ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-710 All Questions

View all questions & answers for the 300-710 exam
Go to Exam

Exam 300-710 topic 1 question 54 discussion

Actual exam question from Cisco's 300-710
Question #: 54
Topic #: 1
[All 300-710 Questions]

A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the application rules?

  • A. utilizing a dynamic ACP that updates from Cisco Talos
  • B. creating a unique ACP per device
  • C. utilizing policy inheritance
  • D. creating an ACP with an INSIDE_NET network object and object overrides
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by hz033 at May 7, 2022, 6:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
14a1949
5 months, 1 week ago
Selected Answer: D
The best technique to retain policy consistency across multiple branch locations while allowing only the locally significant network subnet within the application rules is: **D. creating an ACP with an INSIDE_NET network object and object overrides** This approach allows you to maintain a consistent Access Control Policy (ACP) across all locations while using object overrides to specify the locally significant subnets for each branch (https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/access-rules.html) (https://www.cisco.com/c/en/us/td/docs/security/firepower/710/fdm/fptd-fdm-config-guide-710/fptd-fdm-access.html).
upvoted 1 times
...
Kris92
10 months ago
Selected Answer: D
should be D, policy inheritance is doing part of the job, but the more important thing is to have the object values specific to the location, which can be done with object overrides https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Reusable_Objects.html#concept_8BFE8B9A83D742D9B647A74F7AD50053
upvoted 2 times
...
bassfunk
1 year, 4 months ago
Selected Answer: D
D is the only answer that makes sense.
upvoted 2 times
...
gc999
1 year, 6 months ago
Selected Answer: C
If for D, finally each device would obtain the firewall policy with ALL the unrelated subnets at the inside, which is violated to the question "allow only the locally significant network subnet".
upvoted 3 times
...
Mevijil
2 years ago
Selected Answer: D
Definitely D - object override allows you to create a single object with multiple values, which is what they're doing for the two different networks sharing one rule set
upvoted 2 times
...
dique
2 years, 4 months ago
Selected Answer: D
Answer is D
upvoted 2 times
...
hz033
2 years, 7 months ago
Selected Answer: C
it sounds as the right answer is C
upvoted 1 times
SegaMasterSystemAdmin
1 year, 6 months ago
no that can't be it because policy inheritance will just ensure that child policies will inherit the policies from the parent policy
upvoted 2 times
...
ureis
1 year, 7 months ago
explain
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel