A Cisco FirePower administrator needs to configure a rule to allow a new application that has never been seen on the network. Which two actions should be selected to allow the traffic to pass without inspection? (Choose two.)
In case you are still nervy about the above answers, then this diagram will calm your nerves :)
https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/access_control_rules.html#ID-2190-00000005
https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/access_control_rules.html?bookSearch=true#ID-2190-0000023b
There is an exception, however. If a Monitor rule contains layer 7 conditions—such as an application condition—the system allows early packets to pass and the connection to be established (or the SSL handshake to complete)
In Cisco Firepower, "allow" passes traffic but still inspects it. "Trust" passes traffic without inspection.
Since the question asks for allowing traffic without inspection, the correct answers are D. trust and E. monitor.
The allow action, If it does only file inspection, intrusion inspection, or neither, it signifies that it will not be inspected because the application is unknown.
Without a doubt, the trust action is one of the proper answers.
The system does not perform deep inspection on trusted, blocked, or encrypted traffic.
You monitor to log the session to use when "configuring a rule to allow a new application..."
D, E
Explanation
Each rule also has an action, which determines whether you monitor, trust, block, or allow matching traffic.
Note: With action “trust”, Firepower does not do any more inspection on the traffic. There will be no intrusion
protection and also no file-policy on this traffic.
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
rad9899
Highly Voted 3 years, 11 months agoloiphin
3 years, 4 months agoFugashi
2 years, 11 months agowest33637
Highly Voted 2 years, 3 months agoDANT7
Most Recent 2 days, 12 hours agoDiegosuarezb
2 weeks, 3 days agoBasuso
5 months, 2 weeks agomhd96far
1 year, 1 month agoPakawat
1 year, 4 months agoxziomal9
1 year, 5 months agoHOUSSE
1 year, 6 months agoPakawat
1 year, 7 months agoF0rtyx40
1 year, 9 months agobobie
1 year, 11 months agoYooAndI
1 year, 12 months agopsuoh
2 years, 3 months agoEmlia1
2 years, 4 months agodique
2 years, 9 months agootzu1
3 years ago