Question #1 Topic 1

What is a result of enabling Cisco FTD clustering?

 A. For the dynamic routing feature, if the master unit fails, the newly elected master unit
maintains all existing connections.
 B. Integrated Routing and Bridging is supported on the master unit.
 C. Site-to-site VPN functionality is limited to the master unit, and all VPN connections
are dropped if the master unit fails.
 D. All Firepower appliances support Cisco FTD clustering

Correct Answer: C

Question #2 Topic 1

Which two conditions are necessary for high availability to function between two Cisco FTD
devices? (Choose two.)

 A. The units must be the same version

 B. Both devices can be part of a different group that must be in the same domain when
configured within the FMC.
 C. The units must be different models if they are part of the same series.
 D. The units must be configured only for firewall routed mode.
 E. The units must be the same model.

Correct Answer: AE

Question #3 Topic 1

On the advanced tab under inline set properties, which allows interfaces to emulate a passive
interface?

 A. transparent inline mode

 B. TAP mode
 C. strict TCP enforcement
 D. propagate link state

Correct Answer: D

Question #4 Topic 1

What are the minimum requirements to deploy a managed device inline?

 A. inline interfaces, security zones, MTU, and mode

 B. passive interface, MTU, and mode
 C. inline interfaces, MTU, and mode
 D. passive interface, security zone, MTU, and mode
Correct Answer: C 🗳️

Question #5 Topic 1

What is the difference between inline and inline tap on Cisco Firepower?

 A. Inline tap mode can send a copy of the traffic to another device.
 B. Inline tap mode does full packet capture.
 C. Inline mode cannot do SSL decryption.
 D. Inline mode can drop malicious traffic. Most Voted

Correct Answer: D

Question #6 Topic 1

With Cisco FTD software, which interface mode must be configured to passively receive traffic
that passes through the appliance?

 A. inline set
 B. passive
 C. routed
 D. inline tap

Correct Answer: B

Question #7 Topic 1

Which two deployment types support high availability? (Choose two.)

 A. transparent
 B. routed
 C. clustered
 D. intra-chassis multi-instance
 E. virtual appliance in public cloud

Correct Answer: AB

Question #8 Topic 1

Which protocol establishes network redundancy in a switched Firepower device deployment?

 A. STP
 B. HSRP
 C. GLBP
 D. VRRP
Correct Answer: A

Question #9 Topic 1

Which interface type allows packets to be dropped?

 A. passive
 B. inline
 C. ERSPAN
 D. TAP

Correct Answer: B

Question #10 Topic 1

Which Cisco Firepower Threat Defense, which two interface settings are required when
configuring a routed interface? (Choose two.)

 A. Redundant Interface
 B. EtherChannel
 C. Speed
 D. Media Type
 E. Duplex

Correct Answer: CE

Question #11 Topic 1

Which two dynamic routing protocols are supported in Cisco FTD without using FlexConfig?
(Choose two.)

 A. EIGRP
 B. OSPF Most Voted
 C. static routing
 D. IS-IS
 E. BGP Most Voted

Correct Answer: CE

Question #12 Topic 1

Which policy rule is included in the deployment of a local DMZ during the initial deployment of
a Cisco NGFW through the Cisco FMC GUI?

 A. a default DMZ policy for which only a user can change the IP addresses.
 B. deny ip any
  C. no policy rule is included
 D. permit ip any

Correct Answer: C

Question #13 Topic 1

What are two application layer preprocessors? (Choose two.)

 A. CIFS
 B. IMAP
 C. SSL
 D. DNP3
 E. ICMP

Correct Answer: BC

Question #14 Topic 1

An engineer is implementing Cisco FTD in the network and is determining which Firepower
mode to use. The organization needs to have multiple virtual
Firepower devices working separately inside of the FTD appliance to provide traffic
segmentation. Which deployment mode should be configured in the Cisco
Firepower Management Console to support these requirements?

 A. multi-instance
 B. multiple deployment
 C. single deployment
 D. single-context

Correct Answer: A

Question #15 Topic 1

A network engineer is extending a user segment through an FTD device for traffic inspection
without creating another IP subnet. How is this accomplished on an
FTD device in routed mode?

 A. by assigning an inline set interface

 B. by using a BVI and creating a BVI IP address in the same subnet as the user segment
 C. by leveraging the ARP to direct traffic through the firewall
 D. by bypassing protocol inspection by leveraging pre-filter rules

Correct Answer: A

Question #16 Topic 1

An engineer is configuring a Cisco FTD appliance in IPS-only mode and needs to utilize fail-to-
wire interfaces. Which interface mode should be used to meet these requirements?

 A. passive
 B. routed
 C. transparent
 D. inline set

Correct Answer: D

Question #17 Topic 1

An organization has noticed that malware was downloaded from a website that does not
currently have a known bad reputation. How will this issue be addressed globally in the quickest
way possible and with the least amount of impact?

 A. by creating a URL object in the policy to block the website.

 B. Cisco Talos will automatically update the policies.
 C. by denying outbound web access
 D. by isolating the endpoint

Correct Answer: B

Question #18 Topic 1

The event dashboard within the Cisco FMC has been inundated with low priority intrusion drop
events, which are overshadowing high priority events. An engineer has been tasked with
reviewing the policies and reducing the low priority events. Which action should be configured
to accomplish this task?

 A. drop packet
 B. generate events
 C. drop connection
 D. drop and generate

Correct Answer: B

Question #19 Topic 1

With Cisco FTD integrated routing and bridging, which interface does the bridge group use to
communicate with a routed interface?

 A. subinterface
 B. switch virtual
 C. bridge virtual
 D. bridge group member
Correct Answer: C

Question #20 Topic 1

An engineer is setting up a new Firepower deployment and is looking at the default FMC
policies to start the implementation. During the initial trial phase, the organization wants to test
some common Snort rules while still allowing the majority of network traffic to pass. Which
default policy should be used?

 A. Balanced Security and Connectivity

 B. Security Over Connectivity
 C. Maximum Detection
 D. Connectivity Over Security

Correct Answer: D

Question #21 Topic 1

An engineer is configuring a second Cisco FMC as a standby device but is unable to register
with the active unit. What is causing this issue?

 A. The code versions running on the Cisco FMC devices are different.
 B. The licensing purchased does not include high availability.
 C. The primary FMC currently has devices connected to it.
 D. There is only 10 Mbps of bandwidth between the two devices.

Correct Answer: A

Question #22 Topic 1

While configuring FTD, a network engineer wants to ensure that traffic passing though the
appliance does not require routing or VLAN rewriting. Which interface mode should the
engineer implement to accomplish this task?

 A. inline set
 B. passive
 C. transparent
 D. inline tap

Correct Answer: B

Question #23 Topic 1

A mid-sized company is experiencing higher network bandwidth utilization due to a recent

acquisition. The network operations team is asked to scale up their one
Cisco FTD appliance deployment to higher capacities due to the increased network bandwidth.
Which design option should be used to accomplish this goal?

 A. Deploy multiple Cisco FTD HA pairs in clustering mode to increase performance.

 B. Deploy multiple Cisco FTD appliances in firewall clustering mode to increase
performance.
 C. Deploy multiple Cisco FTD appliances using VPN load-balancing to scale
performance.
 D. Deploy multiple Cisco FTD HA pairs to increase performance.

Correct Answer: B

Question #24 Topic 1

In a multi-tenant deployment where multiple domains are in use, which update should be applied
outside of the Global Domain?

 A. minor upgrade
 B. local import of intrusion rules Most Voted
 C. Cisco Geolocation Database
 D. local import of major upgrade

Correct Answer: C

Question #25 Topic 1

An organization has a compliancy requirement to protect servers from clients, however, the
clients and servers all reside on the same Layer 3 network. Without readdressing IP subnets for
clients or servers, how is segmentation achieved?

 A. Change the IP addresses of the servers, while remaining on the same subnet.
 B. Deploy a firewall in routed mode between the clients and servers.
 C. Change the IP addresses of the clients, while remaining on the same subnet.
 D. Deploy a firewall in transparent mode between the clients and servers. Most Voted

Correct Answer: B

Question #26 Topic 1

Network traffic coming from an organization's CEO must never be denied. Which access control
policy configuration option should be used if the deployment engineer is not permitted to create
a rule to allow all traffic?

 A. Change the intrusion policy from security to balance.

 B. Configure a trust policy for the CEO.
 C. Configure firewall bypass.
  D. Create a NAT policy just for the CEO.

Correct Answer: B

Question #27 Topic 1

What is a characteristic of bridge groups on a Cisco FTD?

 A. In routed firewall mode, routing between bridge groups is supported.

 B. Routing between bridge groups is achieved only with a router-on-a-stick configuration
on a connected router.
 C. In routed firewall mode, routing between bridge groups must pass through a routed
interface.
 D. In transparent firewall mode, routing between bridge groups is supported.

Correct Answer: A

Question #28 Topic 1

A Cisco FTD device is running in transparent firewall mode with a VTEP bridge group member
ingress interface. What must be considered by an engineer tasked with specifying a destination
MAC address for a packet trace?

 A. The output format option for the packet logs is unavailable.

 B. Only the UDP packet type is supported.
 C. The destination MAC address is optional if a VLAN ID value is entered.
 D. The VLAN ID and destination MAC address are optional.

Correct Answer: C

Question #29 Topic 1

With Cisco FTD software, which interface mode must be configured to passively receive traffic
that passes through the appliance?

 A. ERSPAN
 B. firewall
 C. tap
 D. IPS-only

Correct Answer: A

Question #30 Topic 1

An engineer is monitoring network traffic from their sales and product development
departments, which are on two separate networks. What must be configured in order to maintain
data privacy for both departments?

 A. Use passive IDS ports for both departments.

 B. Use a dedicated IPS inline set for each department to maintain traffic separation.
 C. Use 802.1Q inline set Trunk interfaces with VLANs to maintain logical traffic
separation.
 D. Use one pair of inline set in TAP mode for both departments.

Correct Answer: D

Question #31 Topic 1

A hospital network needs to upgrade their Cisco FMC managed devices and needs to ensure that
a disaster recovery process is in place. What must be done in order to minimize downtime on the
network?

 A. Configure a second circuit to an ISP for added redundancy.

 B. Keep a copy of the current configuration to use as backup.
 C. Configure the Cisco FMCs for failover.
 D. Configure the Cisco FMC managed devices for clustering.

Correct Answer: C

Question #32 Topic 1

An organization has implemented Cisco Firepower without IPS capabilities and now wants to
enable inspection for their traffic. They need to be able to detect protocol anomalies and utilize
the Snort rule sets to detect malicious behavior. How is this accomplished?

 A. Modify the network discovery policy to detect new hosts to inspect.

 B. Modify the access control policy to redirect interesting traffic to the engine.
 C. Modify the intrusion policy to determine the minimum severity of an event to inspect.
 D. Modify the network analysis policy to process the packets for inspection.

Correct Answer: D

Question #33 Topic 1

An engineer is tasked with deploying an internal perimeter firewall that will support multiple
DMZs. Each DMZ has a unique private IP subnet range. How is this requirement satisfied?

 A. Deploy the firewall in transparent mode with access control policies

 B. Deploy the firewall in routed mode with access control policies
 C. Deploy the firewall in routed mode with NAT configured
  D. Deploy the firewall in transparent mode with NAT configured

Correct Answer: C

Question #34 Topic 1

An engineer must configure high availability for the Cisco Firepower devices. The current
network topology does not allow for two devices to pass traffic concurrently. How must the
devices be implemented in this environment?

 A. in active/active mode
 B. in a cluster span EtherChannel
 C. in active/passive mode
 D. in cluster interface mode

Correct Answer: C

Question #35 Topic 1

When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents
of the traffic without affecting the network. It is currently configured to have more than one
instance of the same device on the physical appliance. Which deployment mode meets the needs
of the organization?

 A. inline tap monitor-only mode

 B. passive monitor-only mode
 C. passive tap monitor-only mode
 D. inline mode

Correct Answer: B

Question #36 Topic 1

An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside
interfaces to the outside interfaces. They are unable to gather information about neighboring
Cisco devices or use multicast in their environment. What must be done to resolve this issue?

 A. Create a firewall rule to allow CDP traffic

 B. Create a bridge group with the firewall interfaces
 C. Change the firewall mode to transparent Most Voted
 D. Change the firewall mode to routed

Correct Answer: D

Question #37 Topic 1

A network engineer implements a new Cisco Firepower device on the network to take advantage
of its intrusion detection functionality. There is a requirement to analyze the traffic going across
the device, alert on any malicious traffic, and appear as a bump in the wire. How should this be
implemented?

