SNCF — Securing Networks with Firepower — Question 195

An engineer is configuring a Cisco Secure Firewall Threat Defense device and wants to create a new intrusion rule based on the detection of a specific pattern in the data payload for a new zero-day exploit. Which keyword type must be used to add a line that identifies the author of the rule and the date it was created?

Answer options

• A. gtp_info
• B. metadata
• C. reference
• D. content

Correct answer: B

Explanation

The correct answer is B, as the 'metadata' keyword is specifically designed for including information about the rule's author and creation date. The other options, such as 'gtp_info', 'reference', and 'content', serve different purposes in rule definitions and do not provide a way to document author or date information.