SNCF — Securing Networks with Firepower — Question 223

An administrator receives reports that users cannot access a cloud-hosted web server. The access control policy was recently updated with several new policy additions and URL filtering. What must be done to troubleshoot the issue and restore access without sacrificing the organization's security posture?

Answer options

• A. Download a PCAP of the traffic to verify the blocks and use the FlexConfig to override the existing policy.
• B. Review the output in connection events to validate the block, and modify the policy to allow the traffic.
• C. Create a new access control policy rule to allow ports 80 and 443 to the FQDN of the web server.
• D. Verify the blocks using the packet capture tool and create a rule with the action monitor for the traffic.

Correct answer: B

Explanation

The correct answer is B because reviewing connection events allows the administrator to confirm the source of the block and make necessary modifications to the policy without compromising security. Option A involves overriding the policy, which may weaken security, while C only allows specific ports and does not address the root cause. Option D suggests monitoring the traffic but does not resolve the access issue directly.