 A. Specify the BVI IP address as the default gateway for connected devices
 B. Enable routing on the Cisco Firepower
 C. Add an IP address to the physical Cisco Firepower interfaces
 D. Configure a bridge group in transparent mode

Correct Answer: D

Question #38 Topic 1

Which two conditions must be met to enable high availability between two Cisco FTD devices?
(Choose two.)

 A. same flash memory size

 B. same NTP configuration
 C. same DHCP/PPoE configuration
 D. same host name
 E. same number of interfaces

Correct Answer: BE

Question #39 Topic 1

An engineer is building a new access control policy using Cisco FMC. The policy must inspect a
unique IPS policy as well as log rule matching. Which action must be taken to meet these
requirements?

 A. Configure an IPS policy and enable per-rule logging

 B. Disable the default IPS policy and enable global logging
 C. Configure an IPS policy and enable global logging
 D. Disable the default IPS policy and enable per-rule logging

Correct Answer: A

Question #40 Topic 1

Which two OSPF routing features are configured in Cisco FMC and propagated to Cisco FTD?
(Choose two.)

 A. OSPFv2 with IPv6 capabilities

 B. virtual links
 C. SHA authentication to OSPF packets
  D. area boundary router type 1 LSA filtering
 E. MD5 authentication to OSPF packets

Correct Answer: BE

Question #41 Topic 1

When creating a report template, how are the results limited to show only the activity of a
specific subnet?

 A. Create a custom search in Cisco FMC and select it in each section of the report.
 B. Add an Input Parameter in the Advanced Settings of the report, and set the type to
Network/IP.
 C. Add a Table View section to the report with the Search field defined as the network in
CIDR format.
 D. Select IP Address as the X-Axis in each section of the report.

Correct Answer: B

Question #42 Topic 1

What is the disadvantage of setting up a site-to-site VPN in a clustered-units environment?

 A. VPN connections can be re-established only if the failed master unit recovers.
 B. Smart License is required to maintain VPN connections simultaneously across all
cluster units.
 C. VPN connections must be re-established when a new master unit is elected.
 D. Only established VPN connections are maintained when a new master unit is elected.

Correct Answer: C

Question #43 Topic 1

What are two features of bridge-group interfaces in Cisco FTD? (Choose two.)

 A. The BVI IP address must be in a separate subnet from the connected network.
 B. Bridge groups are supported in both transparent and routed firewall modes. Most
Voted
 C. Bridge groups are supported only in transparent firewall mode.
 D. Bidirectional Forwarding Detection echo packets are allowed through the FTD when
using bridge-group members.
 E. Each directly connected network must be on the same subnet. Most Voted

Correct Answer: CD

Question #44 Topic 1

Which command is run on an FTD unit to associate the unit to an FMC manager that is at IP
address 10.0.0.10, and that has the registration key Cisco123?

 A. configure manager local 10.0.0.10 Cisco123

 B. configure manager add Cisco123 10.0.0.10
 C. configure manager local Cisco123 10.0.0.10
 D. configure manager add 10.0.0.10 Cisco123

Correct Answer: D

Question #45 Topic 1

Which two actions can be used in an access control policy rule? (Choose two.)

 A. Block with Reset

 B. Monitor
 C. Analyze
 D. Discover
 E. Block ALL

Correct Answer: AB

Question #46 Topic 1

Which two routing options are valid with Cisco FTD? (Choose two.)

 A. BGPv6
 B. ECMP with up to three equal cost paths across multiple interfaces
 C. ECMP with up to three equal cost paths across a single interface
 D. BGPv4 in transparent firewall mode
 E. BGPv4 with nonstop forwarding

Correct Answer: AC

Question #47 Topic 1

Which object type supports object overrides?

 A. time range
 B. security group tag
 C. network object
 D. DNS server group

Correct Answer: C

Question #48 Topic 1

Which Cisco Firepower rule action displays an HTTP warning page?

 A. Monitor
 B. Block
 C. Interactive Block
 D. Allow with Warning

Correct Answer: C

Question #49 Topic 1

What is the result a specifying of QoS rule that has a rate limit that is greater than the maximum
throughput of an interface?

 A. The rate-limiting rule is disabled.

 B. Matching traffic is not rate limited.
 C. The system rate-limits all traffic.
 D. The system repeatedly generates warnings.

Correct Answer: B

Question #50 Topic 1

Which Firepower feature allows users to configure bridges in routed mode and enables devices
to perform Layer 2 switching between interfaces?

 A. FlexConfig
 B. BDI
 C. SGT
 D. IRB

Correct Answer: D

Question #51 Topic 1

In which two places are thresholding settings configured? (Choose two.)

 A. on each IPS rule

 B. globally, within the network analysis policy
 C. globally, per intrusion policy
 D. on each access control rule
 E. per preprocessor, within the network analysis policy

Correct Answer: AC

Question #52 Topic 1

In which two ways do access control policies operate on a Cisco Firepower system? (Choose
two.)

 A. Traffic inspection is interrupted temporarily when configuration changes are deployed.

 B. The system performs intrusion inspection followed by file inspection.
 C. They block traffic based on Security Intelligence data.
 D. File policies use an associated variable set to perform intrusion prevention.
 E. The system performs a preliminary inspection on trusted traffic to validate that it
matches the trusted parameters.

Correct Answer: AC

Question #53 Topic 1

Which two types of objects are reusable and supported by Cisco FMC? (Choose two.)

 A. dynamic key mapping objects that help link HTTP and HTTPS GET requests to Layer
7 application protocols.
 B. reputation-based objects that represent Security Intelligence feeds and lists, application
filters based on category and reputation, and file lists
 C. network-based objects that represent IP addresses and networks, port/protocol pairs,
VLAN tags, security zones, and origin/destination country
 D. network-based objects that represent FQDN mappings and networks, port/protocol
pairs, VXLAN tags, security zones and origin/destination country
 E. reputation-based objects, such as URL categories

Correct Answer: BC

Question #54 Topic 1

A security engineer is configuring an Access Control Policy for multiple branch locations. These
locations share a common rule set and utilize a network object called INSIDE_NET which
contains the locally significant internal network subnets at each location. What technique will
retain the policy consistency at each location but allow only the locally significant network
subnet within the application rules?

