- (Exam Topic 4)
What is a valid Cisco AMP file disposition?

1. A. non-malicious
2. B. malware
3. C. known-good
4. D. pristine

Correct Answer: B
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide- v60/Reference_a_wrapper_Chapter_topic_here.html

- (Exam Topic 5)
A network administrator discovers that a user connected to a file server and downloaded a malware file. The Cisc FMC generated an alert for the malware event, however the user still remained connected. Which Cisco APM file rule action within the Cisco FMC must be set to resolve this issue?

1. A. Detect Files
2. B. Malware Cloud Lookup
3. C. Local Malware Analysis
4. D. Reset Connection

Correct Answer: D

- (Exam Topic 5)
Which action must be taken on the Cisco FMC when a packet bypass is configured in case the Snort engine is down or a packet takes too long to process?

1. A. Enable Inspect Local Router Traffic
2. B. Enable Automatic Application Bypass
3. C. Configure Fastpath rules to bypass inspection
4. D. Add a Bypass Threshold policy for failures

Correct Answer: B

- (Exam Topic 5)
A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet How is this accomplished on an FTD device in routed mode?

1. A. by leveraging the ARP to direct traffic through the firewall
2. B. by assigning an inline set interface
3. C. by using a BVI and create a BVI IP address in the same subnet as the user segment
4. D. by bypassing protocol inspection by leveraging pre-filter rules

Correct Answer: C
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/trans

- (Exam Topic 1)
Which policy rule is included in the deployment of a local DMZ during the initial deployment of a Cisco NGFW through the Cisco FMC GUI?

1. A. a default DMZ policy for which only a user can change the IP addresses.
2. B. deny ip any
3. C. no policy rule is included
4. D. permit ip any

Correct Answer: C