A network administrator notices that SI events are not being updated. The Cisco FTD device is unable to load all of the SI event entries and traffic is not being blocked as expected. What must be done to correct this issue?
A.
Restart the affected devices in order to reset the configurations.
B.
Redeploy configurations to affected devices so that additional memory is allocated to the SI module.
C.
Replace the affected devices with devices that provide more memory.
D.
Manually update the SI event entries to that the appropriate traffic is blocked.
Answer is B.
Memory limitations. Cisco Intelligence Feeds are based on the latest threat intelligence from Cisco Talos Intelligence Group (Talos). These feeds tend to get larger as time passes. When a Firepower device receives a feed update, it loads as many entries as it can into the memory it has allocated for Security Intelligence. When a device cannot load all the entries, it may not block traffic as expected. Some connections that should be blocked by a Block list instead continue to be evaluated by access control rules.
If you think this is happening, redeploy configurations to the affected devices.
Troubleshooting Memory Use:
Symptoms: Connections that should be blocked by a Security Intelligence Block list are instead evaluated by access control rules. The Security Intelligence health module alerts that it is out of memory.
Cause: Memory limitations. Cisco Intelligence Feeds are based on the latest threat intelligence from Cisco Talos Intelligence Group (Talos). These feeds tend to get larger as time passes.
Workaround: If you think this is happening, redeploy configurations to the affected devices. This can allocate more memory to Security Intelligence.
To correct the issue of SI events not being updated and the Cisco FTD device being unable to load all of the SI event entries, the network administrator should redeploy configurations to affected devices so that additional memory is allocated to the SI module.
https://www.cisco.com/c/en/us/td/docs/security/firepower/670/configuration/guide/fpmc-config-guide-v67/security_intelligence_blacklisting.html
Workaround: If you think this is happening, redeploy configurations to the affected devices.
B - right answer
Does someone give explanation? How does Intelligence EVENTS affect Intelligence process. It is just logging.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.300-710 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ERGEGA
Highly Voted 2 years, 3 months agoBobster02
Highly Voted 2 years, 11 months agobassfunk
Most Recent 10 months agopartyzan06
11 months, 4 weeks agoJoe_Blue
1 year, 2 months agoxziomal9
1 year, 11 months agoaadach
2 years, 2 months agoBobster02
2 years, 11 months agokakakayayaya
2 years, 11 months agokakakayayaya
3 years ago