 A. utilizing a dynamic ACP that updates from Cisco Talos

 B. creating a unique ACP per device
 C. utilizing policy inheritance
 D. creating an ACP with an INSIDE_NET network object and object overrides

Correct Answer: D

Question #55 Topic 1

An organization has seen a lot of traffic congestion on their links going out to the internet. There
is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving
the enterprise. How is the congestion alleviated so that legitimate business traffic reaches the
destination?

 A. Create a NAT policy so that the Cisco Firepower device does not have to translate as
many addresses.
 B. Create a flexconfig policy to use WCCP for application aware bandwidth limiting.
 C. Create a QoS policy rate-limiting high bandwidth applications.
 D. Create a VPN policy so that direct tunnels are established to the business applications.

Correct Answer: C

Question #56 Topic 1

An engineer configures an access control rule that deploys file policy configurations to security
zone or tunnel zones, and it causes the device to restart. What is the reason for the restart?

 A. Source or destination security zones in the access control rule matches the security
zones that are associated with interfaces on the target devices.
 B. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a
tunnel rule in the destination policy.
 C. Source or destination security zones in the source tunnel zone do not match the
security zones that are associated with interfaces on the target devices.
 D. The source tunnel zone in the rule does not match a tunnel zone that is assigned to a
tunnel rule in the source policy.

Correct Answer: A

Question #57 Topic 1

An engineer is attempting to create a new dashboard within the Cisco FMC to have a single view
with widgets from many of the other dashboards. The goal is to have a mixture of threat and
security related widgets along with Cisco Firepower device health information. Which two
widgets must be configured to provide this information? (Choose two.)

 A. Intrusion Events
 B. Correlation Information
 C. Appliance Status
 D. Current Sessions
 E. Network Compliance

Correct Answer: AC

Question #58 Topic 1

There is an increased amount of traffic on the network and for compliance reasons, management
needs visibility into the encrypted traffic. What is a result of enabling TLS/SSL decryption to
allow this visibility?

 A. It prompts the need for a corporate managed certificate.

 B. It will fail if certificate pinning is not enforced.
 C. It has minimal performance impact.
 D. It is not subject to any Privacy regulations.

Correct Answer: A

Question #59 Topic 1

An organization is setting up two new Cisco FTD devices to replace their current firewalls and
cannot have any network downtime. During the setup process, the synchronization between the
two devices is failing. What action is needed to resolve this issue?

 A. Confirm that both devices are running the same software version.
 B. Confirm that both devices are configured with the same types of interfaces.
 C. Confirm that both devices have the same flash memory sizes.
 D. Confirm that both devices have the same port-channel numbering.

Correct Answer: A

Question #60 Topic 1

An organization wants to secure traffic from their branch office to the headquarters building
using Cisco Firepower devices. They want to ensure that their Cisco
Firepower devices are not wasting resources on inspecting the VPN traffic. What must be done
to meet these requirements?

 A. Configure the Cisco Firepower devices to bypass the access control policies for VPN
traffic.
 B. Tune the intrusion policies in order to allow the VPN traffic through without
inspection.
 C. Configure the Cisco Firepower devices to ignore the VPN traffic using prefilter
policies.
 D. Enable a flexconfig policy to re-classify VPN traffic so that it no longer appears as
interesting traffic.

Correct Answer: A

Question #61 Topic 1

An administrator is working on a migration from Cisco ASA to the Cisco FTD appliance and
needs to test the rules without disrupting the traffic. Which policy type should be used to
configure the ASA rules during this phase of the migration?

 A. Prefilter
 B. Intrusion
 C. Access Control
 D. Identity

Correct Answer: A

Question #62 Topic 1

A network administrator is seeing an unknown verdict for a file detected by Cisco FTD. Which
malware policy configuration option must be selected in order to further analyze the file in the
Talos cloud?

 A. malware analysis
 B. dynamic analysis
 C. sandbox analysis
 D. Spero analysis

Correct Answer: B

Question #63 Topic 1

An engineer has been tasked with providing disaster recovery for an organization's primary
Cisco FMC. What must be done on the primary and secondary Cisco
FMCs to ensure that a copy of the original corporate policy is available if the primary Cisco
FMC fails?

 A. Restore the primary Cisco FMC backup configuration to the secondary Cisco FMC
device when the primary device fails.
 B. Connect the primary and secondary Cisco FMC devices with Category 6 cables of not
more than 10 meters in length.
 C. Configure high-availability in both the primary and secondary Cisco FMCs.
 D. Place the active Cisco FMC device on the same trusted management network as the
standby device.

Correct Answer: C

Question #64 Topic 1

An engineer is attempting to add a new FTD device to their FMC behind a NAT device with a
NAT ID of ACME001 and a password of Cisco0391521107. Which command set must be used
in order to accomplish this?
  A. configure manager add<FMC IP> <registration key>ACME001
 B. configure manager add ACME001<registration key> <FMC IP>
 C. configure manager add <FMC IP>ACME001<registration key>
 D. configure manager add DONTRESOLVE <FMC IP> AMCE001<registration key>

Correct Answer: A

Question #65 Topic 1

Refer to the exhibit. An organization has an access control rule with the intention of sending all
social media traffic for inspection. After using the rule for some time, the administrator notices
that the traffic is not being inspected, but is being automatically allowed. What must be done to
address this issue?

 A. Add the social network URLs to the block list.

 B. Change the intrusion policy to connectivity over security.
 C. Modify the selected application within the rule.
 D. Modify the rule action from trust to allow.

Correct Answer: C

Question #66 Topic 1

A user within an organization opened a malicious file on a workstation which in turn caused a
ransomware attack on the network. What should be configured within the Cisco FMC to ensure
the file is tested for viruses on a sandbox system?

 A. Spero analysis
 B. capacity handling
  C. local malware analysis
 D. dynamic analysis

Correct Answer: D

Question #67 Topic 1

An engineer configures a network discovery policy on Cisco FMC. Upon configuration, it is

noticed that excessive and misleading events are filling the database and overloading the Cisco
FMC. A monitored NAT device is executing multiple updates of its operating system in a short
period of time. What configuration change must be made to alleviate this issue?

 A. Exclude load balancers and NAT devices.

 B. Leave default networks.
 C. Increase the number of entries on the NAT device.
 D. Change the method to TCP/SYN.

Correct Answer: A

Question #68 Topic 1

A network administrator notices that remote access VPN users are not reachable from inside the
network. It is determined that routing is configured correctly; however, return traffic is entering
the firewall but not leaving it. What is the reason for this issue?

