ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-710 All Questions

View all questions & answers for the 300-710 exam
Go to Exam

Exam 300-710 topic 1 question 18 discussion

Actual exam question from Cisco's 300-710
Question #: 18
Topic #: 1
[All 300-710 Questions]

The event dashboard within the Cisco FMC has been inundated with low priority intrusion drop events, which are overshadowing high priority events. An engineer has been tasked with reviewing the policies and reducing the low priority events. Which action should be configured to accomplish this task?

  • A. drop packet
  • B. generate events
  • C. drop connection
  • D. drop and generate
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by kakakayayaya at June 6, 2021, 8:28 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Joe_Blue
Highly Voted 1 year, 7 months ago
Selected Answer: A
To reduce low priority intrusion drop events and keep the high priority events visible, the "drop packet" action can be configured in the intrusion policy. This will silently drop the packets that trigger low priority intrusion events without generating any event or alert, thereby reducing the noise in the event dashboard.
upvoted 5 times
...
14a1949
Most Recent 3 months, 4 weeks ago
Selected Answer: A
To reduce the low priority intrusion drop events and focus on high priority events, the engineer should configure the action to: A. drop packet By setting the action to "drop packet," the system will drop the packets without generating events for low priority intrusions. This helps in reducing the clutter of low priority events in the event dashboard, allowing high priority events to stand out
upvoted 1 times
...
Lautaros
1 year, 5 months ago
it highlighted as B the correct answer. should be A
upvoted 2 times
...
jaciro11
2 years, 3 months ago
Selected Answer: A
go with A
upvoted 1 times
...
xziomal9
2 years, 4 months ago
Selected Answer: A
Correct answer is: A
upvoted 1 times
...
SanchezEldorado
2 years, 6 months ago
This had me really confused for a bit, because I didn't see an option to just drop packet anywhere. I appears there is a difference between the versions of when this question was originally posted and now. The only Drop option in newer versions is Drop and generate events. I think the correct answer now would be to add a threshold to limit the number of events. Here's a link for version 6.2 that doesn't show a drop and generate events option: https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/working_with_intrusion_events.html Here's a link for 7.0 that doesn't show a drop option: https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/working_with_intrusion_events.html
upvoted 2 times
gwb
8 months, 3 weeks ago
Drop packets — Click Set this rule to drop the triggering packet... to set the rule to drop packets that trigger it. If your managed device is deployed inline on your network, you can set the rule that triggered the event to drop packets that trigger the rule in all policies that you can edit locally. Alternately, you can set the rule only in the current policy (that is, the policy that generated the event) if you can edit the current policy locally. https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/working_with_intrusion_events.html - This is a link for "drop packet" in event
upvoted 1 times
...
...
orotta
2 years, 9 months ago
A seems to be correct: IPS has three rule state: Generate Event, Drop and Generate Events and Disable currently, the rule is set to Drop and Generate Events and the event on the dashboard is inundated with low priority intrusion drop events, and they are asking to reduce it, so the best option is to set the low priority events to "Generate Event" so option A is correct, I believe.
upvoted 3 times
...
powerchiken
2 years, 10 months ago
Selected Answer: A
I agree with kakakayayaya.
upvoted 1 times
...
jnk12
3 years, 2 months ago
Intrusion policy only has generate events, disabled, and drop and generate events. So the answer is correct.
upvoted 4 times
anwar1
2 years, 5 months ago
Thank you for mentioning that, though our logic is correct but still we need to follow Cisco guidelines to be able to correct score a mark for correct answer.
upvoted 1 times
...
...
ASIFIMRAN
3 years, 3 months ago
Drop packet is correct
upvoted 2 times
...
Bobster02
3 years, 4 months ago
A would make the most seance to me.
upvoted 1 times
...
kakakayayaya
3 years, 5 months ago
PS Event filtering with threshold should be the most appropriate solution for reducing events but there is no such answer......
upvoted 3 times
...
kakakayayaya
3 years, 5 months ago
generate events - it is exactly what was asked to avoid. To reduce amount of events we need to drop packets. Block with reset even better. So A and C make scene for me but would I vote for A.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago