NEW QUESTION 1
Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running high-availability?

• A. configure high-availability resume
• B. configure high-availability disable
• C. system support network-options
• D. configure high-availability suspend

Answer: B

NEW QUESTION 2
Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD? (Choose two.)

• A. OSPFv2 with IPv6 capabilities
• B. virtual links
• C. SHA authentication to OSPF packets
• D. area boundary router type 1 LSA filtering
• E. MD5 authentication to OSPF packets

Answer: BD

NEW QUESTION 3
Which Cisco Firepower feature is used to reduce the number of events received in a period of time?

• A. rate-limiting
• B. suspending
• C. correlation
• D. thresholding

Answer: D

NEW QUESTION 4
Which limitation applies to Cisco Firepower Management Center dashboards in a multidomain environment?

• A. Child domains can view but not edit dashboards that originate from an ancestor domain.
• B. Child domains have access to only a limited set of widgets from ancestor domains.
• C. Only the administrator of the top ancestor domain can view dashboards.
• D. Child domains cannot view dashboards that originate from an ancestor domain.

Answer: D

NEW QUESTION 5
In which two places can thresholding settings be configured? (Choose two.)

• A. on each IPS rule
• B. globally, within the network analysis policy
• C. globally, per intrusion policy
• D. on each access control rule
• E. per preprocessor, within the network analysis policy

Answer: AC

NEW QUESTION 6
What is the maximum bit size that Cisco FMC supports for HTTPS certificates?

• A. 1024
• B. 8192
• C. 4096
• D. 2048

Answer: D

NEW QUESTION 7
What is a result of enabling Cisco FTD clustering?

• A. For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.
• B. Integrated Routing and Bridging is supported on the master unit.
• C. Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.
• D. All Firepower appliances can support Cisco FTD clustering.

Answer: C

NEW QUESTION 8
Which object type supports object overrides?

• A. time range
• B. security group tag
• C. network object
• D. DNS server group

Answer: C

NEW QUESTION 9
Which two remediation options are available when Cisco FMC is integrated with Cisco ISE? (Choose two.)

• A. dynamic null route configured
• B. DHCP pool disablement
• C. quarantine
• D. port shutdown
• E. host shutdown

Answer: CD

NEW QUESTION 10
Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)

• A. Redundant Interface
• B. EtherChannel
• C. Speed
• D. Media Type
• E. Duplex

Answer: CE

NEW QUESTION 11
Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)

• A. EIGRP
• B. OSPF
• C. static routing
• D. IS-IS
• E. BGP

Answer: CE

NEW QUESTION 12
Within Cisco Firepower Management Center, where does a user add or modify widgets?

• A. dashboard
• B. reporting
• C. context explorer
• D. summary tool

Answer: A

NEW QUESTION 13
Which two statements about deleting and re-adding a device to Cisco FMC are true? (Choose two.)

• A. An option to re-apply NAT and VPN policies during registration is available, so users do not need to re-apply the policies after registration is completed.
• B. Before re-adding the device in Cisco FMC, you must add the manager back in the device.
• C. No option to delete and re-add a device is available in the Cisco FMC web interface.
• D. The Cisco FMC web interface prompts users to re-apply access control policies.
• E. No option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

Answer: DE

NEW QUESTION 14
What are the minimum requirements to deploy a managed device inline?

• A. inline interfaces, security zones, MTU, and mode
• B. passive interface, MTU, and mode
• C. inline interfaces, MTU, and mode
• D. passive interface, security zone, MTU, and mode

Answer: C

NEW QUESTION 15
On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?

• A. transparent inline mode
• B. TAP mode
• C. strict TCP enforcement
• D. propagate link state

Answer: D

NEW QUESTION 16
Which two deployment types support high availability? (Choose two.)

• A. transparent
• B. routed
• C. clustered
• D. intra-chassis multi-instance
• E. virtual appliance in public cloud

Answer: AB

NEW QUESTION 17
Which two conditions are necessary for high availability to function between two Cisco FTD devices? (Choose two.)

• A. The units must be the same version
• B. Both devices can be part of a different group that must be in the same domain when configured within the FMC.
• C. The units must be different models if they are part of the same series.
• D. The units must be configured only for firewall routed mode.
• E. The units must be the same model.

Answer: AE

NEW QUESTION 18
What is the maximum SHA level of filtering that Threat Intelligence Director supports?

• A. SHA-1024
• B. SHA-4096
• C. SHA-512
• D. SHA-256

Answer: D

NEW QUESTION 19
Which Firepower feature allows users to configure bridges in routed mode and enables devices to perform Layer 2 switching between interfaces?

• A. FlexConfig
• B. BDI
• C. SGT
• D. IRB

Answer: D

NEW QUESTION 20
Which command-line mode is supported from the Cisco Firepower Management Center CLI?

• A. privileged
• B. user
• C. configuration
• D. admin

Answer: C

NEW QUESTION 21
Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked? (Choose two.)

• A. application blocking
• B. simple custom detection
• C. file repository
• D. exclusions
• E. application whitelisting

Answer: AB

NEW QUESTION 22
Which command is entered in the Cisco FMC CLI to generate a troubleshooting file?

• A. show running-config
• B. show tech-support chassis
• C. system support diagnostic-cli
• D. sudo sf_troubleshoot.pl

Answer: D

Explanation:
41 Which CLI command is used to control special handling of ClientHello messages?
A. system support ssl-client-hello-tuning
B. system support ssl-client-hello-display
C. system support ssl-client-hello-force-reset
D. system support ssl-client-hello-enabled

NEW QUESTION 23
Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)

• A. dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer 7 application protocols.
• B. reputation-based objects that represent Security Intelligence feeds and lists, application filters based on category and reputation, and file lists
• C. network-based objects that represent IP address and networks, port/protocols pairs, VLAN tags, security zones, and origin/destination country
• D. network-based objects that represent FQDN mappings and networks, port/protocol pairs, VXLAN tags, security zones and origin/destination country
• E. reputation-based objects, such as URL categories

Answer: BC

NEW QUESTION 24
......