An engineer needs to configure an access control policy rule to always send traffic for inspection without using the default action. Which action should be configured for this rule?
A - Monitor - is the right answer. Allow always inspect the flow.
Allow action permits traffic to pass through the device and continue to its destination, but with inspection and logging enabled. On the other hand, Allow is one of the default actions.
C - Allow
The default traffic inspects and allows or drops if malicious (monitor does not drop malicious traffic)
https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/access_control_rules.html
If the engineer wants to ensure that all traffic is inspected without using the default action in an access control policy rule, they should configure the "allow" action for this rule.
In Cisco Firepower Management Center, the "allow" action permits traffic to pass through the device and continue to its destination, but with inspection and logging enabled. By default, traffic that does not match any access control policy rule is handled by the default action, which is typically set to "allow" or "block".
Using the "monitor" action would only allow traffic to pass through the device for the purpose of collecting data and generating reports, without inspection or logging.
ALLOW ? This option will always send traffic for inspection
Rule 4: Allow is the final rule. For this rule, matching traffic is allowed; however, prohibited files, malware, intrusions, and exploits within that traffic are detected and blocked. Remaining non-prohibited, non-malicious traffic is allowed to its destination, though it is still subject to identity requirements and rate limiting. You can configure Allow rules that perform only file inspection, or only intrusion inspection, or neither.
https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/access_control_rules.html
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Premium_Pils
9 months, 3 weeks agoums008
1 year, 10 months agobodomobil
1 year, 11 months agoalischajan
2 years, 1 month agoalischajan
2 years, 1 month agoG33
2 years agosull3y
2 years, 2 months agosull3y
2 years, 2 months agoangry
2 years, 2 months agoluisseijuro
2 years, 3 months agoEmlia1
2 years, 6 months agoEd1976
2 years, 6 months agoAhmedoooooo
2 years, 6 months agoInitial14
2 years, 8 months agoHereim
2 years, 7 months ago