SNCF — Securing Networks with Firepower — Question 257

An engineer must investigate a connectivity issue by using Cisco Secure Firewall Management Center to access the Packet Capture feature on a Cisco Secure Firewall Threat Defense device. The engineer must see a real packet going through the Secure Firewall Threat Defense device and the Snort detection actions. While reviewing the packet capture, the engineer discovers that the Snort detection actions are missing. Which action must the engineer take to resolve the issue?

Answer options

• A. Enable the Continuous Capture option.
• B. Enable the Trace option.
• C. Specify the packet size.
• D. Specify the buffer size.

Correct answer: B

Explanation

The correct action is to enable the Trace option, which allows for capturing detailed information about packets, including Snort detection actions. The other options, such as enabling Continuous Capture or specifying sizes, do not directly relate to capturing Snort detection actions, which is why they won't resolve the issue.