Share your IPS v7.0 Experience

Another one

Which two options are important faeature differences between FirePower and WSA ?
A. only FirePower NGFW has contextual awareness.
B. only FirePower NGFW the the ability to gather intelligence.
C. only FirePower NGFW can detect suspicous email activity
D. only FirePower NGFW support user flow and contect analysis
E. only FirePower NGFW supports remediation policy actions with pxGrid
Correct Answer: BD

Not sure about this answer.

@Cioby

An engineer has a remote site with an ISR G2 to connect to the corporate network. A request is received to
install Cisco Web Security Connector to enable content scanning. Which connectivity method requires split
tunneling to enable content scanning feature?
A. DMVPN
B. GET VPN
C. Flex VPN
D. VPLS
E. MPLS

Answer is: E

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_cws/configuration/15-mt/sec-data-cws-15-mt-book.pdf

Passed yesterday 9xx

I did the exam 2 times and I’ll share the guide that I used, some questions have reference and other it doesn’t but I searched 1 per 1 using information shared here (sectut) just like 8 Qs I can’t find why the answer so I selected answer other memebers. File doesn’t include Lab information but you can find on gio’s dump or some other member here

https://gofile.io/?c=GlM6cZ

Thanks for sharing

@Anonymous: Congratulations and Thanks for sharing the info and much appreciated

@Moni: check out the link shared by Anonymous above as it contains the new D&D in it. The question number is 222 in the shared doc.

Which SSL decryption policy can be used to protect HTTPS servers from external traffic?
a. Decrypt Re-Sign
b. Enable SSL Decryption
c. Block
d. Decrypt Known Key
Answer: D but correct ans is A

https://**www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-ssl-decryption.html

@Anonymous congratulations and thank so much
@Wild_Wolf thank you so much

Does anyone have issue in scheduling the exam in Pearson Vue, i’m getting an error saying “The exam you selected is not available for delivery at this test center” for all the centres.

@Wild_Wolf
Which SSL decryption policy can be used to protect HTTPS servers from external traffic?
a. Decrypt Re-Sign
b. Enable SSL Decryption
c. Block
d. Decrypt Known Key

Correct answer is D not A

In the document you linked it literally says : “The main purpose of decrypting with a known key is to decrypt traffic heading to your HTTPS server to protect your servers from external attacks”

It couldn’t be more clear than that.,

@GGQQBB: the key point is word “external” for external website you can’t decrypt using known key. if you own the domain then you can use known key

@Wild Wolf
It nowhere says external website,what are you talking about ?
It specifically says “external TRAFFIC”
the question is assuming that you OWN the servers and try to protect them from external traffic

“The main purpose of decrypting with a known key is to decrypt traffic heading to your HTTPS server to protect your servers from external attacks. For inspecting client side traffic to external HTTPS sites, you must use decrypt re-sign as you do not own the servers.”

to sum up
When you own the servers ->decrypt Known-key
when you own the client but not the server -> Decrypt re-sign

@wild_wolf, Since last week centers availability was super low. I guess many people is having exams prior Feb24. I scheduled my exam since last week, and the latest available date was Feb13th. i’m having my exam today.

if you see the error “The exam you selected is not available for delivery at this test center” try to select a different test center or a different date. There is an option to compare availability by selecting upto 3 centers at the same time. hurry up

@GGQQBB: Yup you’re right, i will stick to answer D

@velvet revolver: Thanks mate, after trying for multiple hours, one spot had come up and i have booked it for Monday now.. checked 6 centres and had no availability in Feb at all not sure if anyone will face the same issue.. better to schedule ASAP!!

By the way how did your exam go ?

QUESTION 213
which ESA deployment mode is most appropriate for an environment in which data must reside on-site and management prefers the lowest-cost
solution?
A. virtual
B. cloud
C. physical
D. hybrid
Correct Answer: D

Any take on this? Having trouble finding references to these types of questions. “lowest-cost” seems hard to define..

For me “A: Virtual” seems most appropriate for on-site/low cost, provided you have a data center to run it in.. Or am I wrong on that?

@Yoda
Physical is the most expensive solution so its straight a no
Furthermore:
“The hybrid solution gives you advanced outbound control of sensitive messages onsite while enabling you to take
advantage of the cost-effective convenience of the cloud.”
It’s not very clear but i would go with hybrid. i am not 100% sure tho cause virtual looks also good
Unfortunately there is not enough documentation to cover that topic.

