Exam 300-710 topic 1 question 61 discussion

he correct answer is actually A. Prefilter. Prefilter policies are designed to quickly filter traffic before it reaches the deeper inspection engines, allowing you to test rules without disrupting the traffic. This is particularly useful during a migration phase, as it ensures that the network's performance is not impacted while you configure and test the new rules. Access Control policies (Option C) are used to define and enforce security rules, but they do not specifically provide the capability to test rules without affecting traffic in the same way that prefilter policies do.

the correct answer is actually A. Prefilter. Prefilter policies are designed to quickly filter traffic before it reaches the deeper inspection engines, allowing you to test rules without disrupting the traffic. This is particularly useful during a migration phase, as it ensures that the network's performance is not impacted while you configure and test the new rules. Access Control policies (Option C) are used to define and enforce security rules, but they do not specifically provide the capability to test rules without affecting traffic in the same way that prefilter policies do.

I change my mind to A after reading this document --> https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/prefiltering_and_prefilter_policies.html Fastpath vs Trust discussion Fastpath and there for prefilter wins because it bypasses all further inspection and handling instead of only exempt from deep inspection and discovery, aka Trust function in ACL. On top of that you only have to configure it once in the ACL policy instead on per rule base

Both Prefilter and ACP are correct here, there are a bunch of discussions on the community around this topic, generally speaking I would probably go with ACP, but I believe that by default the migration tool will migrate the rules to prefilter and that's the answer they are going for here. https://community.cisco.com/t5/network-security/firepower-prefilter-or-access-control-policy/td-p/3832096 https://community.cisco.com/t5/network-security/asa-to-ftd-policy-migration-best-practice/td-p/3081218 https://community.cisco.com/t5/network-security/asa-ftd-migration-prefilter-policy-or-access-control-policy/td-p/4587384

I choose A

I would use ACP in this case because you can "Allow" or "Trust" the traffic in the rules and you can turn off IPS if needed or use IDS which will not disrupt the traffic but personally to test the rules, I would allow the traffic with IDS added to the rules, and of course logging enabled. Prefilter would bypass inspection and just use the LINA process so it would be useless to keep the rules there and not get the benefits of using a FTD. https://community.cisco.com/t5/network-security/asa-ftd-migration-prefilter-policy-or-access-control-policy/td-p/4587384

When you migrate from ASA to FTD you use prefilter. The question states: "to test the rules without disrupting the traffic" this is done with prefilter. With prefilter you only have rules based on L3 and L4, same as ASA. This is also in cisco's whitepaper regarding migration from ASA to FTD

Prefilter requires FTD, question is about ASA. That removes A as an answer.

Using prefilter you do not have so granular filter possibilities. ACP with monitor can be your solution.

Correct answer is: C

A is the right answer

Im not 100% sure but I would think ACP would be better than Prefilter... With ACP you set the action to "Monitor" wheresa Prefilter you can only fastpath or block... Fastpath could be an option for Prefilter but this only bypasses SNORT... "Monitor" with ACP sounds better. ACP—Every access control rule has an action that determines how the system handles and logs matching traffic. You can either perform an allow, trust, monitor, block, or block with reset action on an access control rule. Prefilter—A rule's action determines how the system handles and logs matching traffic. You can either perform a fastpath and block.