Examice

Exam 300-710 All QuestionsBrowse all questions from this exam

Question 195

An engineer defines a new rule while configuring an Access Control Policy. After deploying the policy, the rule is not working as expected and the hit counters associated with the rule are showing zero. What is causing this error?

An incorrect application signature was used in the rule.

The wrong source interface for Snort was selected in the rule.

The rule was not enabled after being created.

Logging is not enabled for the rule.

Correct Answer: A

If an incorrect application signature was used in the rule, the traffic will not be correctly identified, leading to the rule not being triggered. This would result in zero hit counters for that rule, as no matching traffic is found.

Discussion

z6st2a1jvOption: A

When you create an access control rule, it is enabled by default. https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/access_control_rules.html

bassfunkOption: C

Honestly the answer could be A or C. C requires the least assumptions so it sounds better.

Initial14Option: A

Only A. Incorrect Application signature: Lets say you want to block facebook, and instead facebook you used Facebook games. B and D makes no sense C: Rules are enabled by default, only SNORT rules need to be enabled (drop and generate events, generate events,...) to take action.

gwb

good explanation!

Joe_BlueOption: C

The correct answer is C. The most likely cause of the error is that the rule was not enabled after being created. By default, new rules are created in a disabled state, which means that they do not take effect until they are explicitly enabled. If the rule is not enabled, it will not be matched against traffic and the hit counters associated with the rule will remain at zero.

Initial14

What ? When you create ACL rule you do no ned to enable it ?!. If there is no hits in counter, that means the traffic did not match the criteria: source IP, destination IP, URL, application,... So C is not the one. I think you are refering to SNORT rules and that is not the case here

Bbb78

You dont need to enable it - but if it is not enabled the hitcnt will be ). Still it could be A ....so

never1

Joe, i have just checked the new rules are not created in a disabled state (at least in my case). I still go with answer C because of hit count.

eafea4fOption: A

I changed my answer to A. New new rules in 7.3 are enabled by default.