SNCF — Securing Networks with Firepower — Question 135

An engineer is troubleshooting application failures through an FTD deployment. While using the FMC CLI, it has been determined that the traffic in question is not matching the desired policy. What should be done to correct this?

Answer options

• A. Use the system support firewall-engine-debug command to determine which rules the traffic matching and modify the rule accordingly.
• B. Use the system support firewall-engine-dump-user-identity-data command to change the policy and allow the application though the firewall.
• C. Use the system support application-identification-debug command to determine which rules the traffic matching and modify the rule accordingly.
• D. Use the system support network-options command to fine tune the policy.

Correct answer: A

Explanation

The correct answer is A because using the system support firewall-engine-debug command allows the engineer to see which rules the traffic is matching and make necessary adjustments. Option B is incorrect as it pertains to user identity data, which does not directly affect traffic policy matching. Option C, while related, is less appropriate since it focuses on application identification rather than directly debugging firewall rules. Option D does not specifically address the issue of traffic not matching the policy.