Which Sourcefire event action should you choose if you want to block only malicious traffic from a particular end user?
A . Allow with inspection
B . Allow without inspection
C . Block
D . Trust
E . Monitor
Answer: A
Explanation:
A file policy is a set of configurations that the system uses to perform advanced malware protection and file control, as part of your overall access control configuration.
A file policy, like its parent access control policy, contains rules that determine how the system handles files that match the conditions of each rule. You can configure separate file rules to take different actions for different file types, application protocols, or directions of transfer.
You can associate a single file policy with an access control rule whose action is Allow, Interactive Block, or Interactive Block with reset. The system then uses that file policy to inspect network traffic that meets the conditions of the access control rule.
Source: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-userguide/asa-firepower- module-user-guide-v541/AMP-Config.html
Leave a Reply