300-710 topic 1 question 299

Share Test → Cisco Certifications → 300-710 topic 1 question 299

Pages 1

You must login or register to post a reply

RSS topic feed

Posts: 3

1 Topic by MastrM 2024-04-29 10:58:11

MastrM
New member
Offline

Topic: 300-710 topic 1 question 299

When packet capture is used on a Cisco Secure Firewall Threat Defense device and the packet flow is waiting on the malware query, which Snort verdict appears?

A.
block
B.
retry
C.
replace
D.
blockflow

2 Reply by MooseMullay 2024-04-29 11:00:32

MooseMullay
New member
Offline

Re: 300-710 topic 1 question 299

Looks like retry based on the following link:

https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/troubleshooting_the_system.html

3 Reply by gwb 2024-04-29 12:04:02

gwb
New member
Offline

Re: 300-710 topic 1 question 299

BlockFlow Verdict:
The BlockFlow verdict is specific to Snort.
When a packet receives the BlockFlow verdict, it is dropped immediately, and subsequent packets in the same session are also dropped before reaching Snort.
Essentially, it prevents any further processing of that flow.
Use Cases:
Malware Detection: For example, if Snort identifies a packet as malicious (e.g., malware), it may assign the BlockFlow verdict to prevent any additional communication from that source.

Posts: 3

Pages 1

You must login or register to post a reply

Share Test → Cisco Certifications → 300-710 topic 1 question 299

Note: This forum is a platform for users to share insights and discuss exam-related topics. We do not provide authentic exam questions or answers. The content here is contributed by community members and is meant for collaborative learning and discussion purposes only. Users are encouraged to refer to official sources for accurate exam materials.