- (Exam Topic 5)
What is the role of the casebook feature in Cisco Threat Response?

1. A. sharing threat analysts
2. B. pulling data via the browser extension
3. C. triage automaton with alerting
4. D. alert prioritization

Correct Answer: A
The casebook and pivot menu are widgets available in Cisco Threat Response. Casebook - It is used to record, organize, and share sets of observables of interest primarily during an investigation and threat analysis. You can use a casebook to get the current verdicts or dispositions on the observables.
https://www.cisco.com/c/en/us/td/docs/se curity/ces/user_guide/esa_user_guide_13-5-1/b_ESA_Admin_Guide_ces
_13-5-1/b_ESA_Admin_Guide_13-0_chapter_0110001.pdf

- (Exam Topic 5)
An engineer wants to connect a single IP subnet through a Cisco FTD firewall and enforce policy. There is a requirement to present the internal IP subnet to the outside as a different IP address. What must be configured to meet these requirements?

1. A. Configure the downstream router to perform NAT.
2. B. Configure the upstream router to perform NAT.
3. C. Configure the Cisco FTD firewall in routed mode with NAT enabled.
4. D. Configure the Cisco FTD firewall in transparent mode with NAT enabled.

Correct Answer: C

- (Exam Topic 5)
An organization wants to secure traffic from their branch office to the headquarter building using Cisco Firepower devices, They want to ensure that their Cisco Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements?

1. A. Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies
2. B. Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic
3. C. Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic.
4. D. Tune the intrusion policies in order to allow the VPN traffic through without inspection

Correct Answer: C
When you configure the Cisco Firepower devices to bypass the access control policies for VPN traffic, the devices will not inspect the VPN traffic and thus will not waste resources on it. This is the best option to ensure that the VPN traffic is not wasting resources on the Cisco Firepower devices.
Reference:
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/219759-configure-bypass-policies-on-the

- (Exam Topic 5)
An administrator receives reports that users cannot access a cloud-hosted web server. The access control policy was recently updated with several new policy additions and URL filtering. What must be done to troubleshoot the issue and restore access without sacrificing the organization's security posture?

1. A. Create a new access control policy rule to allow ports 80 and 443 to the FQDN of the web server.
2. B. Identify the blocked traffic in the Cisco FMC connection events to validate the block, and modify the policy to allow the traffic to the web server.
3. C. Verify the blocks using the packet capture tool and create a rule with the action monitor for the traffic.
4. D. Download a PCAP of the traffic attempts to verify the blocks and use the flexconfig objects to create a rule that allows only the required traffic to the destination server.

Correct Answer: B

- (Exam Topic 5)
An engineer is restoring a Cisco FTD configuration from a remote backup using the command restore remote-manager-backup location 1.1.1.1 admin /volume/home/admin BACKUP_Cisc394602314.zip on a
Cisco FMG. After connecting to the repository, an error occurred that prevents the FTD device from accepting the backup file. What is the problem?

1. A. The backup file is not in .cfg format.
2. B. The backup file is too large for the Cisco FTD device
3. C. The backup file extension was changed from tar to zip
4. D. The backup file was not enabled prior to being applied

Correct Answer: C