 A. A manual NAT exemption rule does not exist at the top of the NAT table
 B. An external NAT IP address is not configured
 C. An external NAT IP address is configured to match the wrong interface
 D. An object NAT exemption rule does not exist at the top of the NAT table

Correct Answer: D

Question #69 Topic 1

An administrator is creating interface objects to better segment their network but is having
trouble adding interfaces to the objects. What is the reason for this failure?

 A. The interfaces are being used for NAT for multiple networks
 B. The administrator is adding interfaces of multiple types
 C. The administrator is adding an interface that is in multiple zones
 D. The interfaces belong to multiple interface groups

Correct Answer: D

Question #70 Topic 1

An organization is using a Cisco FTD and Cisco ISE to perform identity-based access controls.
A network administrator is analyzing the Cisco FTD events and notices that unknown user traffic
is being allowed through the firewall. How should this be addressed to block the traffic while
allowing legitimate user traffic?

 A. Modify the Cisco ISE authorization policy to deny this access to the user
 B. Modify Cisco ISE to send only legitimate usernames to the Cisco FTD
 C. Add the unknown user in the Access Control Policy in Cisco FTD
 D. Add the unknown user in the Malware & File Policy in Cisco FTD

Correct Answer: C

Question #71 Topic 1

What is the benefit of selecting the trace option for packet capture?

 A. The option indicates whether the packet was dropped or successful.

 B. The option indicates whether the destination host responds through a different path.
 C. The option limits the number of packets that are captured.
 D. The option captures details of each packet.

Correct Answer: C

Question #72 Topic 1

After deploying a network-monitoring tool to manage and monitor networking devices in your
organization, you realize that you need to manually upload an MIB for the Cisco FMC. In which
folder should you upload the MIB file?

 A. /etc/sf/DCMIB.ALERT
 B. /sf/etc/DCEALERT.MIB
 C. /etc/sf/DCEALERT.MIB
 D. system/etc/DCEALERT.MIB

Correct Answer: C

Question #73 Topic 1

Which command is run at the CLI when logged in to an FTD unit, to determine whether the unit
is managed locally or by a remote FMC server?

 A. system generate-troubleshoot
 B. show configuration session
 C. show managers
 D. show running-config | include manager
Correct Answer: C

Question #74 Topic 1

Which command should be used on the Cisco FTD CLI to capture all the packets that hit an
interface?

 A. configure coredump packet-engine enable

 B. capture-traffic
 C. capture
 D. capture WORD Most Voted

Correct Answer: B

Question #75 Topic 1

How many report templates does the Cisco Firepower Management Center support?

 A. 20
 B. 10
 C. 5
 D. unlimited

Correct Answer: D

Question #76 Topic 1

Which action should be taken after editing an object that is used inside an access control policy?

 A. Delete the existing object in use.

 B. Refresh the Cisco FMC GUI for the access control policy.
 C. Redeploy the updated configuration.
 D. Create another rule using a different object name.

Correct Answer: C

Question #77 Topic 1

Which Cisco Firepower feature is used to reduce the number of events received in a period of
time?

 A. rate-limiting
 B. suspending
 C. correlation
 D. thresholding
Correct Answer: D

Question #78 Topic 1

Which report template field format is available in Cisco FMC?

 A. box lever chart

 B. arrow chart
 C. bar chart
 D. benchmark chart

Correct Answer: C

Question #79 Topic 1

Which group within Cisco does the Threat Response team use for threat analysis and research?

 A. Cisco Deep Analytics

 B. OpenDNS Group
 C. Cisco Network Response
 D. Cisco Talos

Correct Answer: D

Question #80 Topic 1

DRAG DROP -
Drag and drop the steps to restore an automatic device registration failure on the standby Cisco
FMC from the left into the correct order on the right. Not all options are used.
Select and Place:

Correct Answer:
Question #81 Topic 1

Which CLI command is used to generate firewall debug messages on a Cisco Firepower?

 A. system support firewall-engine-debug

 B. system support ssl-debug
 C. system support platform
 D. system support dump-table

Correct Answer: A

Question #82 Topic 1

Which command-line mode is supported from the Cisco FMC CLI?

 A. privileged
 B. user
 C. configuration
 D. admin

Correct Answer: C

Question #83 Topic 1

Which command is entered in the Cisco FMC CLI to generate a troubleshooting file?

 A. show running-config
 B. show tech-support chassis
 C. system support diagnostic-cli
 D. sudo sf_troubleshoot.pl

Correct Answer: D

Question #84 Topic 1

Which CLI command is used to control special handling of ClientHello messages?

 A. system support ssl-client-hello-tuning

 B. system support ssl-client-hello-display
 C. system support ssl-client-hello-force-reset
 D. system support ssl-client-hello-reset

Correct Answer: A

Question #85 Topic 1

Which command is typed at the CLI on the primary Cisco FTD unit to temporarily stop running
high-availability?

 A. configure high-availability resume

 B. configure high-availability disable
 C. system support network-options
 D. configure high-availability suspend

Correct Answer: B

Question #86 Topic 1

Which command must be run to generate troubleshooting files on an FTD?

 A. system support view-files

 B. sudo sf_troubleshoot.pl
 C. system generate-troubleshoot all Most Voted
 D. show tech-support

Correct Answer: B

Question #87 Topic 1

When is the file-size command needed while troubleshooting with packet capture?

 A. when capture packets are less than 16 MB

 B. when capture packets are restricted from the secondary memory
 C. when capture packets exceed 10 GB
 D. when capture packets exceed 32 MB

Correct Answer: D

Question #88 Topic 1

What is a functionality of port objects in Cisco FMC?

 A. to mix transport protocols when setting both source and destination port conditions in
a rule
 B. to represent protocols other than TCP, UDP, and ICMP
 C. to represent all protocols in the same way
 D. to add any protocol other than TCP or UDP for source port conditions in access
control rules.

Correct Answer: B

Question #89 Topic 1

Within Cisco Firepower Management Center, where does a user add or modify widgets?

 A. dashboard
 B. reporting
 C. context explorer
 D. summary tool

Correct Answer: A

Question #90 Topic 1

A network engineer is configuring URL Filtering on Cisco FTD. Which two port requirements
on the FMC must be validated to allow communication with the cloud service? (Choose two.)

