SNCF — Securing Networks with Firepower — Question 53

A VPN user is unable to connect to web resources behind the Cisco FTD device terminating the connection. While troubleshooting, the network administrator determines that the DNS response are not getting through the Cisco FTD. What must be done to address this issue while still utilizing Snort IPS rules?

Answer options

• A. Uncheck the ג€Drop when Inlineג€ box in the intrusion policy to allow the traffic
• B. Modify the Snort rules to allow legitimate DNS traffic to the VPN users
• C. Disable the intrusion rule thresholds to optimize the Snort processing
• D. Decrypt the packet after the VPN flow so the DNS queries are not inspected

Correct answer: B

Explanation

The correct answer is B, as modifying the Snort rules to allow legitimate DNS traffic ensures that DNS queries can pass through while still maintaining the integrity of the IPS rules. Option A does not specifically allow DNS traffic and could compromise security. Option C would not effectively resolve the DNS issue, and D, while it may allow DNS queries to pass, is not the best practice as it compromises the inspection of other traffic.