- (Exam Topic 5)
Refer to the exhibit.

An administrator is looking at some of the reporting capabilities for Cisco Firepower and noticed this section of the Network Risk report showing a lot of SSL activity that cloud be used for evasion. Which action will mitigate this risk?

1. A. Use SSL decryption to analyze the packets.
2. B. Use encrypted traffic analytics to detect attacks
3. C. Use Cisco AMP for Endpoints to block all SSL connection
4. D. Use Cisco Tetration to track SSL connections to servers.

Correct Answer: A

- (Exam Topic 5)
An engineer installs a Cisco FTD device and wants to inspect traffic within the same subnet passing through a firewall and inspect traffic destined to the internet.
Which configuration will meet this requirement?

1. A. transparent firewall mode with IRB only
2. B. routed firewall mode with BVI and routed interfaces
3. C. transparent firewall mode with multiple BVIs
4. D. routed firewall mode with routed interfaces only

Correct Answer: C

- (Exam Topic 5)
A hospital network needs to upgrade their Cisco FMC managed devices and needs to ensure that a disaster recovery process is in place. What must be done in order to minimize downtime on the network?

1. A. Configure a second circuit to an ISP for added redundancy
2. B. Keep a copy of the current configuration to use as backup
3. C. Configure the Cisco FMCs for failover
4. D. Configure the Cisco FMC managed devices for clustering.

Correct Answer: B

- (Exam Topic 5)
A company is in the process of deploying intrusion protection with Cisco FTDs managed by a Cisco FMC. Which action must be selected to enable fewer rules detect only critical conditions and avoid false positives?

1. A. Connectivity Over Security
2. B. Balanced Security and Connectivity
3. C. Maximum Detection
4. D. No Rules Active

Correct Answer: A

- (Exam Topic 2)
A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that will be generated. Which configuration addresses this concern?

1. A. Send Cisco FTD connection events and security events directly to SIEM system for storage and analysis.
2. B. Send Cisco FTD connection events and security events to a cluster of Cisco FMC devices for storage and analysis.
3. C. Send Cisco FTD connection events and security events to Cisco FMC and configure it to forward logs to SIEM for storage and analysis.
4. D. Send Cisco FTD connection events directly to a SIEM system and forward security events from Cisco FMC to the SIEM system for storage and analysis.

Correct Answer: C