SNCF — Securing Networks with Firepower — Question 180

The security engineer reviews the syslog server events of an organization and sees many outbound connections to malicious sites initiated from hosts running Cisco Secure Endpoint. The hosts are on a separate network from the Cisco FTD device. Which action blocks the connections?

Answer options

• A. Modify the policy on Cisco Secure Endpoint to enable DFC.
• B. Modify the access control policy on the Cisco FMC to block malicious outbound connections
• C. Add the IP addresses of the malicious sites to the access control policy on the Cisco FMC
• D. Add a Cisco Secure Endpoint policy with the Tetra and Spero engines enabled

Correct answer: A

Explanation

The correct answer is A because enabling DFC (Dynamic File Control) on Cisco Secure Endpoint helps in blocking malicious outbound connections directly at the endpoint. Options B and C relate to the Cisco FMC, which would not affect endpoints that are already compromised. Option D does not directly address the blocking of outbound connections to malicious sites.