 A. outbound port TCP/443

 B. inbound port TCP/80
 C. outbound port TCP/8080
 D. inbound port TCP/443
 E. outbound port TCP/80

Correct Answer: AE

Question #91 Topic 1

What is the maximum bit size that Cisco FMC supports for HTTPS certificates?

 A. 1024
 B. 8192
 C. 4096
 D. 2048

Correct Answer: D

Question #92 Topic 1

Which limitation applies to Cisco FMC dashboards in a multi-domain environment?

 A. Child domains are able to view but not edit dashboards that originate from an ancestor
domain.
 B. Child domains have access to only a limited set of widgets from ancestor domains.
 C. Only the administrator of the top ancestor domain is able to view dashboards.
 D. Child domains are not able to view dashboards that originate from an ancestor domain.

Correct Answer: D

Question #93 Topic 1

Which two considerations must be made when deleting and re-adding devices while managing
them via Cisco FMC? (Choose two.)

 A. An option to re-apply NAT and VPN policies during registration is available, so users
do not need to re-apply the policies after registration is completed.
 B. Before re-adding the device in Cisco FMC, the manager must be added back.
 C. Once a device has been deleted, it must be reconfigured before it is re-added to the
Cisco FMC.
 D. The Cisco FMC web interface prompts users to re-apply access control policies.
 E. There is no option to re-apply NAT and VPN policies during registration available, so
users need to re-apply the policies after registration is completed.

Correct Answer: DE

Question #94 Topic 1

What is a behavior of a Cisco FMC database purge?

 A. User login and history data are removed from the database if the User Activity check
box is selected.
 B. Data is recovered from the device.
 C. The appropriate process is restarted.
 D. The specified data is removed from Cisco FMC and kept for two weeks.

Correct Answer: C

Question #95 Topic 1

Which two packet captures does the FTD LINA engine support? (Choose two.)

 A. Layer 7 network ID
 B. source IP
 C. application ID
 D. dynamic firewall importing
 E. protocol

Correct Answer: BE

Question #96 Topic 1

An engineer currently has a Cisco FTD device registered to the Cisco FMC and is assigned the
address of 10.10.50.12. The organization is upgrading the addressing schemes and there is a
requirement to convert the addresses to a format that provides an adequate amount of addresses
on the network. What should the engineer do to ensure that the new addressing takes effect and
can be used for the Cisco FTD to Cisco FMC connection?
  A. Update the IP addresses from IPv4 to IPv6 without deleting from Cisco FMC.
 B. Format and reregister the device to Cisco FMC.
 C. Cisco FMC does not support devices that use IPv4 IP addresses.
 D. Delete and reregister the device to Cisco FMC. Most Voted

Correct Answer: A

Question #97 Topic 1

Refer to the exhibit. An engineer is analyzing the Attacks Risk Report and finds that there are
over 300 instances of new operating systems being seen on the network. How is the Firepower
configuration updated to protect these new operating systems?

 A. The administrator manually updates the policies.

 B. The administrator requests a Remediation Recommendation Report from Cisco
Firepower.
 C. Cisco Firepower gives recommendations to update the policies.
 D. Cisco Firepower automatically updates the policies.

Correct Answer: C

Question #98 Topic 1

After using Firepower for some time and learning about how it interacts with the network, an
administrator is trying to correlate malicious activity with a user. Which widget should be
configured to provide this visibility on the Cisco Firepower dashboards?

 A. Current Sessions
 B. Correlation Events
 C. Current Status
  D. Custom Analysis

Correct Answer: B

Question #99 Topic 1

An engineer is troubleshooting application failures through an FTD deployment. While using the
FMC CLI, it has been determined that the traffic in question is not matching the desired policy.
What should be done to correct this?

 A. Use the system support firewall-engine-debug command to determine which rules the
traffic matching and modify the rule accordingly.
 B. Use the system support firewall-engine-dump-user-identity-data command to change
the policy and allow the application though the firewall.
 C. Use the system support application-identification-debug command to determine which
rules the traffic matching and modify the rule accordingly.
 D. Use the system support network-options command to fine tune the policy.

Correct Answer: A

Question #100 Topic 1

An engineer has been asked to show application usages automatically on a monthly basis and
send the information to management. What mechanism should be used to accomplish this task?

 A. reports
 B. context explorer
 C. dashboards
 D. event viewer

Correct Answer: A

Question #101 Topic 1

A network administrator is configuring SNORT inspection policies and is seeing failed

deployment messages in Cisco FMC. What information should the administrator generate for
Cisco TAC to help troubleshoot?

 A. A ‫ג‬€troubleshoot‫ג‬€ file for the device in question.

 B. A ‫ג‬€show tech‫ג‬€ file for the device in question.
 C. A ‫ג‬€troubleshoot‫ג‬€ file for the Cisco FMC.
 D. A ‫ג‬€show tech‫ג‬€ for the Cisco FMC.

Correct Answer: C

Question #102 Topic 1

An engineer is troubleshooting a device that cannot connect to a web server. The connection is
initiated from the Cisco FTD inside interface and attempting to reach 10.0.1.100 over the non-
standard port of 9443. The host the engineer is attempting the connection from is at the IP
address of 10.20.10.20. In order to determine what is happening to the packets on the network,
the engineer decides to use the FTD packet capture tool. Which capture configuration should be
used to gather the information needed to troubleshoot the issue?

A.
B.

C.
D.

Correct Answer: B

Question #103 Topic 1

A network engineer is receiving reports of users randomly getting disconnected from their
corporate applications which traverse the data center FTD appliance.
Network monitoring tools show that the FTD appliance utilization is peaking above 90% of total
capacity. What must be done in order to further analyze this issue?

 A. Use the Packet Export feature to save data onto external drives.
 B. Use the Packet Capture feature to collect real-time network traffic.
 C. Use the Packet Tracer feature for traffic policy analysis.
 D. Use the Packet Analysis feature for capturing network data.

Correct Answer: B

Question #104 Topic 1

An administrator is attempting to remotely log into a switch in the data center using SSH and is
unable to connect. How does the administrator confirm that traffic is reaching the firewall?
  A. by performing a packet capture on the firewall Most Voted
 B. by attempting to access it from a different workstation
 C. by running Wireshark on the administrator's PC
 D. by running a packet tracer on the firewall

Correct Answer: D

Question #105 Topic 1

IT management is asking the network engineer to provide high-level summary statistics of the
Cisco FTD appliance in the network. The business is approaching a peak season so the need to
maintain business uptime is high. Which report type should be used to gather this information?

