Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 300-730 Topic 9 Question 90 Discussion

Actual exam question for Cisco's 300-730 exam
Question #: 90
Topic #: 9
[All 300-730 Questions]

A network administrator wants to block traffic to a known malware site at https:/www.badsite.com and all subdomains while ensuring no packets from any internal client are sent to that site. Which type of policy must the network administrator use to accomplish this goal?

Show Suggested Answer Hide Answer
Suggested Answer: A

The correct answer is A. Access Control policy with URL filtering. An Access Control policy is a type of policy that allows you to control how traffic is handled on your network based on various criteria, such as source and destination IP addresses, ports, protocols, applications, users, and URLs. URL filtering is a feature that enables you to block or allow traffic based on the URL category or reputation of the website. You can create custom URL objects to specify the exact URLs or domains that you want to block or allow. For example, you can create a URL object for https:/www.badsite.com and set it to block. This will prevent any traffic from reaching that site and any subdomains under it12.


by Barrie at Jul 04, 2024, 07:08 PM

Limited Time Offer

25%

Off

Get Premium 300-730 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Lyla
2 months ago
You know what they say, 'When all you have is a hammer, everything looks like a nail.' I'm with Thad on this one - prefilter policy for the win!
upvoted 0 times
...
Janessa
2 months ago
Ooh, someone's getting a little intense. Careful, Thad, or you might just prefilter yourself right out of the room!
upvoted 0 times
Lizbeth
28 days ago
D) SSL policy is a type of policy that allows you to decrypt and inspect encrypted traffic on your network. You can use SSL rules to determine which traffic to decrypt based on various criteria, such as certificate attributes, cipher suites, or URL categories. However, SSL policy does not block traffic; it only decrypts it for further inspection by other policies.
upvoted 0 times
...
Gracia
29 days ago
C) DNS policy is a type of policy that allows you to inspect and modify DNS requests and responses on your network. You can use DNS rules to block, monitor, or sinkhole DNS queries based on the requested domain name or the response IP address. However, DNS policy does not prevent packets from being sent to the malicious site; it only prevents the DNS resolution of the domain name. A client could still access the site if they know the IP address or use an alternative DNS server.
upvoted 0 times
...
Nenita
1 months ago
B) Prefilter policy is a type of policy that allows you to perform fast actions on traffic before it reaches the Access Control policy. You can use prefilter rules to drop, fastpath, or trust traffic based on simple criteria, such as IP addresses or ports. However, prefilter rules do not support URL filtering, so you cannot use them to block traffic based on the website domain.
upvoted 0 times
...
Lorean
2 months ago
A) Access Control policy with URL filtering
upvoted 0 times
...
...
Eloisa
3 months ago
Hmm, I'm not sure. What about using a DNS policy to sinkhole the domain? That might be a more elegant solution.
upvoted 0 times
Aretha
19 days ago
SSL policy doesn't block traffic, it just decrypts it for inspection. Prefilter policy seems like the best option here.
upvoted 0 times
...
Timothy
22 days ago
DNS policy could work too, but it only prevents DNS resolution of the domain name, not the actual traffic.
upvoted 0 times
...
Lashawn
28 days ago
Prefilter policy is the way to go. It allows you to take action on traffic before it reaches the Access Control policy.
upvoted 0 times
...
Moon
1 months ago
SSL policy doesn't block traffic, it just decrypts it for further inspection. Prefilter policy seems like the best option here.
upvoted 0 times
...
Huey
2 months ago
User 2: DNS policy could work too, but it only prevents DNS resolution of the domain name, not the actual traffic.
upvoted 0 times
...
Tawna
2 months ago
User 1: Prefilter policy is the way to go. It allows you to take action on traffic before it reaches the Access Control policy.
upvoted 0 times
...
...
Thad
3 months ago
I'm as serious as a heart attack about this one. No messing around when it comes to malware!
upvoted 0 times
Shaniqua
2 months ago
B) Prefilter policy
upvoted 0 times
...
Alysa
2 months ago
A) Access Control policy with URL filtering
upvoted 0 times
...
...
Osvaldo
3 months ago
That's true, but prefilter policy doesn't support URL filtering. So, it might not be as effective in blocking traffic to the specific site.
upvoted 0 times
...
Vallie
3 months ago
I'm not sure about that. Prefilter policy could be a good choice too, as it allows for fast actions on traffic before reaching the Access Control policy.
upvoted 0 times
...
Howard
3 months ago
I agree with Osvaldo. Access Control policy with URL filtering is the best option to prevent internal clients from accessing the bad site.
upvoted 0 times
...
Osvaldo
3 months ago
I think the network administrator should use Access Control policy with URL filtering to block traffic to the malware site.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77