@yoda
It looks D to me:
Cisco Hybrid Email Security is a unique service offering that combines a cloud-based email security
deployment with an appliance-based email security deployment (on premises) to provide maximum choice and control for your organization.

@GGQQBB and FK
Great, thanks for the feedback.

Thinking it over I suppose email i its essence can’t be kept only on-prem. And with your quotes it seems like hybrid is what Cisco wants us to go for.

Hi guys,

First of all: great community and thanks for all the sharing!

can anybody share their recent test experience? Is the cisco.300-210.Gio.v3.275q dump valid and enough or do you actually need the 500+ questions premium exams (with a lot of errors in them?). I’m happy to share those.
And does anybody have the gio questions as a vce?

Hi guys,

I have passed 300-210 my last ccnp security Exam, can say surlly that the last spot 220Q and 198 Q are enouth, lab is normal IGR configuration, simlet ESA, D&D Reports, DNP, configuration steps, all in both spot 220Q and spot 198 Q

I want to thank all of you for support and wish the best for all of you

Passed today with 900/1000
materials used
Gio v3
Bid D dump
AG dump
SPOTO dump
CCNP SWITCH dump
sectut qustions random in the forum
cisco domuentation (book,cisco lives etc)
No new questions encountered ,only the new DND
not sure why my score was so low since i spent nearly 3 weeks verifying every single answer if its correct or not
anyway all the materials described above can be found in this forum right here from page 26-32,dont pay to buy any premium passleader/spoto dump its not worth it.what they do is they comne in this forum right here and copy paste the questions.dont waste your money.

@wild wolf.. I got 855 points. Pass is 825. I barely scratched the surface. Esa simlet, ISR configuration for CWS connection simulation, D&d about WSA reporting and preprocessors.
Not sure if I didn’t study well or what happened but I got some questions I was not familar with. There are questions with different answers in the dumps. It is necessary to compare dumps and search the answers by your own. Dumps helps you, but it is not enough in my opinion.
About scheduling the exam, there are very few options available because the test centers are super crowded. I was having the exam with other 10 people at the same time, different exams. Good luck.

@Moni, GGQQBB & Velvet revolver: congratulations Guys… and thanks for your valuable feedback

@Moni, GGQQBB & Velvet revolver: do you guys remember the exam questions by any chance ?

do anyone have AG or AK dump???

Hi Guys,
thanks a lot to MJG i passed with 9XX…..
Lab: CWS connection from ISR G2
Simlet: ESA MailFlowPolicy
Drag & Drop: 2-> WSA reporting pages, CIP,DNP3,Netowrk&Application

This is all that u need to pass: https :// mega.nz/#!ZB8HWKTS!aiOBq49fePLKKRfPXUbljuK9mL6K5sRL-EgbcrTv6tA

pay close attention to the last 20 questions

my contribution:

7,14,15,16,24,25,28,34,36,41,45,47,48,50,54,55,70,72,75,77,79,83,99,102,104,106,108,112,124,126,132,141,144,145,147,148,151,157,158,164,166,170,171,178-199

@Danny: Congratulations and thanks for the feedback! much appreciated!!

Which description of the cisco ASA firepower module in a cluster deployment is true?
A. Each firepower module works independently
B. an ASA shares the state information with firepower module with every two seconds
C. Firepower modules share state information every two seconds
D. the FireSight management center centralizes state information between members
which one is correct?

@Anonymous: option ‘D’ is correct – the FireSight management center centralizes state information between members

@Wild_Wolf , thank you

hey guys,
is spoto dump enough to pass???

Here is a PDF dump which I was working on for the last weeks and aggregates all dumps and questions posted here in the forum for the last 3 months (Gio, SPOTO, Big D etc.) with verification and explanations. Remove spaces in the link

https: // drive.google.com/open?id=10kGM9nxvVNlyUs4TUwUtxgjb_F44qrsN

I have the exam scheduled Wednesday next week.

Related to SPOTO-199Q dump:

Question 55. Which description of a correlation policy configuration in the Cisco Firepower management center is true?

A. The system displays correlation policies that are created on all of the domains in a multidomain deployment
B. Deleting a response group delete the responses of that group
C. You cannot add a host profile qualification to a correlation rule that is triggered by a malware event
D. Correlation policy priorities override whitelist priorities

Hi, all!

