SNCF — Securing Networks with Firepower — Question 302

An engineer must investigate a connectivity issue from an endpoint behind a Cisco FTD device and a public DNS server. The endpoint cannot perform name resolution queries. Which action must the engineer perform to troubleshoot the issue by simulating real DNS traffic on the Cisco FTD while verifying the Snort verdict?

Answer options

• A. Use the Capture w/Trace wizard in Cisco FMC.
• B. Run the system support firewall-engine-debug command from the FTD CLI.
• C. Create a Custom Workflow in Cisco FMC.
• D. Perform a Snort engine capture using tcpdump from the FTD CLI.

Correct answer: A

Explanation

The correct answer is A because the Capture w/Trace wizard in Cisco FMC allows the engineer to simulate DNS traffic and analyze the Snort verdict effectively. Options B and D involve debugging and capturing traffic but do not specifically simulate DNS requests. Option C does not provide the required functionality for this particular troubleshooting task.