ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-710 All Questions

View all questions & answers for the 300-710 exam
Go to Exam

Exam 300-710 topic 1 question 219 discussion

Actual exam question from Cisco's 300-710
Question #: 219
Topic #: 1
[All 300-710 Questions]



Refer to the exhibit. A systems administrator conducts a connectivity test to their SCCM server from a host machine and gets no response from the server. Which action ensures that the ping packets reach the destination and that the host receives replies?

  • A. Configure a custom Snort signature to allow ICMP traffic after inspection.
  • B. Modify the Snort rules to allow ICMP traffic.
  • C. Create an access control policy rule that allows ICMP traffic.
  • D. Create an ICMP allow list and add the ICMP destination to remove it from the implicit deny list.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Baumb at Feb. 12, 2023, 3:05 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MB2222
6 months, 1 week ago
The correct answer should be (C), since it says within Phase: 16 section: >> Firewall: block rule, 'Ping', drop << and also a bit later: >> Snort id 0, NAP id 2, IPS id 0, Verdict BLACKLIST, Blocked by Firewall So, both statements such as: A) "Firewall: block rule, 'Ping', drop" B) "Verdict BLACKLIST, Blocked by Firewall" are indications that ACP was denying the connection request, here ICMP traffic. So again, answer (C).
upvoted 1 times
...
Stevens0103
9 months, 2 weeks ago
Selected Answer: D
Creating an ICMP allow list and adding the ICMP destination to remove it from the implicit deny list, would be a more targeted approach. This would allow only the specific ICMP traffic between the SCCM server and the host machine, which is what the system administrator is trying to achieve. This approach maintains a high level of security while still allowing the necessary connectivity for the connectivity test.
upvoted 1 times
Stevens0103
8 months, 3 weeks ago
Changed my mind. The answer is C.
upvoted 1 times
...
...
[Removed]
1 year, 2 months ago
Selected Answer: C
As long as the packet is being dropped by the firewall, an ACP needs to be in place to allow that traffic. Please check the snor text: Blocked by the firewall.
upvoted 3 times
...
SegaMasterSystemAdmin
1 year, 5 months ago
Selected Answer: C
Modify the SNORT rules? lol oink oink snort snort The answer is C. It is obvious that most of the folks here have never seen a firewall before
upvoted 2 times
SegaMasterSystemAdmin
1 year, 5 months ago
There is no such thing as modifying SNORT rules, you can modify IPS policy and make some changes there but ultimately based on the output, there's a currently an ACP rule called "Ping" that is dropping the traffic, so in order to allow the ping an ACP rule needs to be created and added above the "Ping" rule to allow the ping through.
upvoted 1 times
Vlad_Is_Love_ua
1 year, 2 months ago
You are wrong. You can modify SNORT rule. From this : https://www.cisco.com/c/en/us/td/docs/security/firepower/70/snort3/config-guide/snort3-configuration-guide-v70/overview.html#concept_D87B73A83ACA42CCA656F0041F9D860B .... Snort 3 is architecturally redesigned to inspect more traffic with equivalent resources when compared to Snort 2. Snort 3 provides simplified and flexible insertion of traffic parsers. Snort 3 also provides new rule syntax that makes rule writing easier and shared object rule equivalents visible. ....
upvoted 2 times
...
...
...
Gabranch
1 year, 5 months ago
Selected Answer: C
https://community.cisco.com/t5/network-security/ftd-firewall-blocked-or-blacklisted/td-p/4494363 The SNORT phase appears to be a red herring.
upvoted 3 times
...
Initial14
1 year, 6 months ago
Selected Answer: B
The drop reason is SNORT. so the only answer is B.
upvoted 3 times
Initial14
1 year, 6 months ago
The reason for drop is SNORT preprocessor
upvoted 4 times
Bbb78
1 year, 5 months ago
exactly - preprocessor is before any ACLs, so only there will this be permitted. the ICMP rules are set to Block. Even if permited by ACL - Snort will block it first in the preprocessor. B should be correct
upvoted 4 times
gwb
7 months, 2 weeks ago
My answer is B as well https://community.cisco.com/t5/network-security/blocked-or-blacklisted-by-the-firewall-preprocessor/td-p/3054396 In such a case the destination address is in the Firepower blacklist - either the one downloaded automatically as part of the Cisco Security Intelligence (SI) feed or a local custom blacklist. local blacklist is NOT in ACP, but prefilter which is Snort part, not LENA.
upvoted 2 times
...
...
...
...
Milan82
1 year, 7 months ago
What you think about D?
upvoted 2 times
...
freho
1 year, 8 months ago
Selected Answer: B
ACP Rule makes no sense, the exihibit shows a snort-trace.
upvoted 4 times
...
Baumb
1 year, 8 months ago
Im leaning to B, since there seems to be a rule configured with the name "Ping" that drops the traffic
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago