Exam 300-710 topic 1 question 179 discussion

The packet trace option in the FMC GUI simulates packets.

Answer A, @thegreenhousesl explain that in FTD.

The capture command doesn’t use Snort. There is no "verbose" option for capture-traffic that I can find. “-T” won’t produce Snort output. The FMC GUI does show packet trace and Snort output, so I think the answer is B.

D is the correct answer.

Trace is the one that is missing

To see the real packets going through the Cisco FTD device and the Snort detection actions as part of the output, the engineer should use the following command: capture-traffic <capture_name> trace snort This command will capture traffic and display the real packets along with the Snort detection actions. If the engineer is already using this command, but only the packets are being displayed, the issue may be that the trace is not specified. To resolve this issue, the engineer should use option A: specify the trace using the -T option after the capture-traffic command. The engineer should add -T snort or -T raw to the end of the command. -T snort specifies that the output should include Snort intrusion events, while -T raw specifies that the output should include the raw packets. Therefore, the correct answer to this question is: A. Specify the trace using the -T option after the capture-traffic command.

It should be D

The correct answer is D. Use the capture command and specify the trace option to get the required information. capture capture-name interface inside trace

Using the capture command and specifying the trace option is the solution to this issue. The capture-traffic command only captures traffic and displays it in a packet capture file, without showing any Snort detection actions.

Its D as stated in: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html#anc29

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html#anc29