Exam 300-710 topic 1 question 103 discussion

Correct answer: B. Use the Packet Capture feature to collect real-time network traffic. In this scenario, since the FTD appliance utilization is peaking above 90% of total capacity, it is possible that the appliance is dropping packets and causing users to get disconnected from their corporate applications. To further analyze the issue, the network engineer can use the Packet Capture feature in the FTD to collect real-time network traffic and determine whether packets are being dropped, and if so, which packets are being dropped. Option A, Packet Export feature, allows you to export captured packets to an external storage device. It does not help in analyzing the issue at hand. Option C, Packet Tracer feature, is used to simulate and troubleshoot network traffic through the firewall. It does not help in capturing real-time network traffic for analysis. Option D, Packet Analysis feature, provides a way to analyze packet captures taken with the Packet Capture feature. However, before analysis can be done, packets must first be captured with the Packet Capture feature.

Using the Packet Tracer feature (option C) is indeed useful for traffic policy analysis. It helps you understand how traffic is being processed by the FTD appliance and can identify issues related to policy configurations. However, to specifically analyze the issue of high utilization and user disconnections, the Packet Capture feature (option B) is more appropriate. Packet Capture allows you to collect real-time network traffic data, providing detailed insights into the actual traffic patterns and potential anomalies causing the high utilization and disconnections. Both tools are valuable, but for real-time traffic analysis and identifying the root cause of performance issues, Packet Capture is the more suitable choice.

my answer is B. Users are “randomly” disconnected, right? If the policy prevents the connection from going through, then it should not be random, but a complete disconnection.

It should be answer "B", since we do have client connectivity (--> randomly disconnects clients). So the identify the source that is flooding the bandwidth, etc. packet captures are a good indication to do so.

I would answer c. The traffic is not real but the point is to analyze the policy. When i hear connections are getting dropped, i think policy.

They keyword here is the system is 90% overload, we should use the least CPU loading method for investigation. The first step is to use packet tracer to check if the policy is correct or not. For other option with capturing, it would not succeed and even cause impact to the system since the system is now 90% overload already.

This is the stupidest question ever. with CPU 90% last thing you need is a capture... show resources or cpu but capture will make the CPU 99% NO real answer

A. Use the Packet Export feature to save data onto external drives. -> Exporting traffic doesnt help us understanding why the traffic lets the FTD peak B. Use the Packet Capture feature to collect real-time network traffic. -> Could be, we can see what traffic is traversing the firewall by inspecting the dump in packet analysis software C. Use the Packet Tracer feature for traffic policy analysis. -> Packet Tracer does not analyze real traffic, it generates virtual traffic, so a No. D. Use the Packet Analysis feature for capturing network data. -> Packet Analysis is not a feature to capture the traffic, but instead view the traffic. Since it explicitly says capture I would say this option is not valid. So I think B is correct