Q: 4
What is the advantage of having Cisco Firepower devices send events to Cisco Threat response via
the security services exchange portal directly as opposed to using syslog?
Options
Discussion
Option D No proxy needed, which means way less setup and maintenance compared to syslog method. That's the main advantage I remember from lab guides. Pretty sure that's what exam is after, but lmk if someone disagrees.
C/D? I’m going with D since proxy config is the main trap, C’s just about versions which isn’t unique.
D . It's really about not needing to deal with an on-prem proxy server when using direct integration, which cuts down on admin overhead. C's just about version support, but that's not unique to the direct portal connection. Pretty sure D is what they're looking for, open to being proven wrong though.
I don’t think it’s D. C, since compatible versions matter for direct integration and proxy isn’t always the main point.
D Encountered exactly similar question in my exam, D is what they wanted for skipping proxy setup.
D. Not needing the on-prem proxy is really the key benefit here.
Quick question, does the scenario assume that all Firepower devices are already on a supported version? I think C because "supports all devices on supported versions" seems like the main point. If older versions matter, this could totally switch the answer.
D , main win is you skip the proxy setup/maintenance part here.
Maybe D, C looks tempting but the question is about admin effort not just version support. Trap is thinking it's all about compatibility when it's really about skipping proxy setup.
Its D, official Firepower integration docs back this up for cutting out on-prem proxy headaches. Practice tests highlight this benefit too.
Be respectful. No spam.
