300-710 Question #258: Real Exam Question with Answer & Explanation

Question

Which action must be taken on the Cisco FMC when a packet bypass is configured in case the Snort engine is down or a packet takes too long to process?

Options

• AEnable Inspect Local Router Traffic
• BEnable Automatic Application Bypass
• CConfigure Fastpath rules to bypass inspection
• DAdd a Bypass Threshold policy for failures

Explanation

When configuring packet bypass for scenarios where the Snort engine is down or overloaded, the Cisco FMC administrator must enable Automatic Application Bypass. This feature ensures network connectivity by allowing traffic to flow even if Snort cannot process it.

Common mistakes.

• A. "Inspect Local Router Traffic" is a setting to control whether self-generated traffic by the FTD itself is inspected, not a mechanism for bypassing Snort due to engine failures.
• C. Configuring fastpath rules to bypass inspection is a deliberate performance optimization for trusted traffic, managed via prefilter policies, and is not an automatic fail-safe mechanism triggered by Snort engine failures or overloads.
• D. While the concept sounds related, "Automatic Application Bypass" is the precise terminology for the feature that handles packet bypass during Snort engine failures or processing delays, not a "Bypass Threshold policy for failures."

Concept tested. Snort engine bypass for failures (AAB)

Reference. https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/intrusion-policies.html

No community discussion yet for this question.