SNCF — Securing Networks with Firepower — Question 19

Network traffic coming from an organization's CEO must never be denied. Which access control policy configuration option should be used if the deployment engineer is not permitted to create a rule to allow all traffic?

Answer options

• A. Change the intrusion policy from security to balance.
• B. Configure a trust policy for the CEO.
• C. Configure firewall bypass.
• D. Create a NAT policy just for the CEO.

Correct answer: B

Explanation

The correct answer is B, as configuring a trust policy specifically for the CEO allows their traffic to be prioritized and ensures it is never denied. Options A, C, and D do not directly address the requirement of ensuring the CEO's traffic is always permitted without opening up access for all users.