Examice

Exam 300-710 All QuestionsBrowse all questions from this exam

Question 154

An engineer must investigate a connectivity issue and decides to use the packet capture feature on Cisco FTD. The goal is to see the real packet going through the Cisco FTD device and see Snort detection actions as a part of the output. After the capture-traffic command is issued, only the packets are displayed. Which action resolves this issue?

Specify the trace using the -T option after the capture-traffic command

Perform the trace within the Cisco FMC GUI instead of the Cisco FMC CLI

Use the verbose option as a part of the capture-traffic command

Use the capture command and specify the trace option to get the required information

Correct Answer: D

To resolve the issue of capturing real packets and seeing Snort detection actions on a Cisco FTD device, the correct action is to use the capture command and specify the trace option. This ensures the output includes the required details for troubleshooting connectivity issues and viewing Snort detection actions.

Discussion

thegreenhouseslOption: A

To see the real packets going through the Cisco FTD device and the Snort detection actions as part of the output, the engineer should use the following command: capture-traffic <capture_name> trace snort This command will capture traffic and display the real packets along with the Snort detection actions. If the engineer is already using this command, but only the packets are being displayed, the issue may be that the trace is not specified. To resolve this issue, the engineer should use option A: specify the trace using the -T option after the capture-traffic command. The engineer should add -T snort or -T raw to the end of the command. -T snort specifies that the output should include Snort intrusion events, while -T raw specifies that the output should include the raw packets. Therefore, the correct answer to this question is: A. Specify the trace using the -T option after the capture-traffic command.

[Removed]

It says Snort engine. So yes - > A. capture command is for LINA engine, capture-traffic is for Snort Engine verdicts.

KISRUVEMOption: B

The capture command doesn’t use Snort. There is no "verbose" option for capture-traffic that I can find. “-T” won’t produce Snort output. The FMC GUI does show packet trace and Snort output, so I think the answer is B.

gwb

My choice is D To trace a real packet is very useful to troubleshoot connectivity issues. It allows you to see all the internal checks that a packet goes through. Add the trace detail keywords and specify the number of packets that you want to be traced. Phase: 14 Type: SNORT Subtype: Result: ALLOW Config: Additional Information: Snort Verdict: (pass-packet) allow this packet

Joe_BlueOption: D

Using the capture command and specifying the trace option is the solution to this issue. The capture-traffic command only captures traffic and displays it in a packet capture file, without showing any Snort detection actions.

BaumbOption: D

Its D as stated in: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html#anc29

eafea4fOption: D

The packet trace option in the FMC GUI simulates packets.

ms997Option: A

Answer A, @thegreenhousesl explain that in FTD.

saad_SEIUOption: D

D is the correct answer.

Initial14Option: D

Trace is the one that is missing

Initial14Option: D

It should be D

Joe_BlueOption: D

The correct answer is D. Use the capture command and specify the trace option to get the required information. capture capture-name interface inside trace

MevijilOption: D

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html#anc29