Exam 300-710 topic 1 question 74 discussion

Answer: C Reason: the command "capture-traffic" is used for SNORT Engine Captures. To capture a LINA Engine Capture, you use the "capture" command. Since the Lina Engine represents the actual physical interface of the device, "capture" is the only reasonable choice Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html#anc10

Capture [word]... You have to give the capture a name.

The correct command to capture all packets that hit an interface on the Cisco FTD CLI is: **D. capture WORD** This command allows you to specify the interface and capture parameters, making it versatile for different capture needs[1](https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/ac_1.html)[2](https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html).

The correct command to capture all packets that hit an interface on the Cisco FTD CLI is: **D. capture WORD** This command allows you to specify the interface and capture parameters, making it versatile for different capture needs[1](https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/ac_1.html)[2](https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html).

You all think too hard To capture traffic from the Firewall Engine, you use the capture command. The capture-traffic command captures the traffic from the Firepower engine.

D-- again check this out: https://community.cisco.com/t5/network-security/firepower-cli-capture-vs-capture-traffic/m-p/4145511#M1073545

The key word is "that hit an interface" is necessary the interface name The answer is D

Answer is B- They are asking for the cli command on the FTD

Here's the syntax: capture <WORD> interface <interface-name> [buffer <buffer-size>] [match <access-list>] [packet-length <packet-length>]

WORD is syntax, capture is the command

I recently entered an FTD and when I put the capture command it forces me to give it a name later, so the capture command does not work without WORD

Im going with D on this one. You cannot send the command "capture" from CLI - the command needs a name argument following "capture". You can send the command "capture [WORD]" with following <cr> , from both LINA and CLIish.

Correct answer is: C

C Is the right answer

C is the correct answer. Here it is asking for Cisco command, not the syntax

James is right about the capture-traffic command, but D is a better answer than C. Go into the cli, type "capture" then hit the question mark. The only option is "WORD". WORD represents a capture name. D is more specific than C.

Answer C as James3222 mentioned