An engineer must investigate a connectivity issue from an endpoint behind a Cisco FTD device and a public DNS server. The endpoint cannot perform name resolution queries. Which action must the engineer perform to troubleshoot the issue by simulating real DNS traffic on the Cisco FTD while verifying the Snarl verdict?
To use the Capture w/Trace wizard in Cisco FMC, you need to follow these steps2:
In the FMC web interface, navigate to Troubleshooting > Capture/Trace.
Click New Capture.
Choose an FTD device from the Device drop-down list.
Choose an interface from the Interface drop-down list.
Enter the source and destination IP addresses, ports, and protocols for the packets you want to capture and trace. For example, if you want to capture DNS queries from an endpoint with IP address 10.1.1.100 to a DNS server with IP address 8.8.8.8, you can enter these values:
Source IP: 10.1.1.100
Source Port: any
Destination IP: 8.8.8.8
Destination Port: 53
Protocol: UDP
Optionally, apply filters to limit the capture size and duration. For example, you can set the maximum number of packets to capture, the maximum capture file size, or the maximum capture time.
Click Start.
Ping the DNS server from the endpoint and wait for some packets to be captured.
Click Stop to stop the capture.
Click View Capture to see the captured packets and their Snort verdicts.
The other options are incorrect because:
An engineer plans to reconfigure an existing Cisco FTD from transparent mode to routed mode. Which additional action must be taken to maintain communication Between me two network segments?
The other options are incorrect because:
A network administrator is reviewing a weekly scheduled attacks risk report and notices a host that is flagged for an impact 2 attack. Where should the administrator look within Cisco FMC to find out more relevant information about this host and attack?
An engineer defines a new rule while configuring an Access Control Policy. After deploying the policy, the rule is not working as expected and the hit counters associated with the rule are showing zero. What is causing this error?
A network administrator reviews me attack risk report and notices several Low-Impact attacks. What does this type of attack indicate?
The other options are incorrect because:
The host is not necessarily outside the administrator's environment. A low-impact attack can target any host on the network, regardless of its location or ownership. A low-impact attack does not imply that the host is external or irrelevant to the administrator's environment.
Currently there are no comments in this discussion, be the first to comment!