- (Exam Topic 5)
Which two considerations must be made when deleting and re-adding devices while managing them via Cisco FMC (Choose two).

1. A. Before re-adding the device In Cisco FMC, the manager must be added back.
2. B. The Cisco FMC web interface prompts users to re-apply access control policies.
3. C. Once a device has been deleted, It must be reconfigured before it is re-added to the Cisco FMC.
4. D. An option to re-apply NAT and VPN policies during registration is available, so users do not need to re-apply the polices after registration is completed.
5. E. There is no option to re-apply NAT and VPN policies during registration is available, so users need to re-apply the policies after registration is completed.

Correct Answer: BE

- (Exam Topic 5)
While configuring FTD, a network engineer wants to ensure that traffic passing through the appliance does not require routing or Vlan rewriting. Which interface mode should the engineer implement to accomplish this task?

1. A. passive
2. B. transparent
3. C. Inline tap
4. D. Inline set

Correct Answer: B

- (Exam Topic 2)
Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)

1. A. The BVI IP address must be in a separate subnet from the connected network.
2. B. Bridge groups are supported in both transparent and routed firewall modes.
3. C. Bridge groups are supported only in transparent firewall mode.
4. D. Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.
5. E. Each directly connected network must be on the same subnet.

Correct Answer: BE
Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config- guide-v62/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html

- (Exam Topic 2)
A network administrator reviews the file report for the last month and notices that all file types, except exe. show a disposition of unknown. What is the cause of this issue?

1. A. The malware license has not been applied to the Cisco FTD.
2. B. The Cisco FMC cannot reach the Internet to analyze files.
3. C. A file policy has not been applied to the access policy.
4. D. Only Spero file analysis is enabled.

Correct Answer: C
A file policy defines the actions that the Cisco Firepower Threat Defense (FTD) device should take when it
encounters different types of files. The file policy is applied as part of an access control policy. If an access control policy does not include a file policy, the FTD device will not take any action on the files it encounters, resulting in a disposition of "unknown" for all file types except exe.
Reference:
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/219759-configure-bypass-policies-on-the

- (Exam Topic 5)
A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious verdict for an identified SHA-256 hash. Which configuration is needed to mitigate this threat?

1. A. Add the hash to the simple custom deletion list.
2. B. Use regular expressions to block the malicious file.
3. C. Enable a personal firewall in the infected endpoint.
4. D. Add the hash from the infected endpoint to the network block list.

Correct Answer: A