ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-710 All Questions

View all questions & answers for the 300-710 exam
Go to Exam

Exam 300-710 topic 1 question 32 discussion

Actual exam question from Cisco's 300-710
Question #: 32
Topic #: 1
[All 300-710 Questions]

An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behavior. How is this accomplished?

  • A. Modify the network discovery policy to detect new hosts to inspect.
  • B. Modify the access control policy to redirect interesting traffic to the engine.
  • C. Modify the intrusion policy to determine the minimum severity of an event to inspect.
  • D. Modify the network analysis policy to process the packets for inspection.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by kakakayayaya at June 7, 2021, 8:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
14a1949
21 hours, 49 minutes ago
Selected Answer: B
I understand why you might think option D is correct. However, B. Modify the access control policy to redirect interesting traffic to the engine is actually the most appropriate choice in this scenario. The access control policy is where you specify which traffic should be inspected by the Firepower Threat Defense (FTD) engine. By redirecting interesting traffic to the inspection engine, you ensure that protocol anomalies are detected and Snort rule sets are applied to identify malicious behavior. Modifying the network analysis policy (D) does involve processing packets for inspection, but it primarily focuses on pre-processing and detection of protocol anomalies at a more basic level, rather than leveraging the full capabilities of Snort rules for detecting malicious behavior.
upvoted 1 times
...
14a1949
1 week, 1 day ago
Selected Answer: D
I understand your perspective. Modifying the access control policy to redirect interesting traffic to the engine (option B) is indeed important for defining which traffic should be inspected. However, to specifically enable inspection for protocol anomalies and utilize Snort rule sets to detect malicious behavior, modifying the network analysis policy (option D) is the correct approach. The network analysis policy processes packets for inspection, allowing the detection of protocol anomalies and the application of Snort rule sets1. Modifying the access control policy (option B) is crucial for directing traffic to be inspected, but the actual inspection for anomalies and malicious behavior is handled by the network analysis policy.
upvoted 1 times
...
14a1949
1 week, 1 day ago
Selected Answer: B
To enable inspection for traffic on a Cisco Firepower device without IPS capabilities and utilize Snort rule sets to detect malicious behavior, the correct action would be: **B. Modify the access control policy to redirect interesting traffic to the engine.** By modifying the access control policy, you can specify which traffic should be inspected by the Firepower device, allowing it to detect protocol anomalies and utilize Snort rule sets for identifying malicious behavior.
upvoted 1 times
...
Aransi90
8 months, 2 weeks ago
Selected Answer: B
B is the way to achieve this
upvoted 1 times
...
Joninjimbo
8 months, 3 weeks ago
Selected Answer: B
The traffic flow diagram in the guide below proves its B. The last thing it hits in the firewall which determines whether the traffic is sent to the IPS/IDS is the L3/L4 ACP. So its definitively B. https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html
upvoted 1 times
...
achille5
11 months, 1 week ago
Selected Answer: D
https://www.cisco.com/c/en/us/td/docs/security/firepower/670/fdm/fptd-fdm-config-guide-670/fptd-fdm-intrusion.html
upvoted 1 times
achille5
6 months, 2 weeks ago
Changed B
upvoted 1 times
...
...
Initial14
1 year, 3 months ago
Selected Answer: B
B. If you do not have preprocessor enabled, lets say SCADA but you have snort rules enabled for SCADA protocols SNORT will enable preprocessor for SCDA, so the only option is B
upvoted 3 times
...
tanri04
1 year, 4 months ago
To enable inspection for traffic and detect protocol anomalies and utilize the Snort rule sets to detect malicious behavior, the intrusion policy must be modified. The intrusion policy determines which traffic is inspected and which Snort rules are used to detect malicious behavior. By default, when Firepower is installed, it uses a basic intrusion policy that does not have IPS capabilities. Therefore, modifying the intrusion policy is the correct solution to enable inspection for traffic and utilize the Snort rule sets. So, the correct answer is C. Modify the intrusion policy to determine the minimum severity of an event to inspect.
upvoted 1 times
tanri04
1 year, 4 months ago
To enable inspection for traffic and detect protocol anomalies using Snort rule sets to detect malicious behavior in Cisco Firepower without IPS capabilities, both the access control policy and intrusion policy must be modified. The access control policy should be modified to redirect interesting traffic to the engine for inspection. The intrusion policy should be modified to enable intrusion and file policy, select the Snort rule sets to use for inspection, and configure the protocol inspection settings to detect anomalies. The minimum severity of an event to inspect is determined by the intrusion policy, but it is not the only modification required to enable inspection for traffic and utilize the Snort rule sets. Therefore, option C is not the correct answer. The correct answer is: A. Modify the access control policy to redirect interesting traffic to the engine, and C. Modify the intrusion policy to utilize Snort rule sets and detect malicious behavior.
upvoted 2 times
...
...
Joe_Blue
1 year, 4 months ago
Selected Answer: B
To enable inspection for traffic and detect protocol anomalies using Snort rule sets in Cisco Firepower without IPS capabilities, the organization needs to modify the access control policy to redirect interesting traffic to the engine. Therefore, the correct answer is option B.
upvoted 2 times
...
johanhc20
1 year, 11 months ago
Selected Answer: B
B is correct
upvoted 2 times
...
xziomal9
2 years ago
Selected Answer: B
Correct answer is: B
upvoted 1 times
...
Grandslam
2 years, 3 months ago
Selected Answer: D
I get why people are picking B but I have to go with D. NAP is specific for identifying Anomalies...
upvoted 2 times
...
liqucika
2 years, 5 months ago
Selected Answer: B
Each rule in the ACP has control over whether the traffic is sent to snort to be inspected or not. If the traffic is allowed and an intrusion policy is selected, then the traffic will go on to be inspected by snort.
upvoted 2 times
...
Sarbi
2 years, 9 months ago
B is the correct answer.
upvoted 2 times
orotta
2 years, 6 months ago
Can you please explain why B is correct answer
upvoted 1 times
...
...
Bobster02
3 years, 1 month ago
B indeed makes more sense: A network analysis policy (NAP) governs how traffic is decoded and preprocessed so that it can be further evaluated, especially for anomalous traffic that might signal an intrusion attempt. To apply intrusion policies to network traffic, you select the policy within an access control rule that allows traffic. You do not directly assign intrusion policies.
upvoted 4 times
...
kakakayayaya
3 years, 1 month ago
PS We do not need additionally to enable NAP. By default it uses Balances Security and Connectivity config. So for me answer B is more reasonable.
upvoted 1 times
...
kakakayayaya
3 years, 1 month ago
Network analysis policy will not work without the access control policy. I see that we need to make B AND D steps. For me "redirect interesting traffic" most be the most important step....
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago