ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-710 All Questions

View all questions & answers for the 300-710 exam
Go to Exam

Exam 300-710 topic 1 question 294 discussion

Actual exam question from Cisco's 300-710
Question #: 294
Topic #: 1
[All 300-710 Questions]

A software development company hosts the website https://dev.company.com for contractors to share code for projects they are working on with internal developers. The web server is on premises and is protected by a Cisco Secure Firewall Threat Defense appliance. The network administrator is worried about someone trying to transmit infected files to internal users via this site. Which type of policy must be associated with an access control policy to enable Cisco Secure Firewall Malware Defense to detect and block malware?

  • A. SSL policy
  • B. file policy
  • C. network discovery policy
  • D. prefilter policy
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by KISRUVEM at Jan. 16, 2024, 2:14 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gwb
Highly Voted 8 months, 3 weeks ago
My choice is "B". Malware Defense - file policy with rule.
upvoted 5 times
MB2222
7 months, 3 weeks ago
Hmmm, I would go for (A). Why?, because it is also saying in the question focusing on the URL httpS, and without an SSL policy associated with your ACP, you are not able at all to detect any malicious traffic, files, etc. at all.
upvoted 1 times
MB2222
7 months, 3 weeks ago
... and it also says in the question to "DETECT" and block traffic. In order to see malicious files, you must be able to see them. So again, SSL policy (A) is my choice.
upvoted 1 times
...
...
...
Nian
Most Recent 1 month, 3 weeks ago
Selected Answer: B
Again multiple answers are correct. To perform the requested detection and blocking, the Access Policy must have an SSL Policy (A) associated (on policy level). Moreover a File Policy (B) is required to inspect files - implemented as a rule in the access policy
upvoted 1 times
...
Silexis
4 months, 1 week ago
Selected Answer: B
I think this a very tricky one - Cisco is throwing to people. Let's divide the workflow: contractors are using SSL connection to upload code from Internet. It is true that without SSL Policy - you won't be able to see the files. Developers, on the other hand, are connected to the webserver which is "on premises", making me think that they wont use the Internet URL but another one which is accessible only from Internal - but passing through the FTD - this is why, without a Malware&File policy an SSL will be just useless (even though the no mistake will be actually A&B together)
upvoted 1 times
...
tinyJoe
5 months, 2 weeks ago
Selected Answer: A
It is a difficult choice, but I choose A. “via this site” indicates that the site probably has the ability to send and receive files. The file sending/receiving traffic should be encrypted. And just to be metaperspective, if B is the correct answer, why is it necessary to describe the HTTPS sample URL in the question? I assume it is because the author wanted to make decryption the theme of the question.
upvoted 1 times
...
KISRUVEM
11 months, 1 week ago
Selected Answer: A
I think it’s A. You don’t associate a file policy to an ACP. You associate a file policy to an ACP rule. You associate an SSL policy to an ACP. Yes, it’s also called a “decryption policy” in the GUI but the config guide still calls it an SSL Policy.
upvoted 4 times
Bubu3k
11 months ago
That's for decrypting traffic, even if you use it you still need a file or malware policy
upvoted 8 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel