Probably D since sending connection events straight from FTDs to the SIEM could help reduce FMC load, but does the question specify if both event types must be centralized before forwarding? If all events have to go through FMC, that would change things.
saw pretty similar problem in my exam in official labs. Choosing B makes sense since 'drop packet' will block the low priority intrusion traffic without generating extra events, so the dashboard won't get cluttered. Official Cisco guides touch on this. Anyone disagree?
If you want to edit a report template from an ancestor domain in Cisco FMC, you need to copy it to your current domain. So that's B. You can't directly edit the inherited one until it's copied over. Pretty sure that's how FMC handles template inheritance.
Pretty straightforward, it's B. Denying multicast and broadcast by default in transparent mode helps prevent L2 loops since those types of frames could flood and cause looping. Saw a similar question in some exam reports. Anyone disagree?