I did the 300-210 test on 14/Feb/2020!

Passed with 980/1000.

Labs (IGR configuration) and SIM (ESA) are the same as PassLeader 300-210 dumps (499q).

D&D Reports, DNP, configuration steps…are available in PassLeader 300-210 dumps (499q).

Good luck!

By the way,

CCNP Security dumps collection FYI：

1. PassLeader 300-206 dumps FYI:

od.lk/fl/NjFfMTUyNjc0M18

(494q~~~NEW VERSION DUMPS!!!)

~~~~~~~~~~~~~~~~~~~~~~~~~

2. PassLeader 300-208 dumps FYI:

od.lk/fl/NjFfMTUyNjc0NV8

(521q~~~NEW VERSION DUMPS!!!)

~~~~~~~~~~~~~~~~~~~~~~~~~

3. PassLeader 300-209 dumps FYI:

od.lk/fl/NjFfMTUyNjc0N18

(459q~~~NEW VERSION DUMPS!!!)

~~~~~~~~~~~~~~~~~~~~~~~~~

4. PassLeader 300-210 dumps FYI:

od.lk/fl/NjFfMTUyNjc0OV8

(499q~~~NEW VERSION DUMPS!!!)

~~~~~~~~~~~~~~~~~~~~~~~~~

Good Luck!!!

[(copy those links and open them in your web browser!!!)]

Which two options are important faeature differences between FirePower and WSA ?
A. only FirePower NGFW has contextual awareness.
B. only FirePower NGFW the the ability to gather intelligence.
C. only FirePower NGFW can detect suspicous email activity
D. only FirePower NGFW support user flow and contect analysis
E. only FirePower NGFW supports remediation policy actions with pxGrid
Correct Answer: BD

Any idea if the answers are right?

Passed today with 964!

PROFILING,DUAL SSID,SINGLE SSID,MACSEC,TRUSTSEC;
D&D on portals, LAB on troubleshooting.

Copy link and paste in your browser
poweredbydialup.online/WV4VYT

Question 55. Which description of a correlation policy configuration in the Cisco Firepower management center is true?

A. The system displays correlation policies that are created on all of the domains in a multidomain deployment
B. Deleting a resswponse group delete the responses of that group
C. You cannot add a host profile qualification to a correlation rule that is triggered by a malware event
D. Correlation policy priorities override whitelist priorities

A buddy of mine is looking for the 210-260 IINS , drop me a email if you have the latest dump.

medave775 (AT) gmail.com

Hi guys!!

I have a question. in the drag and drop Cisco asa firepower

in test passleader:

CIP————————————> supports industrial automation application
Transport & network layer—> occurs after the selection of the access control rules
DNP3———————————> used in transportation industries
Application layer ————––> occurs after the selection of the access control rules

but in other options:

CIP————————————> supports industrial automation application
Transport & network layer—> detects attacks that exploit a checksum validation
DNP3———————————> used in transportation industries
Application layer ————––> occurs after the selection of the access control rules

which is the correct answer?

Thanks!

@scooby_doo: below is the correct one

CIP————————————> supports industrial automation application
Transport & network layer—> detects attacks that exploit a checksum validation
DNP3———————————> used in transportation industries
Application layer ————––> occurs after the selection of the access control rules

Hi Folks,

I have cleared my 300-210 exam today and with that i have completed my CCNP Security journey today! so i thank each and everyone who has contributed to this forum and special shout out to Big D, CCNP SWITCH, AG, Demus,sma aouas, GGQQBB, R82, George, MJG, Velvet revolver, Moni, Danny for their excellent work and continues feedback through the forum.

This is the file you need to pass exam:
https :// mega.nz/#!ZB8HWKTS!aiOBq49fePLKKRfPXUbljuK9mL6K5sRL-EgbcrTv6tA

below are the questions in my exam, no new questions.. Make sure you read last 25 questions in the file as it covers 45% of the questions.

