Exam 300-710 topic 1 question 71 discussion

Correct answer is A. Because - Packet capture is available with the trace option, which provides you with a verdict as to whether the packet is dropped or successful. https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/troubleshooting_the_system.html#:~:text=Packet%20capture%20is%20available%20with%20the%20trace%20option%2C%20which%20provides%20you%20with%20a%20verdict%20as%20to%20whether%20the%20packet%20is%20dropped%20or%20successful.

I'm not sure how limiting the number of packets is a benefit. I'd go with A.

OK, I go with A, the trace option limits the number of packets to be traced, does not limit the amount of packets collected in the capture. tricky question. Plus the verbage in the referenced document says Packet capture is available with the trace option, which provides you with a verdict as to whether the packet is dropped or successful.

Correct answer is: A

Packet capture is available with the trace option, which provides you with a verdict as to whether the packet is dropped or successful.

A & D looks me correct

https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/troubleshooting_the_system.html#:~:text=Packet%20capture%20is%20available%20with%20the%20trace%20option%2C%20which%20provides%20you%20with%20a%20verdict%20as%20to%20whether%20the%20packet%20is%20dropped%20or%20successful

Looks to me A. he packet capture feature with trace option allows real packets that are captured on the ingress interface to be traced through the system. The trace information is displayed at a later stage. These packets are not dropped on the egress interface, as they are real data-path traffic. Packet capture for Firepower Threat Defense devices supports troubleshooting and analysis of data packets. Once the packet is acquired, snort detects the tracing flag that is enabled in the packet. Snort writes tracer elements, through which the packet traverses. Snort verdict as a result of capturing packets can be one of DROP/ALLOW/Would DROP. The file-size option is used when you need to capture packets with the size limit more than 32 MB.

100% A - look at the link from Heorhiiyatskovskyi if in doubt. Trace just gives you packet-trace info - does not capture any packet-details - just provides packet processing info.

The answer is A, trace does provide detail but you ultimately look at the result portion to see if the packet allowed or dropped.

D is the only logical answer.

Answer: D Packet Capture Overview The packet capture feature with trace option allows real packets that are captured on the ingress interface to be traced through the system. The trace information is displayed at a later stage. These packets are not dropped on the egress interface, as they are real data-path traffic. Packet capture for Firepower Threat Defense devices supports troubleshooting and analysis of data packets. Reference:- https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/troubleshooting_the_system.html

Enable the packet trace to check how the real TCP SYN packets are handled by the firewall. By default, only the first 50 ingress packets are traced: firepower# capture CAPI trace https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/215092-analyze-firepower-firewall-captures-to-e.html

Answer: D The trace function provides additional details when doing a packet capture. "Tracing a real packet can be very useful to troubleshoot connectivity issues. It allows you to see all the internal checks that a packet goes through." https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html#anc13