Mastering Firepower 7.0 Course Pre-Quiz

CCIE Mastering Cisco Secure Firewall Management Center (MC) and Secure Firewall Threat Defense (TD) 7.0 0.0: CCIE Mastering Cisco Secure Firewall Management Center (MC) and Secure Firewall Threat Defense (TD) 7.0 Mastering Firepower 7.0 Course Pre-Quiz

Time limit: 0

Quiz Summary

0 of 10 Questions completed

Questions:

Information

You have already completed the quiz before. Hence you can not start it again.

Quiz is loading…

You must sign in or sign up to start the quiz.

You must first complete the following:

Results

Quiz complete. Results are being recorded.

Results

0 of 10 Questions answered correctly

Your time:

Time has elapsed

You have reached 0 of 0 point(s), (0)

Earned Point(s): 0 of 0, (0)
0 Essay(s) Pending (Possible Point(s): 0)

Categories

Not categorized 0%

Current
Review
Answered
Correct
Incorrect

Question 1 of 10

1. Question
In a Cisco Firepower intrusion policy, which two event actions can be configured on a rule? (Choose two)
- Drop packet
- Drop and generate
- Drop connection
- Capture trigger packet
- Generate events
Correct

Incorrect
Question 2 of 10

2. Question
Given the Cisco Firepower Threat Defense CLI, which command would be issued to capture all traffic destined to hit a specific interface?
- Configure coredump packet-engine enable
- Capture WORD
- Capture-traffic
- Capture
Correct

Incorrect

Question 3 of 10

3. Question

Drag and drop the Firepower Next Generation Intrusion Prevention System detectors from the right onto the correct definitions on the left.

Sort elements

Distributed PortScan
Port Sweep
Decoy PortScan
PortScan Detection

Many-to-one PortScan in which hosts query a single host for open ports.

One-to-many port sweep. An attacker against one or more hosts to scan a single port on multiple target hosts

One-to-one PortScan. Attacker mixes spoofed source IP addresses with the actual scanning IP address

One-to-one PortScan. An attacker against one or more hosts to scan one or more ports.

Correct

Incorrect

Question 4 of 10

4. Question

Match the Firepower Next Generation Intrusion Prevention System detectors to the correct definitions.

Sort elements

Distributed PortScan
Port Sweep
Decoy PortScan
PortScan Detection

Many-to-one PortScan in which hosts query a single host for open ports.

One-to-many port sweep. An attacker against one or more hosts to scan a single port on multiple target hosts.

One-to-one PortScan. Attacker mixes spoofed source IP addresses with the actual scanning IP address.

One-to-one PortScan. An attacker against one or more hosts to scan one or more ports.

Correct

Incorrect

Question 5 of 10

5. Question
What are the two remediation options available when the Cisco Firepower Management Console is integrated into the Cisco ISE? (Choose two)
- Dynamic null route configured
- Port shutdown
- Host shutdown
- DHCP pool distribution
- Quarantine
Correct

Incorrect
Question 6 of 10

6. Question
What are two ways access control policies operate on a Cisco Firepower system? (Choose two)
- They can block traffic based on Security Intelligence data.
- The system performs intrusion prevention followed by file inspection.
- File policies use an associated variable set to perform intrusion prevention.
- The system performs a preliminary inspection based on trusted traffic to validate it matches trusted parameters.
- Traffic inspection can be interrupted temporarily when configuration changes are deployed.
Correct

Incorrect
Question 7 of 10

7. Question
When creating an SSL policy on Cisco Firepower, which three options do you have?
- do not decrypt
- trust
- allow
- block with reset
- block
- encrypt
Correct

Incorrect
Question 8 of 10

8. Question
A network engineer is configuring URL Filtering on Cisco FTD. Which of the following two port requirements on the Firepower Management Console must be available to allow communication with a CSP (cloud service provider)? (Choose two)
- Inbound port TCP/80
- Outbound port TCP/80
- Inbound port TCP/443
- Outbound port TCP/443
- Outbound port TCP/8080
Correct

Incorrect
Question 9 of 10

9. Question
In a Cisco Firepower Threat Defense access control policy rule, which of the following two actions are valid?
- Monitor
- Block
- Discover
- Stipulate
- Block with reset
Correct

Incorrect
Question 10 of 10

10. Question
What is the result of enabling Cisco Firepower Threat Defense clustering?
- For the dynamic routing feature, if the master unit fails, the newly elected master maintains all existing connections.
- Integrated routing and bridging is supported on the master unit.
- Site-to-site VPN functionality is limited to the master unit and all VPN connections are dropped if the master unit fails.
- All Firepower appliances can support Cisco FTD clustering.
Correct

Incorrect

Quiz Summary

Information

Results

Results

Categories

1. Question

2. Question

3. Question

Sort elements

4. Question

Sort elements

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question