SNCF — Securing Networks with Firepower — Question 220

An administrator must fix a network problem whereby traffic from the inside network to a webserver is not getting through an instance of Cisco Secure Firewall Threat Defense. Which command must the administrator use to capture packets to the webserver that are dropped by Secure Firewall Threat Defense and resolve the issue?

Answer options

• A. capture CAP int INSIDE match ip any host WEBSERVERIP
• B. capture CAP int OUTSIDE match ip any host WEBSERVERIP
• C. capture CAP int INSIDE match tcp any 80 host WEBSERVERIP 80
• D. capture CAP type asp-drop all headers-only

Correct answer: D

Explanation

The correct command, D, captures all dropped packets along with their headers, which is essential for diagnosing issues with traffic being blocked. Options A and B focus on capturing traffic in certain directions but do not specifically target dropped packets. Option C limitedly captures TCP traffic on port 80, which may not include all dropped packets relevant to the problem.