When packet capture is used on a Cisco Secure Firewall Threat Defense device and the packet flow is waiting on the malware query, which Snort verdict appears?
Looks like retry based on the following link:
https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/troubleshooting_the_system.html
Retry is correct.
BlockFlow: Snort has determined that the entire flow or session should be blocked.
https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/troubleshooting_the_system.html#:~:text=on%20passive%20interfaces.-,Retry,-Flow%20is%20stalled
D.
BlockFlow Verdict:
The BlockFlow verdict is specific to Snort.
When a packet receives the BlockFlow verdict, it is dropped immediately, and subsequent packets in the same session are also dropped before reaching Snort.
Essentially, it prevents any further processing of that flow.
Use Cases:
Malware Detection: For example, if Snort identifies a packet as malicious (e.g., malware), it may assign the BlockFlow verdict to prevent any additional communication from that source.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.300-710 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MooseMullay
Highly Voted 6 months, 1 week agoNian
Most Recent 1 week, 1 day agogwb
7 months, 2 weeks ago