SNCF — Securing Networks with Firepower — Question 38
An engineer is investigating connectivity problems on Cisco Firepower that is using service group tags. Specific devices are not being tagged correctly, which is preventing clients from using the proper policies when going through the firewall. How is this issue resolved?
Answer options
- A. Use traceroute with advanced options
- B. Use Wireshark with an IP subnet filter
- C. Use a packet capture with match criteria
- D. Use a packet sniffer with correct filtering
Correct answer: C
Explanation
The correct answer is C because using a packet capture with match criteria allows the engineer to analyze specific traffic and determine why certain devices are not being tagged correctly. Options A and B do not provide the necessary detail about the packets, while D, although useful, lacks the specificity that match criteria in a packet capture offers.