CCNP Security 300-710 Exam Questions and Answers PDF

Page: 2 / 18

Question 8

When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance Which deployment mode meets the needs of the organization?

Options:

inline tap monitor-only mode

passive monitor-only mode

passive tap monitor-only mode

inline mode

Question 9

Which two deployment types support high availability? (Choose two.)

Options:

transparent

routed

clustered

intra-chassis multi-instance

virtual appliance in public cloud

Question 10

What is a result of enabling Cisco FTD clustering?

Options:

For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.

Integrated Routing and Bridging is supported on the master unit.

Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.

All Firepower appliances can support Cisco FTD clustering.

Question 11

An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching. Which action must be taken to meet these requirements?