Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Cisco Exam 300-730 Topic 9 Question 90 Discussion

Actual exam question for Cisco's 300-730 exam
Question #: 90
Topic #: 9
[All 300-730 Questions]

A network administrator wants to block traffic to a known malware site at https:/www.badsite.com and all subdomains while ensuring no packets from any internal client are sent to that site. Which type of policy must the network administrator use to accomplish this goal?

Show Suggested Answer Hide Answer

Contribute your Thoughts:

Lyla
4 months ago
You know what they say, 'When all you have is a hammer, everything looks like a nail.' I'm with Thad on this one - prefilter policy for the win!
upvoted 0 times
...
Janessa
4 months ago
Ooh, someone's getting a little intense. Careful, Thad, or you might just prefilter yourself right out of the room!
upvoted 0 times
Lizbeth
3 months ago
D) SSL policy is a type of policy that allows you to decrypt and inspect encrypted traffic on your network. You can use SSL rules to determine which traffic to decrypt based on various criteria, such as certificate attributes, cipher suites, or URL categories. However, SSL policy does not block traffic; it only decrypts it for further inspection by other policies.
upvoted 0 times
...
Gracia
3 months ago
C) DNS policy is a type of policy that allows you to inspect and modify DNS requests and responses on your network. You can use DNS rules to block, monitor, or sinkhole DNS queries based on the requested domain name or the response IP address. However, DNS policy does not prevent packets from being sent to the malicious site; it only prevents the DNS resolution of the domain name. A client could still access the site if they know the IP address or use an alternative DNS server.
upvoted 0 times
...
Nenita
3 months ago
B) Prefilter policy is a type of policy that allows you to perform fast actions on traffic before it reaches the Access Control policy. You can use prefilter rules to drop, fastpath, or trust traffic based on simple criteria, such as IP addresses or ports. However, prefilter rules do not support URL filtering, so you cannot use them to block traffic based on the website domain.
upvoted 0 times
...
Lorean
4 months ago
A) Access Control policy with URL filtering
upvoted 0 times
...
...
Eloisa
5 months ago
Hmm, I'm not sure. What about using a DNS policy to sinkhole the domain? That might be a more elegant solution.
upvoted 0 times
Aretha
3 months ago
SSL policy doesn't block traffic, it just decrypts it for inspection. Prefilter policy seems like the best option here.
upvoted 0 times
...
Timothy
3 months ago
DNS policy could work too, but it only prevents DNS resolution of the domain name, not the actual traffic.
upvoted 0 times
...
Lashawn
3 months ago
Prefilter policy is the way to go. It allows you to take action on traffic before it reaches the Access Control policy.
upvoted 0 times
...
Moon
3 months ago
SSL policy doesn't block traffic, it just decrypts it for further inspection. Prefilter policy seems like the best option here.
upvoted 0 times
...
Huey
4 months ago
DNS policy could work too, but it only prevents DNS resolution of the domain name, not the actual traffic.
upvoted 0 times
...
Tawna
4 months ago
Prefilter policy is the way to go. It allows you to take action on traffic before it reaches the Access Control policy.
upvoted 0 times
...
...
Thad
5 months ago
I'm as serious as a heart attack about this one. No messing around when it comes to malware!
upvoted 0 times
Shaniqua
4 months ago
B) Prefilter policy
upvoted 0 times
...
Alysa
4 months ago
A) Access Control policy with URL filtering
upvoted 0 times
...
...
Osvaldo
5 months ago
That's true, but prefilter policy doesn't support URL filtering. So, it might not be as effective in blocking traffic to the specific site.
upvoted 0 times
...
Vallie
5 months ago
I'm not sure about that. Prefilter policy could be a good choice too, as it allows for fast actions on traffic before reaching the Access Control policy.
upvoted 0 times
...
Howard
6 months ago
I agree with Osvaldo. Access Control policy with URL filtering is the best option to prevent internal clients from accessing the bad site.
upvoted 0 times
...
Osvaldo
6 months ago
I think the network administrator should use Access Control policy with URL filtering to block traffic to the malware site.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77