300-710 Question #322: Real Exam Question with Answer & Explanation

Question

An administrator configures new threat intelligence sources and must validate that the feeds are being downloaded and that the intelligence is being used within the Cisco Secure Firewall system. Which action accomplishes the task?

Options

• ALook at the connection security intelligence events
• BUse the source status indicator to validate the usage
• CView the threat intelligence observables to see the downloaded data
• DLook at the access control policy to validate that the intelligence is being used

Explanation

To validate the download and usage of threat intelligence feeds within the Cisco Secure Firewall system, an administrator should use the source status indicator in the Management Center.

Common mistakes.

• A. Looking at connection security intelligence events shows when intelligence is matched by traffic, but doesn't directly confirm the health, download status, or recency of the feed itself.
• C. Viewing individual threat intelligence observables would be an exhaustive and impractical method to confirm the overall status and usage of all feeds, which can contain millions of entries.
• D. Checking the access control policy confirms that security intelligence is configured for use, but it does not confirm if the actual intelligence feed has been successfully downloaded and is current.

Concept tested. Cisco FTD threat intelligence validation

Reference. https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/security_intelligence.html

No community discussion yet for this question.