Exam 300-710 topic 1 question 120 discussion

Enabling AAB - if the Snort processes are causing a performance degradation, certain traffic can bypass these Snort processes to alleviate the bottleneck when a performance threshold is crossed.

When the SNORT inspection engine is overwhelmed, to minimize traffic interruption during peak traffic times, a network engineer can configure the IPS (Intrusion Prevention System) to alleviate this issue by enabling Automatic Application Bypass. Therefore, the correct answer is D, Enable Automatic Application Bypass. When the SNORT inspection engine is overwhelmed, enabling Automatic Application Bypass allows the IPS to bypass specific applications or protocols that are causing the bottleneck. This ensures that critical traffic is not dropped, and network performance is not degraded during peak traffic times. Enabling IPS inline link state propagation (Option A) is a mechanism that ensures link state information is propagated to the inline security device, such as IPS. It helps ensure that the IPS does not forward traffic to an interface that is down. However, it does not directly address the issue of SNORT engine overload.

Automatic Application Bypass (AAB) allows packets to bypass detection if Snort is down or if a packet takes too long to process. AAB causes Snort to restart within ten minutes of the failure, and generates troubleshooting data that can be analyzed to investigate the cause of the Snort failure. https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/device_management_basics.html