SNCF — Securing Networks with Firepower — Question 112

A network administrator wants to block traffic to a known malware site at https:/www.badsite.com and all subdomains while ensuring no packets from any internal client are sent to that site. Which type of policy must the network administrator use to accomplish this goal?

Answer options

• A. Access Control policy with URL filtering
• B. Prefilter policy
• C. DNS policy
• D. SSL policy

Correct answer: C

Explanation

The correct answer is C, as a DNS policy can effectively block requests to a specified domain and its subdomains by resolving those requests to a null address. The other options, such as Access Control policy with URL filtering, focus on different methods of traffic management that may not directly prevent DNS resolution, while Prefilter and SSL policies address other aspects of data handling.