SNCF — Securing Networks with Firepower — Question 52

An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls. A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic is being allowed through the firewall. How should this be addressed to block the traffic while allowing legitimate user traffic?

Answer options

• A. Modify the Cisco ISE authorization policy to deny this access to the user
• B. Modify Cisco ISE to send only legitimate usernames to the Cisco FTD
• C. Add the unknown user in the Access Control Policy in Cisco FTD
• D. Add the unknown user in the Malware & File Policy in Cisco FTD

Correct answer: C

Explanation

The correct answer is C because adding the unknown user to the Access Control Policy allows the administrator to specifically manage their access based on the organization's security policies. The other options either do not directly address the unknown user traffic issue or are not applicable to how Cisco FTD handles access controls.