300-710 Question #23: Real Exam Question with Answer & Explanation

Question

Which description of a correlation policy configuration in the Cisco Firepower Management Center is true?

Options

• AThe system displays correlation policies that are created on all of the domains in a multidomain
• BDeleting a response group deletes the responses of that group
• CYou cannot add a host profile qualification to a correlation rule that is triggered by a malware
• DCorrelation policy priorities override whitelist priorities

Explanation

In Cisco Firepower Management Center, a true statement regarding correlation policy configuration is that you cannot add a host profile qualification to a correlation rule triggered by a malware event.

Common mistakes.

• A. Correlation policy priorities determine the evaluation order of correlation rules and do not override whitelist priorities, which typically grant explicit permission for traffic regardless of other policy considerations.
• B. In a multidomain Firepower deployment, administrators typically only see correlation policies created within their assigned domain or domains, not across all domains for security and administrative isolation.
• D. Deleting a response group removes the group itself, but whether the associated individual responses are also deleted depends on their configuration and whether they are referenced elsewhere, making the statement not universally true without further context.

Concept tested. Cisco FMC correlation policy host profile limitations

No community discussion yet for this question.