SNCF — Securing Networks with Firepower — Question 60

An organization wants to secure traffic from their branch office to the headquarters building using Cisco Firepower devices. They want to ensure that their Cisco
Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done to meet these requirements?

Answer options

• A. Configure the Cisco Firepower devices to bypass the access control policies for VPN traffic.
• B. Tune the intrusion policies in order to allow the VPN traffic through without inspection.
• C. Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter policies.
• D. Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as interesting traffic.

Correct answer: A

Explanation

The correct answer is A, as bypassing access control policies for VPN traffic ensures that the Cisco Firepower devices do not inspect this type of traffic, conserving resources. Option B is incorrect as tuning intrusion policies does not bypass access controls. Option C, while it involves ignoring traffic, does not specifically address the access control policies. Option D involves re-classifying traffic, which is not necessary if the traffic is simply bypassed.