SNCF — Securing Networks with Firepower — Question 129

An engineer is reviewing a ticket that requests to allow traffic for some devices that must connect to a server over 8699/udp. The request mentions only one IP address, 172.16.18.15, but the requestor asked for the engineer to open the port for all machines that have been trying to connect to it over the last week. Which action must the engineer take to troubleshoot this issue?

Answer options

• A. Use the context explorer to see the application blocks by protocol.
• B. Filter the connection events by the source port 8699/udp.
• C. Filter the connection events by the destination port 8699/udp.
• D. Use the context explorer to see the destination port blocks.

Correct answer: C

Explanation

The correct answer is C because filtering the connection events by the destination port 8699/udp will allow the engineer to see all connection attempts made to the server on that port, revealing which devices are trying to connect. Options A and D focus on application blocks rather than connection events, while option B incorrectly suggests filtering by the source port, which is not relevant to this troubleshooting scenario.