SNCF — Securing Networks with Firepower — Question 41

An organization has implemented Cisco Firepower without IPS capabilities and now wants to enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize the Snort rule sets to detect malicious behavior. How is this accomplished?

Answer options

• A. Modify the network discovery policy to detect new hosts to inspect.
• B. Modify the access control policy to redirect interesting traffic to the engine.
• C. Modify the intrusion policy to determine the minimum severity of an event to inspect.
• D. Modify the network analysis policy to process the packets for inspection.

Correct answer: B

Explanation

The correct answer is B because modifying the access control policy allows the organization to redirect relevant traffic to the inspection engine where it can be analyzed for anomalies. Options A, C, and D do not directly facilitate the redirection of interesting traffic for inspection, which is essential for enabling the desired IPS capabilities.