SNCF — Securing Networks with Firepower — Question 301

An engineer is configuring a custom intrusion rule on Cisco FMC. The engineer needs the rule to search the payload or stream for the string "|44 78 97 13 2 0A|". Which keyword must the engineer use with this string to create an argument for packet inspection?

Answer options

• A. protected_content
• B. content
• C. data
• D. metadata

Correct answer: B

Explanation

The correct answer is 'content' because it is the keyword used to specify patterns or strings to look for in the data being inspected. The other options, such as 'protected_content', 'data', and 'metadata', do not serve the same purpose in this context and are not used for defining search strings in intrusion rules.