nerdexam
Cisco

210-255 · Question #189

What do the Security Intelligence Events within the FMC allow an administrator to do?

The correct answer is A. See if a host is connecting to a known-bad domain.. Security Intelligence Events in Cisco FMC provide visibility into connections attempted to or from known-malicious IP addresses, URLs, and domains using threat intelligence feeds.

Security Monitoring

Question

What do the Security Intelligence Events within the FMC allow an administrator to do?

Options

  • ASee if a host is connecting to a known-bad domain.
  • BCheck for host-to-server traffic within your network.
  • CView any malicious files that a host has downloaded.
  • DVerify host-to-host traffic within your network.

How the community answered

(34 responses)
  • A
    91% (31)
  • C
    6% (2)
  • D
    3% (1)

Why each option

Security Intelligence Events in Cisco FMC provide visibility into connections attempted to or from known-malicious IP addresses, URLs, and domains using threat intelligence feeds.

ASee if a host is connecting to a known-bad domain.Correct

Security Intelligence in FMC uses threat intelligence feeds (such as Cisco Talos) to identify and log traffic to known-bad IP addresses, URLs, and domains. When a host attempts a connection to a blacklisted domain, the Security Intelligence Event is generated, giving administrators direct visibility into that activity. This is the core purpose of the Security Intelligence feature - correlating network traffic against threat reputation data.

BCheck for host-to-server traffic within your network.

Host-to-server traffic monitoring within the network is a function of network traffic analysis or connection events, not Security Intelligence Events specifically.

CView any malicious files that a host has downloaded.

Viewing malicious files downloaded by a host is the function of the Malware/AMP (Advanced Malware Protection) events in FMC, not Security Intelligence Events.

DVerify host-to-host traffic within your network.

Host-to-host internal traffic verification is handled by connection events or network discovery features, not Security Intelligence Events, which focus on external threat reputation.

Concept tested: Cisco FMC Security Intelligence Events and threat feeds

Source: https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/security_intelligence_blacklisting.html

Topics

#FMC#Security Intelligence#known-bad domains#threat intelligence feeds

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice