Access Control Policy Rule Actions | Cisco Firepower Exam (300-710-SNCF)

Access Control Policy Rule Actions

Question

Which two actions can be used in an access control policy rule? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

AB.

https://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user-guide/asa-firepower-module-user-guide-v541/AC-Rules-Tuning-

Access control policies (also known as security policies or firewall policies) are used to define rules that govern how traffic is allowed or denied through a network. These policies are created and enforced by firewalls or other security devices.

When creating an access control policy, there are a variety of actions that can be applied to traffic that matches a particular rule. These actions determine what happens to traffic that matches the rule, and can include allowing or denying traffic, as well as more advanced actions like blocking traffic with a reset.

To answer the question, the two actions that can be used in an access control policy rule are:

A. Block with Reset - This action blocks traffic that matches the rule, and also sends a reset packet to the source of the traffic. This is a useful action when dealing with traffic that is potentially malicious, as it can help prevent the source of the traffic from continuing its attack.

E. Block ALL - This action blocks all traffic that matches the rule. This is a very restrictive action and should be used with caution, as it can potentially block legitimate traffic as well.

The other options listed in the question are not valid actions that can be used in an access control policy rule:

B. Monitor - This is not an action that blocks or allows traffic, but rather a way to view information about traffic that matches a particular rule.

C. Analyze - This is also not an action that directly affects traffic, but rather a way to view information about traffic that matches a particular rule.

D. Discover - This is not an action that directly affects traffic, but rather a way to view information about devices or hosts on the network.