SNCF — Securing Networks with Firepower — Question 167

An engineer must add DNS-specific rules to the Cisco FTD intrusion policy. The engineer wants to use the rules currently in the Cisco FTD Snort database that are not already enabled but does not want to enable more than are needed. Which action meets these requirements?

Answer options

• A. Change the rules using the Generate and Use Recommendations feature.
• B. Change the rule state within the policy being used.
• C. Change the dynamic state of the rule within the policy.
• D. Change the base policy to Security over Connectivity.

Correct answer: B

Explanation

The correct answer is B, as changing the rule state within the active policy allows the engineer to specifically enable only the required DNS rules without activating unnecessary ones. Options A and C involve broader changes that may not focus solely on the needed rules, and option D changes the overall policy framework rather than addressing individual rule states.