SNCF — Securing Networks with Firepower — Question 221

When packet capture is used on a Cisco Secure Firewall Threat Defense device and the packet flow is waiting on the malware query, which Snort verdict appears?

Answer options

• A. block
• B. retry
• C. replace
• D. blockflow

Correct answer: B

Explanation

The correct answer is B, 'retry', as this verdict indicates that the packet is paused for further analysis due to a pending malware query. The other options, such as 'block', 'replace', and 'blockflow', do not represent a state of waiting but rather imply immediate actions taken against the traffic.