An engineer is troubleshooting connectivity to the DNS servers from hosts behind a new Cisco FTD device. The hosts cannot send DNS queries to servers in the DMZ. Which action should the engineer take to troubleshoot this issue using the real DNS packets?

A. Use the packet capture tool to check where the traffic is being blocked and adjust the access control or intrusion policy as needed

B. Use the Connection Events dashboard to check the block reason and adjust the inspection policy as needed

C. Use the packet tracer tool to determine at which hop the packet is being dropped

D. Use the show blocks command in the Threat Defense CLI tool and create a policy to allow the blocked traffic








 

Suggested Answer: B

Community Answer: B



This question is in 300-710 Securing Networks with Cisco Firepower (SNCF) Exam
For getting Cisco Certified Network Professional Security (CCNP Security) Certificate





Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Cisco.
Trademarks, certification & product names are used for reference only and belong to Cisco.
The website does not contain actual questions and answers from Cisco's Certification Exam.