7,14,15,16,24,25,28,34,36,41,43,45,47,48,50,54,55,57,64,
70,72,75,77,79,99,104,106,108,112,124,126,141,144,145,153,
157,158,162,164,166,170,171,178,179,180,181,182,183,184,
185,186,187,188,189,190,191,192,193,194,195,196,197,198,199

Lab: CWS connection from ISR G2
Simlet: ESA MailFlowPolicy
Drag & Drop: 2-> WSA reporting pages, CIP,DNP3,Netowrk&Application

Below are the some of the question with correct answers

QUESTION 204
What type of interface is required to pass VLAN tagged traffic from one network to another on a Firepower
7125?
A. logical switched
B. logical routed
C. physical switched
D. hybrid
E. physical routed
Correct Answer: A

QUESTION 203
which type of interface is needed to pass untagged VLAN traffic from one network to another on a Cisco
Firepower appliance 8130?
A. logical switched
B. logical routed
C. physical switched
D. hybrid
E. physical routed
Correct Answer: C

1. Which option is the effect of the show ip admission cache command in an environment in
which CWS is deployed?
A. It displays the list of URLs that users have accessed.
B. It identifies the CWS tower to which the router is connected.
C. It displays the number of authentication attempts performed by each user.
D. It displays the status of each user on the system.

Ans: D

QUESTION 24
Which two deployment modes does the cisco ASA Firepower module supports? (Choose two)
A. inline mode
B. passive monitor-only mode
C. transparent mode
D. active mode
E. route modeF. context mode
Correct Answer: AB

30. Which statement about decrypting traffic on the Cisco Firepower Appliance is true?
a. The Decrypt-Resign option cannot be used with a local PKI.
b. Using the Decrypt-Known Key option requires that you upload the public/private key
pair from servers to the appliance.
c. The Decrypt-Known Key option requires only that the public key be uploaded to the
appliance
d. The Decrypt-Resign option can be used with a well-known/public PKI.

Answer: B

QUESTION 215
Which command check MX records and determine the last activity on a Cisco ESA?
A. hoststatus
B. tophost
C. Diagnostic
D. nslookup
Correct Answer: A

45. Which description of the file trajectory feature in Cisco AMP is true?
a. Tracks information about policy updates that affect each file on a network.
b. Excludes information about file transmissions across the network.
c. Blocks the malware detected in a file sent across the network.
d. Display information about the actions performed on each file on a network.
Answer: D

55.Which command do you run to reset a Firepower module on a Cisco ASA 5585-X firewall?
A. hw-module module 1 recover boot
B. hw-module module 1 reload
C. sw-module module sfr recover boot
D. sw-module module sfr reload

Ans: B

QUESTION 68
Which option is the effect of the show ip admission cache command in an environment in which CWS is deployed?
A. It displays the list of URLs that users have accessed.
B. It identifies the CWS tower to which the router is connected.
C. It displays the number of authentication attempts performed by each user.
D. It displays the status of each user on the system.

Correct Answer: D
(https: #//www.cisco.com/c/dam/en/us/products/collateral/security/router-security/cws-troubleshooting.pdf)

QUESTION 28
Which two task must you perform when you implement CWS on a Cisco ASA or ASAv? (Choose two)
A. Define the primary and secondary CWS proxy
B. Enable the scansafe feature
C. Create a new RSA key
D. Browse to whoami.scansafe.net to verify that web reputation is operating normally.
E. Create an authentication license key

Correct Answer: AE

QUESTION 162
which option describes device trajectory on cisco advanced malware protection for endpoints?
A. it shows the path file on the host
B. it shows a full packet capture of the file
C. it shows which devices on the network received the file
D. it shows what a file did on a host
Correct Answer: D

QUESTION 81
Which description of the file trajectory feature in Cisco AMP is true?
A. Tracks information about policy updates that affect each file on a network
B. Excludes information about file transmissions across the network
C. Blocks the malware detected in a file sent across the network
D. Display information about the actions performed on each file on a network.
Correct Answer: B

QUESTION 109
Which two characteristics represent a Cisco device operating in tap mode? (Choose two.)
A. It analyzes copies of packets from the packet flow.
B. The packet flow traverses the device.C. The device is deployment in a passive configuration.
D. If a rule Is triggered, the device drops the packet.
E. If a rule is triggered, the device generates an intrusion event.
Correct Answer: AE

QUESTION 195
an engineer has a remote site with an ISR G2 to connect to the corporate network. A request is received to
install Cisco Web Security Connector to tanbel content sccanning. Which connectivity method requires split
tunneling to enable content scanning feature?
A. DMVPN
B. GET VPN
C. Flex VPN
D. VPLS
E. MPLS
Correct Answer: E
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
++++++++++++++++LAB: WSA configuration+++++++++++++++

config t
parameter-map type content-scan global
server scansafe primary name proxy-a.scansafe.net port http 8080 https 8080
server scansafe secondary name proxy-b.scansafe.net port http 8080 https 8080
license 0 xxxxx
source int fa0/1
server scansafe 0n-failure block-all
!
int fa0/1
no shut
content-scan outbound
exit
!

