SNCF — Securing Networks with Firepower — Question 113

An engineer must investigate a connectivity issue and decides to use the packet capture feature on Cisco FTD. The goal is to see the real packet going through the Cisco FTD device and see Snort detection actions as a part of the output. After the capture-traffic command is issued, only the packets are displayed. Which action resolves this issue?

Answer options

• A. Specify the trace using the -T option after the capture-traffic command
• B. Perform the trace within the Cisco FMC GUI instead of the Cisco FMC CLI
• C. Use the verbose option as a part of the capture-traffic command
• D. Use the capture command and specify the trace option to get the required information

Correct answer: D

Explanation

The correct answer is D because using the capture command with the trace option allows for detailed packet capture, including Snort detection actions. The other options either do not address the specific requirement for trace information or suggest alternative methods that do not provide the necessary output.