SNCF — Securing Networks with Firepower — Question 80

A security engineer is configuring an Access Control Policy for multiple branch locations. These locations share a common rule set and utilize a network object called INSIDE_NET which contains the locally significant internal network subnets at each location. What technique will retain the policy consistency at each location but allow only the locally significant network subnet within the application rules?

Answer options

• A. utilizing a dynamic ACP that updates from Cisco Talos
• B. creating a unique ACP per device
• C. utilizing policy inheritance
• D. creating an ACP with an INSIDE_NET network object and object overrides

Correct answer: D

Explanation

The correct answer, D, allows for the use of a common network object while enabling specific overrides for local subnets, ensuring policy consistency. Option A does not provide localized control, B creates unnecessary complexity with multiple ACPs, and C does not specifically address the requirement for localized network subnets.