Topic: 300-710 topic 1 question 299
When packet capture is used on a Cisco Secure Firewall Threat Defense device and the packet flow is waiting on the malware query, which Snort verdict appears?
A.
block
B.
retry
C.
replace
D.
blockflow
IT Certification exam information exchange, brain dumps discussions sharing.
You are not logged in. Please login or register.
Share Test → Cisco Certifications → 300-710 topic 1 question 299
When packet capture is used on a Cisco Secure Firewall Threat Defense device and the packet flow is waiting on the malware query, which Snort verdict appears?
A.
block
B.
retry
C.
replace
D.
blockflow
Looks like retry based on the following link:
https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/troubleshooting_the_system.html
D.
BlockFlow Verdict:
The BlockFlow verdict is specific to Snort.
When a packet receives the BlockFlow verdict, it is dropped immediately, and subsequent packets in the same session are also dropped before reaching Snort.
Essentially, it prevents any further processing of that flow.
Use Cases:
Malware Detection: For example, if Snort identifies a packet as malicious (e.g., malware), it may assign the BlockFlow verdict to prevent any additional communication from that source.
Share Test → Cisco Certifications → 300-710 topic 1 question 299
Note: This forum is a platform for users to share insights and discuss exam-related topics. We do not provide authentic exam questions or answers. The content here is contributed by community members and is meant for collaborative learning and discussion purposes only. Users are encouraged to refer to official sources for accurate exam materials.