. you can share correction here. it will help other forum members and discuss with them also. good luck for your exam

Did you use that file for exam? We can review all question and correct it.

  • Like 2

Share this post


Link to post
Share on other sites
14 minutes ago, samooel said:

hi roohin. yes is wrong answers. my score was low 84x. you can share correction here. it will help other forum members and discuss with them also. good luck for your exam

In my opinion:

Q2. Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high-availability?

If you suspend high availability from the active unit, the configuration is suspended on both the active and standby unit. If you suspend it from the standby unit, it is suspended on the standby unit only, but the active unit will not attempt to fail over to a suspended unit.

Answer: configure high-availability suspend

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

Q3. Which command must be run to generate troubleshooting files on an FTD?

Firepower Management Center

Enter this command on the Firepower Management Center in order to generate a troubleshoot file:

[email protected]:~$ sudo sf_troubleshoot.pl

Starting /usr/local/sf/bin/sf_troubleshoot.pl...
Please, be patient.  This may take several minutes.

Troubleshooting information successfully created at /var/common/xxxxxx.tar.gz

Firepower Devices

Enter this command on FirePOWER devices/modules and virtual managed devices in order to generate a troubleshoot file:

> system generate-troubleshoot all

Starting /usr/local/sf/bin/sf_troubleshoot.pl...
Please, be patient.  This may take several minutes.
The troubleshoot option code specified is ALL.
Troubleshooting information successfully created at /var/common/xxxxxx.tar.gz

Answer: system generate-troubleshoot all

Q36. Which two dynamic routing protocols are supported in FTD without using FlexConfig?

 

Hidden Content

    Give reaction to this post to see the hidden content.

Answer: BGP and OSPF

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

  • Like 38
  • Thanks 8

Share this post


Link to post
Share on other sites

Q45. Which two statements about bridge-group interfaces in Cisco FTD are true?

Hidden Content

    Give reaction to this post to see the hidden content.

Guidelines for Firewall Mode 

Bridge Group Guidelines (Transparent Mode) 

  • You can create up to 250 bridge groups, with 4 interfaces per bridge group. 
  • Each directly-connected network must be on the same subnet. 
  • The Firepower Threat Defense device does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported. 
  • For IPv4, an IP address for the BVI is required for each bridge group for both management traffic and for traffic to pass through the Firepower Threat Defense device. IPv6 addresses are supported, but not required for the BVI. 
  • You can only configure IPv6 addresses manually. 
  • The BVI IP address must be on the same subnet as the connected network. You cannot set the subnet to a host subnet (255.255.255.255). 
  • Management interfaces are not supported as bridge group members. 
  • In transparent mode, you must use at least 1 bridge group; data interfaces must belong to a bridge group. 
  • In transparent mode, do not specify the BVI IP address as the default gateway for connected devices; devices need to specify the router on the other side of the Firepower Threat Defense device as the default gateway. 
  • In transparent mode, the default route, which is required to provide a return path for management traffic, is only applied to management traffic from one bridge group network. This is because the default route specifies an interface in the bridge group as well as the router IP address on the bridge group network, and you can only define one default route. If you have management traffic from more than one bridge group network, you need to specify a regular static route that identifies the network from which you expect management traffic. 
  • In transparent mode, PPPoE is not supported for the Diagnostic interface. 
  • Bidirectional Forwarding Detection (BFD) echo packets are not allowed through the FTD when using bridge group members. If there are two neighbors on either side of the FTD running BFD, then the FTD will drop BFD echo packets because they have the same source and destination IP address and appear to be part of a LAND attack. 

 

Answer:

Bridge groups are supported in both transparent and routed firewall modes.

 

Each directly connected network must be on the same subnet.

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

Q60. What is the benefit of selecting the the trace option for packet capture?

Tracing a real packet can be very useful to troubleshoot connectivity issues. It allows you to see all the internal checks that a packet goes through. Add the trace detail keywords and specify the amount of packets that you want to be traced. By default, the FTD traces the first 50 ingress packets.

In this case, enable capture with trace detail for the first 100 packets that FTD receives on INSIDE interface:

> capture CAPI2 interface INSIDE trace detail trace-count 100 

„Packet capture is available with the trace option, which provides you with a verdict as to whether the packet is dropped or successful.”

Answer: The option indicates whether the packet was dropped or successful.

Hidden Content

    Give reaction to this post to see the hidden content.

Q75. An engineer has been asked to show application usages automatically on a monthly basis and send the information to management. What mechanisam should be used to accomplish this task?

Hidden Content

    Give reaction to this post to see the hidden content.

Answer: Reports

Hidden Content

    Give reaction to this post to see the hidden content.

82. An engineer is configuring a second Cisco FMC as a standby device but is unable to register with the active unit.  What is causing this issue?

Hidden Content

    Give reaction to this post to see the hidden content.

Answer: The code versions running on the Cisco FMC devices are different

 

 

Edited by roohin
  • Like 31
  • Thanks 10
  • Sad 1

Share this post


Link to post
Share on other sites

Thanks Samooel and Roohin, just cleared the exam , score 84x , overview of FTD and this file is good to clear the exam

  • Like 1

Share this post


Link to post
Share on other sites
On 11/29/2020 at 8:11 PM, CiscoTree said:

Did you use that file for exam? We can review all question and correct it.

yes i used that file. it is safe to attempt and pass

Share this post


Link to post
Share on other sites
2 hours ago, arr said:

Thanks Samooel and Roohin, just cleared the exam , score 84x , overview of FTD and this file is good to clear the exam

congrats bro. happy to have help

Share this post


Link to post
Share on other sites
On 11/29/2020 at 8:27 PM, roohin said:

Q45. Which two statements about bridge-group interfaces in Cisco FTD are true?

Hidden Content

    Give reaction to this post to see the hidden content.

Guidelines for Firewall Mode 

Bridge Group Guidelines (Transparent Mode) 

  • You can create up to 250 bridge groups, with 4 interfaces per bridge group. 
  • Each directly-connected network must be on the same subnet. 
  • The Firepower Threat Defense device does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported. 
  • For IPv4, an IP address for the BVI is required for each bridge group for both management traffic and for traffic to pass through the Firepower Threat Defense device. IPv6 addresses are supported, but not required for the BVI. 
  • You can only configure IPv6 addresses manually. 
  • The BVI IP address must be on the same subnet as the connected network. You cannot set the subnet to a host subnet (255.255.255.255). 
  • Management interfaces are not supported as bridge group members. 
  • In transparent mode, you must use at least 1 bridge group; data interfaces must belong to a bridge group. 
  • In transparent mode, do not specify the BVI IP address as the default gateway for connected devices; devices need to specify the router on the other side of the Firepower Threat Defense device as the default gateway. 
  • In transparent mode, the default route, which is required to provide a return path for management traffic, is only applied to management traffic from one bridge group network. This is because the default route specifies an interface in the bridge group as well as the router IP address on the bridge group network, and you can only define one default route. If you have management traffic from more than one bridge group network, you need to specify a regular static route that identifies the network from which you expect management traffic. 
  • In transparent mode, PPPoE is not supported for the Diagnostic interface. 
  • Bidirectional Forwarding Detection (BFD) echo packets are not allowed through the FTD when using bridge group members. If there are two neighbors on either side of the FTD running BFD, then the FTD will drop BFD echo packets because they have the same source and destination IP address and appear to be part of a LAND attack. 

 

Answer:

Bridge groups are supported in both transparent and routed firewall modes.

 

Each directly connected network must be on the same subnet.

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

Q60. What is the benefit of selecting the the trace option for packet capture?

Tracing a real packet can be very useful to troubleshoot connectivity issues. It allows you to see all the internal checks that a packet goes through. Add the trace detail keywords and specify the amount of packets that you want to be traced. By default, the FTD traces the first 50 ingress packets.

In this case, enable capture with trace detail for the first 100 packets that FTD receives on INSIDE interface:

> capture CAPI2 interface INSIDE trace detail trace-count 100 

„Packet capture is available with the trace option, which provides you with a verdict as to whether the packet is dropped or successful.”

Answer: The option indicates whether the packet was dropped or successful.

Hidden Content

    Give reaction to this post to see the hidden content.

Q75. An engineer has been asked to show application usages automatically on a monthly basis and send the information to management. What mechanisam should be used to accomplish this task?

Hidden Content

    Give reaction to this post to see the hidden content.

Answer: Reports

Hidden Content

    Give reaction to this post to see the hidden content.

82. An engineer is configuring a second Cisco FMC as a standby device but is unable to register with the active unit.  What is causing this issue?

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

Answer: The code versions running on the Cisco FMC devices are different

 

 

i will review the correction and reply later. ty

  • Like 25
  • Thanks 4

Share this post


Link to post
Share on other sites
4 hours ago, samooel said:

correction by @roohin is correction. 

Q2 - D
Q3 - C
Q36 - BE
Q45 - BE
Q60 - A
Q75 - B
Q82 - B

 

what do you think of q80?

My thought was system support firewall-engine-debug but I am not sure tbh


Troubleshoot

With the firewall-engine-debug command you can confirm whether traffic flow is evaluated against the proper Access Control rule: 



 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...