SNCF — Securing Networks with Firepower — Question 144

An administrator needs to configure Cisco FMC to send a notification email when a data transfer larger than 10 MB is initiated from an internal host outside of standard business hours. Which Cisco FMC feature must be configured to accomplish this task?

Answer options

• A. file and malware policy
• B. application detector
• C. correlation policy
• D. intrusion policy

Correct answer: C

Explanation

The correct answer is C, correlation policy, as it allows the administrator to define conditions under which alerts are generated, including specific data transfer thresholds and time frames. Options A, B, and D do not provide the functionality required for monitoring and alerting on specific data transfer events based on time and size.