 A. Risk Report
 B. SNMP Report
 C. Standard Report
 D. Malware Report

Correct Answer: A

Question #106 Topic 1

Refer to the exhibit. An administrator is looking at some of the reporting capabilities for Cisco
Firepower and noticed this section of the Network Risk Report showing a lot of SSL activity that
could be used for evasion. Which action will mitigate this risk?
  A. Use SSL decryption to analyze the packets.
 B. Use Cisco Tetration to track SSL connections to servers.
 C. Use encrypted traffic analytics to detect attacks.
 D. Use Cisco AMP for Endpoints to block all SSL connection.

Correct Answer: A

Question #107 Topic 1

An administrator is setting up Cisco FirePower to send data to the Cisco Stealthwatch

appliances. The NetFlow_Set_Parameters objet is already created, but
NetFlow is not being sent to the flow collector. What must be done to prevent this from
occurring?

 A. Create a service identifier to enable the NetFlow service.

 B. Add the NetFlow_Send_Destination object to the configuration.
 C. Create a Security Intelligence object to send the data to Cisco Stealthwatch.
 D. Add the NetFlow_Add_Destination object to the configuration.

Correct Answer: D

Question #108 Topic 1

With a recent summer time change, system logs are showing activity that occurred to be an hour
behind real time. Which action should be taken to resolve this issue?

 A. Manually adjust the time to the correct hour on all managed devices.
 B. Configure the system clock settings to use NTP with Daylight Savings checked.
 C. Configure the system clock settings to use NTP.
 D. Manually adjust the time to the correct hour on the Cisco FMC.

Correct Answer: B

Question #109 Topic 1

A network administrator notices that SI events are not being updated. The Cisco FTD device is
unable to load all of the SI event entries and traffic is not being blocked as expected. What must
be done to correct this issue?

 A. Restart the affected devices in order to reset the configurations.

 B. Redeploy configurations to affected devices so that additional memory is allocated to
the SI module.
 C. Replace the affected devices with devices that provide more memory.
 D. Manually update the SI event entries to that the appropriate traffic is blocked.

Correct Answer: D
Question #110 Topic 1
Refer to the exhibit. What must be done to fix access to this website while preventing the same

 A. Create an intrusion policy rule to have Snort allow port 80 to only 172.1.1.50.
 B. Create an intrusion policy rule to have Snort allow port 443 to only 172.1.1.50.
 C. Create an access control policy rule to allow port 443 to only 172.1.1.50.
 D. Create an access control policy rule to allow port 80 to only 172.1.1.50.

Correct Answer: D

Question #111 Topic 1

A connectivity issue is occurring between a client and a server which are communicating through
a Cisco Firepower device. While troubleshooting, a network administrator sees that traffic is
reaching the server, but the client is not getting a response. Which step must be taken to resolve
this issue without initiating traffic from the client?

 A. Use packet-tracer to ensure that traffic is not being blocked by an access list
 B. Use packet capture to ensure that traffic is not being blocked by an access list
 C. Use packet capture to validate that the packet passes through the firewall and is
NATed to the corrected IP address
 D. Use packet-tracer to validate that the packet passes through the firewall and is NATed
to the corrected IP address

Correct Answer: D

Question #112 Topic 1

A VPN user is unable to connect to web resources behind the Cisco FTD device terminating the
connection. While troubleshooting, the network administrator determines that the DNS response
are not getting through the Cisco FTD. What must be done to address this issue while still
utilizing Snort IPS rules?

 A. Uncheck the ‫ג‬€Drop when Inline‫ג‬€ box in the intrusion policy to allow the traffic
 B. Modify the Snort rules to allow legitimate DNS traffic to the VPN users
 C. Disable the intrusion rule thresholds to optimize the Snort processing
 D. Decrypt the packet after the VPN flow so the DNS queries are not inspected

Correct Answer: B

Question #113 Topic 1

An engineer is restoring a Cisco FTD configuration from a remote backup using the command
restore remote-manager-backup location 1.1.1.1 admin /
Volume/home/admin BACKUP_Cisc394602314.zip on a Cisco FMC. After connecting to the
repository, an error occurred that prevents the FTD device from accepting the backup file. What
is the problem?
  A. The backup file is not in .cfg format
 B. The backup file is too large for the Cisco FTD device
 C. The backup file extension was changed from .tar to .zip
 D. The backup file was not enabled prior to being applied

Correct Answer: C

Question #114 Topic 1

An organization has a Cisco IPS running in inline mode and is inspecting traffic for malicious
activity. When traffic is received by the Cisco IPS, if it is not dropped, how does the traffic get to
its destination?

 A. It is retransmitted from the Cisco IPS inline set Most Voted

 B. The packets are duplicated and a copy is sent to the destination
 C. It is transmitted out of the Cisco IPS outside interface
 D. It is routed back to the Cisco ASA interfaces for transmission

Correct Answer: D

Question #115 Topic 1

An engineer is investigating connectivity problems on Cisco Firepower that is using service

group tags. Specific devices are not being tagged correctly, which is preventing clients from
using the proper policies when going through the firewall. How is this issue resolved?

 A. Use traceroute with advanced options

 B. Use Wireshark with an IP subnet filter
 C. Use a packet capture with match criteria
 D. Use a packet sniffer with correct filtering

Correct Answer: B

Question #116 Topic 1

An organization must be able to ingest NetFlow traffic from their Cisco FTD device to Cisco
Stealthwatch for behavioral analysis. What must be configured on the
Cisco FTD to meet this requirement?

 A. flexconfig object for NetFlow

 B. interface object to export NetFlow
 C. security intelligence object for NetFlow
 D. variable set object for NetFlow

Correct Answer: A
Question #117 Topic 1

An engineer must build redundancy into the network and traffic must continuously flow if a
redundant switch in front of the firewall goes down. What must be configured to accomplish this
task?

 A. redundant interfaces on the firewall cluster mode and switches

 B. redundant interfaces on the firewall noncluster mode and switches
 C. vPC on the switches to the interface mode on the firewall cluster
 D. vPC on the switches to the span EtherChannel on the firewall cluster

Correct Answer: D

Question #118 Topic 1

A network administrator notices that inspection has been interrupted on all non-managed
interfaces of a device. What is the cause of this?

