nerdexam
Cisco

350-401 · Question #1041

Which version of NetFlow does Cisco Threat Defense utilize to obtain visibility into the network?

The correct answer is D. flexible. Cisco Threat Defense utilizes flexible NetFlow to obtain detailed visibility into network traffic flows.

Submitted by andreas_gr· Mar 6, 2026Security

Question

Which version of NetFlow does Cisco Threat Defense utilize to obtain visibility into the network?

Options

  • ANBAR2
  • BIPFIX
  • C8
  • Dflexible

How the community answered

(36 responses)
  • B
    6% (2)
  • C
    3% (1)
  • D
    92% (33)

Why each option

Cisco Threat Defense utilizes flexible NetFlow to obtain detailed visibility into network traffic flows.

ANBAR2

NBAR2 (Network-Based Application Recognition 2) is a deep packet inspection technology for application recognition, not a NetFlow version for exporting flow data.

BIPFIX

IPFIX (IP Flow Information Export) is an industry standard for flow data export, but Cisco's specific implementation and terminology often refer to this capability as 'flexible NetFlow'.

C8

NetFlow v8 is an older version primarily used for aggregation, which has largely been superseded by flexible NetFlow (IPFIX).

DflexibleCorrect

Cisco Threat Defense, including Firepower appliances, leverages flexible NetFlow to collect detailed IP traffic information. Flexible NetFlow allows customization of collected fields and is the evolution of traditional NetFlow, aligning with the IPFIX standard for interoperability.

Concept tested: Cisco Threat Defense NetFlow version

Source: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/firepower_threat_defense_system_features.html

Topics

#Cisco Threat Defense#NetFlow versions#Network visibility

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice