Exam 300-710 topic 1 question 264 discussion

Actual exam question from Cisco's 300-710

Question #: 264
Topic #: 1

The security engineer reviews the syslog server events of an organization and sees many outbound connections to malicious sites initiated from hosts running Cisco Secure Endpoint. The hosts are on a separate network from the Cisco FTD device. Which action blocks the connections?

A. Modify the policy on Cisco Secure Endpoint to enable DFC.
B. Modify the access control policy on the Cisco FMC to block malicious outbound connections
C. Add the IP addresses of the malicious sites to the access control policy on the Cisco FMC
D. Add a Cisco Secure Endpoint policy with the Tetra and Spero engines enabled

Show Suggested Answer

Suggested Answer: A 🗳️

by LC1980 at Jan. 10, 2024, 5:56 a.m.

Comments

Submit Cancel

LC1980

Highly Voted 1 year ago

It should be A: Enable Device Flow Correlation allows you to monitor network activity and determine which action the connector should take when connections to malicious hosts are detected. The question says "the host is on separete network from FTD device so Access Control Rule will hava no effect on the host

upvoted 9 times

...

Stevens0103

Most Recent 1 year ago

Selected Answer: A

Agree with LC1980, the answer is A. "Device Flow Correlation Detections Device flow correlation allows you to flag or block suspicious network activity. You can use "Policies" on page 73 to specify Secure Endpointconnector behavior when a suspicious connection is detected and also whether the connector should use addresses in the Cisco Intelligence Feed, custom IP lists you create, or a combination of both." https://docs.amp.cisco.com/en/SecureEndpoint/Secure%20Endpoint%20User%20Guide.pdf

upvoted 3 times

...