 A. The value of the highest MTU assigned to any non-management interface was
changed
 B. The value of the highest MSS assigned to any non-management interface was changed
 C. A passive interface was associated with a security zone
 D. Multiple inline interface pairs were added to the same inline interface

Correct Answer: A

Question #119 Topic 1

A network administrator needs to create a policy on Cisco Firepower to fast-path traffic to avoid
Layer 7 inspection. The rate at which traffic is inspected must be optimized. What must be done
to achieve this goal?

 A. Enable the FXOS for multi-instance

 B. Configure a prefilter policy
 C. Configure modular policy framework
 D. Disable TCP inspection

Correct Answer: B

Question #120 Topic 1

A network engineer is tasked with minimizing traffic interruption during peak traffic times.
When the SNORT inspection engine is overwhelmed, what must be configured to alleviate this
issue?

 A. Enable IPS inline link state propagation

  B. Enable Pre-filter policies before the SNORT engine failure
 C. Set a Trust ALL access control policy
 D. Enable Automatic Application Bypass

Correct Answer: D

Question #121 Topic 1

Which two features of Cisco AMP for Endpoints allow for an uploaded file to be blocked?
(Choose two.)

 A. application blocking
 B. simple custom detection
 C. file repository
 D. exclusions
 E. application allow listing

Correct Answer: AB

Question #122 Topic 1

Which action should you take when Cisco Threat Response notifies you that AMP has identified
a file as malware?

 A. Add the malicious file to the block list.

 B. Send a snapshot to Cisco for technical support.
 C. Forward the result of the investigation to an external threat-analysis engine.
 D. Wait for Cisco Threat Response to automatically block the malware.

Correct Answer: A

Question #123 Topic 1

Which Cisco AMP for Endpoints policy is used only for monitoring endpoint activity?

 A. Windows domain controller

 B. audit
 C. triage
 D. protection

Correct Answer: B

Question #124 Topic 1

What is a valid Cisco AMP file disposition?

  A. non-malicious
 B. malware
 C. known-good
 D. pristine

Correct Answer: B

Question #125 Topic 1

In a Cisco AMP for Networks deployment, which disposition is returned if the cloud cannot be
reached?

 A. unavailable
 B. unknown
 C. clean
 D. disconnected

Correct Answer: A

Question #126 Topic 1

Which two remediation options are available when Cisco FMC is integrated with Cisco ISE?
(Choose two.)

 A. dynamic null route configured

 B. DHCP pool disablement
 C. quarantine
 D. port shutdown
 E. host shutdown

Correct Answer: CD

Question #127 Topic 1

Which connector is used to integrate Cisco ISE with Cisco FMC for Rapid Threat Containment?

 A. pxGrid
 B. FTD RTC
 C. FMC RTC
 D. ISEGrid

Correct Answer: A

Question #128 Topic 1

What is the maximum SHA level of filtering that Threat Intelligence Director supports?
  A. SHA-1024
 B. SHA-4096
 C. SHA-512
 D. SHA-256

Correct Answer: D

Question #129 Topic 1

What is the advantage of having Cisco Firepower devices send events to Cisco Threat Response
via the security services exchange portal directly as opposed to using syslog?

 A. Firepower devices do not need to be connected to the Internet.

 B. An on-premises proxy server does not need to set up and maintained.
 C. All types of Firepower devices are supported.
 D. Supports all devices that are running supported versions of Firepower

Correct Answer: B

Question #130 Topic 1

Which license type is required on Cisco ISE to integrate with Cisco FMC pxGrid?

 A. apex
 B. plus
 C. base
 D. mobility

Correct Answer: B

Question #131 Topic 1

What is a feature of Cisco AMP private cloud?

 A. It disables direct connections to the public cloud.

 B. It supports security intelligence filtering.
 C. It support anonymized retrieval of threat intelligence.
 D. It performs dynamic analysis.

Correct Answer: D

Question #132 Topic 1

Which feature within the Cisco FMC web interface allows for detecting, analyzing, and blocking
malware in network traffic?
  A. intrusion and file events
 B. Cisco AMP for Networks
 C. file policies
 D. Cisco AMP for Endpoints

Correct Answer: B

Question #133 Topic 1

A network administrator discovers that a user connected to a file server and downloaded a
malware file. The Cisco FMC generated an alert for the malware event, however the user still
remained connected. Which Cisco AMP file rule action within the Cisco FMC must be set to
resolve this issue?

 A. Malware Cloud Lookup

 B. Reset Connection
 C. Detect Files
 D. Local Malware Analysis

Correct Answer: A

Question #134 Topic 1

An engineer has been tasked with using Cisco FMC to determine if files being sent through the
network are malware. Which two configuration tasks must be performed to achieve this file
lookup? (Choose two.)

 A. The Cisco FMC needs to include a SSL decryption policy.

 B. The Cisco FMC needs to connect to the Cisco AMP for Endpoints service.
 C. The Cisco FMC needs to connect to the Cisco ThreatGrid service directly for
sandboxing.
 D. The Cisco FMC needs to connect with the FireAMP Cloud.
 E. The Cisco FMC needs to include a file inspection policy for malware lookup.

Correct Answer: CE

Question #135 Topic 1

A network engineer wants to add a third-party threat feed into the Cisco FMC for enhanced
threat detection. Which action should be taken to accomplish this goal?

 A. Enable Rapid Threat Containment using REST APIs.

 B. Enable Rapid Threat Containment using STIX and TAXII.
 C. Enable Threat Intelligence Director using REST APIs.
 D. Enable Threat Intelligence Director using STIX and TAXII.
Correct Answer: D

Question #136 Topic 1

A network engineer is logged into the Cisco AMP for Endpoints console and sees a malicious
verdict for an identified SHA-256 hash. Which configuration is needed to mitigate this threat?

 A. Add the hash to the simple custom detection list

 B. Use regular expressions to block the malicious file
 C. Enable a personal firewall in the infected endpoint
 D. Add the hash from the infected endpoint to the network block list

Correct Answer: A

Question #137 Topic 1

A network administrator is concerned about the high number of malware files affecting users'
machines. What must be done within the access control policy in
Cisco FMC to address this concern?

 A. Create an intrusion policy and set the access control policy to block
 B. Create an intrusion policy and set the access control policy to allow
 C. Create a file policy and set the access control policy to allow Most Voted
 D. Create a file policy and set the access control policy to block

Correct Answer: D