#To verify the scansafe:
sh content-scan summury
sh content-scan statistics

++++++++++++++++++++++++++++++++++++++++++++++++++++++

59. D&D – Cisco ASA Firepower module preprocessors: –

a. CIP———————————-> supports industrial automation application
b. Transport & network layer—>detects attacks that exploit a checksum validation
c. DNP3——————————> used in transportation industries
d. Application layer ————–> occurs after the selection of the access control rules

+++++++++++ All the best to rest of you ++++++++++++++++++++

Thank You !!! I passed yesterday with 9XX :)

@Cioby,
Congrats, is file provided by Danny sufficient to pass?

QUESTION 195
an engineer has a remote site with an ISR G2 to connect to the corporate network. A request is received to
install Cisco Web Security Connector to tanbel content sccanning. Which connectivity method requires split
tunneling to enable content scanning feature?
A. DMVPN
B. GET VPN
C. Flex VPN
D. VPLS
E. MPLS
Correct Answer: C is the only tech that allos SPLIT Tunnel

@Cisco_Guy
https://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/15-2mt/scansafe-web-sec.html

Restrictions for Cisco Cloud Web Security:
When the network connection from a branch office to the Internet is over a Multiprotocol Label Switching (MPLS) cloud, the content scanning feature will not work without split tunneling.

Thanks for everything guys. I passed this morning with 9XX.
Lab: CWS connection from ISR G2
Simlet: ESA MailFlowPolicy
Drag & Drop:WSA reporting pages & CIP,DNP3,Netowrk&Application

My Lab did not work. The connection did not work since the interface Fa0/1 was down from the start. No shut did not work! Since the commands that can be executed are limited, I could not troubleshoot the problem any further so I let it be in the hope I would get some points for the right configuration.

Folks, any idea about the following question:

What happens when a Cisco Firesight system sends a URL to the Cisco cloud and clouod cannot determine is reputation?

A. The system can query a manual created list to determine the reputation of the file
B. The system can block the site automatically
C. System cab apply administrative configured action
D. The system is unable fo apply access-control rules

Im between C or D.

@SecGuy

I’m not 100% if that file provided by Danny has is sufficient. My file has almost all questions from Danny’s file plus some other sources here is the forum.

@@Cisco_Guy: i will go with C

I have updated spoto pdf of 300-208 and 300-210.

If anyone is interested I can share only for 40$.

My whatssappp +92-346-5363766

4 candidates have passed exam in just two days. 237Qs in 300-208 pdf

Yes, It was enough to pass

Hi guys!
Have you got 500-470 and 500-490 exam questions? Could someone share it please?

Good luck all!

Passed 300 – 210 exam today with 9xx.

Lab: CWS connection from ISR G2
Simlet: ESA MailFlowPolicy
Drag & Drop: 2-> WSA reporting pages, CIP,DNP3,Netowrk&Application

is Danny file enough to pass?

Passed yesterday with 9xx…Wild_Wolf file is enough to pass…all questions from there.

Lab: ISR G2 CWS
Hotspot: Mail Flow
DnD: CIP and WSA reporting

which two criteria must a certificate meet before the WSA can use it to decrypt application traffic??

A. it must have been signed by an internal CA
B. it must reside in the trusred store of the WSA
C. it must reside in the trusred store of the endpoint
D. of it hasbeen revoked, it must been valid within the prebiuos 24 hours.
E. it must include the current date
F. it must contain a SAN.
which are the correct??

@Anonymous answer is: AB

Hi, all!

I did the 300-210 test on 21/Feb/2020!

Passed with 980/1000.

Labs (IGR configuration) and SIM (ESA) are the same as PassLeader 300-210 dumps (499q).

D&D Reports, DNP, configuration steps…are available in PassLeader 300-210 dumps (499q).

Good luck!

@Andrei,

Would you please send the dump to jhthello At hotmail.com?

Much appreciated it.