ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-710 All Questions

View all questions & answers for the 300-710 exam
Go to Exam

Exam 300-710 topic 1 question 307 discussion

Actual exam question from Cisco's 300-710
Question #: 307
Topic #: 1
[All 300-710 Questions]

An administrator must fix a network problem whereby traffic from the inside network to a webserver is not getting through an instance of Cisco Secure Firewall Threat Defense. Which command must the administrator use to capture packets to the webserver that are dropped by Secure Firewall Threat Defense and resolve the issue?

  • A. capture CAP int INSIDE match ip any host WEBSERVERIP
  • B. capture CAP int OUTSIDE match ip any host WEBSERVERIP
  • C. capture CAP int INSIDE match tcp any 80 host WEBSERVERIP 80
  • D. capture CAP type asp-drop all headers-only
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by gwb at March 26, 2024, 1:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tinyJoe
1 week, 6 days ago
Selected Answer: A
Very good question. It is a difficult choice, but I will choose A. As for D, asp-drop, my understanding is that ASP: Accelerated Security Path is a feature that “skips some checks on already established connections”. https://community.cisco.com/t5/network-security/what-is-asp/td-p/4043042#:~:text=If%20the%20connection%20is%20already%20established In this question, I am guessing that there is no connection to the external web server at all. If the connection is not yet established, then the asp-drop option should not be enabled. (PS: There is a discussion of this very question on Cisco Community, but even the VIP respondents are divided between A and D. LOL) https://community.cisco.com/t5/network-security/how-to-capture-dropped-packet-in-ftd-firewalll/td-p/5070863 I chose A, probably because the person with the A opinion seems more trustworthy)
upvoted 2 times
...
Alex_morgan
4 months, 1 week ago
Selected Answer: D
The asp-drop type of capture is used to identify and capture packets that are dropped by the Cisco Secure Firewall Threat Defense (FTD) appliance due to the Accelerated Security Path (ASP) process. This type of capture helps troubleshoot issues where traffic is being dropped by the firewall, which is the case in this scenario. The other options (A, B, and C) are for general packet captures, but they don't specifically capture dropped packets, which is the key part of this issue.
upvoted 2 times
...
Amedeou
4 months, 2 weeks ago
Selected Answer: D
To capture packets that are dropped by Cisco Secure Firewall Threat Defense (FTD) and troubleshoot the issue of traffic from the inside network to a webserver not getting through, the administrator should use the command to capture packets dropped by the accelerated security path (ASP) engine. The correct command is: capture CAP type asp-drop all headers-only
upvoted 2 times
...
eafea4f
6 months, 1 week ago
Selected Answer: A
The question doesn't specify the packets dropped.
upvoted 1 times
...
MB2222
8 months, 3 weeks ago
(A) and (C) could be valid answers. However, (C) restricts the troubleshooting massively by saying that the client tcp source port must be 80. In regular connection requests, those source ports are randomized... So, answer (A) should be the correct one.
upvoted 1 times
...
gwb
9 months, 3 weeks ago
My choice is A
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago