ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-710 All Questions

View all questions & answers for the 300-710 exam
Go to Exam

Exam 300-710 topic 1 question 70 discussion

Actual exam question from Cisco's 300-710
Question #: 70
Topic #: 1
[All 300-710 Questions]

An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?

  • A. Modify the Cisco ISE authorization policy to deny this access to the user
  • B. Modify Cisco ISE to send only legitimate usernames to the Cisco FTD
  • C. Add the unknown user in the Access Control Policy in Cisco FTD
  • D. Add the unknown user in the Malware & File Policy in Cisco FTD
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Reference:
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/fptd-fdm-config-guide-640/fptd-fdm- identity.html#concept_655B055575E04CA49B10186DEBDA301A
by cryptofetti at Aug. 21, 2021, 3:27 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
d0980cc
2 months, 1 week ago
Selected Answer: C
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/fdm/fptd-fdm-config-guide-640/fptd-fdm-identity.html#concept_655B055575E04CA49B10186DEBDA301A:~:text=provide%20these%20users.-,Dealing%20with%20Unknown%20Users,-When%20you%20configure
upvoted 1 times
...
StewieFTW22
3 months, 1 week ago
Selected Answer: A
I would block it on ISE — The unknown user is passing aaa somehow, so even if they were blocked on FTD, they would still be able to communicate with internal resources.
upvoted 1 times
...
gwb
8 months, 3 weeks ago
Handling Unknown Users: Depending on your security requirements, you can configure the ACP to handle unknown users in different ways: Block Action: You can create a rule in the ACP with a block action specifically for unknown users. This ensures that any traffic from unidentified sources is denied. Example Configuration: Let’s say you want to block traffic from unknown users. Here’s how you can set up an ACP rule: Rule Name: Unknown User Block Source: Any (since we’re targeting unknown users) Destination: Specific network or host (customize based on your requirements) Services: Specify the relevant services (e.g., HTTP, HTTPS, etc.) Action: Block Logging: Enable logging for visibility So, tehcnically it is possible for FMC to block unknown user through ACP rules. However, in real world, unknown user should be blocked (unauthorized) from ISE (port level). In that case A more makes sense, but from FMC perspective, C is ok. My choice is C
upvoted 2 times
...
cryptofetti
3 years, 4 months ago
-This one makes no sense. My guess is A or B -How would you create an ACP and add an unknown user if ISE is currently profiling endpoints?
upvoted 1 times
dariol
3 years, 3 months ago
Unkown is a special identity that can be used in a rule if you use identity policies. C is correct.
upvoted 8 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel