An engineer defines a new rule while configuring an Access Control Policy. After deploying the policy, the rule is not working as expected and the hit counters associated with the rule are showing zero. What is causing this error?
A.
An incorrect application signature was used in the rule.
B.
The wrong source interface for Snort was selected in the rule.
I would say C because of this:
The policy hit count is incremented only for the first packet of a connection that matches a policy.
https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/getting_started_with_access_control_policies.html
An application takes more than the first packet to be identified, so this is only based on source/dest IP, ports and protocol. Even if the application was incorrect, it would increase hits based on this.
When you create an access control rule, it is enabled by default.
https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/access_control_rules.html
Only A. Incorrect Application signature: Lets say you want to block facebook, and instead facebook you used Facebook games.
B and D makes no sense
C: Rules are enabled by default, only SNORT rules need to be enabled (drop and generate events, generate events,...) to take action.
The correct answer is C. The most likely cause of the error is that the rule was not enabled after being created. By default, new rules are created in a disabled state, which means that they do not take effect until they are explicitly enabled. If the rule is not enabled, it will not be matched against traffic and the hit counters associated with the rule will remain at zero.
What ? When you create ACL rule you do no ned to enable it ?!. If there is no hits in counter, that means the traffic did not match the criteria: source IP, destination IP, URL, application,... So C is not the one. I think you are refering to SNORT rules and that is not the case here
Joe, i have just checked the new rules are not created in a disabled state (at least in my case). I still go with answer C because of hit count.
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Pata311
2 days, 21 hours agoeafea4f
6 months agoz6st2a1jv
1 year, 2 months agobassfunk
1 year, 5 months agoInitial14
1 year, 9 months agogwb
10 months agoJoe_Blue
1 year, 10 months agoInitial14
1 year, 9 months agoBbb78
1 year, 7 months agonever1
1 year, 7 months ago