Exam 300-710 topic 1 question 115 discussion

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/fxos231/web-guide/b_GUI_FXOS_ConfigGuide_231/troubleshooting.html#:~:text=34525%2C%20ARP%20%3D%202054%2C-,and%20SGT%20%3D%2035081),-.

I think it has something to do with AMP for endpoint and cisco secure client because in the question they say "preventing clients from using the proper policies"

My choice is C, this is a Cisco Exam, why would we choose WireShark instead of a native Cisco process on a cisco device for the same purpose? Plus with Wireshark you would need to span a port for data flow.

Yes, using a packet capture with match criteria would be a good way to troubleshoot this issue. The packet capture can be set up to capture traffic only from the specific devices that are not being tagged correctly. The match criteria can be set to filter for traffic that is associated with the service group in question, allowing the engineer to see if the traffic is being tagged correctly or not. Based on the results of the packet capture, the engineer can then take appropriate actions to resolve the issue.

Im voting for C, because a packet capture on the FW always makes more sense than doing something on the client

Correct answer is: C

Correct answer is: C

Answer C

C, Using the built in Packet Capture feature is the best answer. B is NOT the best answer because: This is not a test on Wireshark You wouldnt necessarily use a subnet filter If B were right, than D would be even more right. We can do packet captures right in FMC, including filtering for specific SGTs.

C also makes sense. Capture could just be exported and imported in wireshark. Also, you would be able to use match argument to specify devices instead of subnet, and also SGTs if you want to. I will go for C if this comes up during test.

B, Wireshark makes the most sense

Why don't we use packet capture? Arguable answer...