Exam 300-710 topic 1 question 154 discussion

Another messed up wording. With all these fancy names let's FTD is FTD, no such a button in the menu says "Oh I'm an IPS!" or "OH Now I'm a bloody IDS!" You make it an IDS by unchecking "drop when inline", so D.

First of all, it won't make any sense to do anything "when inline" when it comes to an IDP, because an IDS is not inline. The B answer is that if option "Drop when inline" is Disabled, SNORT rules are evaluated for that flow and it will mark the result, without impacting traffic, as it would have taken the action on it. https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/214609-firepower-data-path-troubleshooting-phas.html This is why I am sticking with B

I think it is D because of the statement in the question “not block the suspicious traffic”.

Let me rephrase each option: A. checking the “Drop when inline” option configures the system in IPS mode B. unchecking the “Drop when inline” option configures the system in IPS mode C. checking the “Drop when inline” option configures the system in IDS mode D. unchecking the “Drop when inline” option configures the system in IDS mode

Curse Cisco and their semantic pitfalls. I think you start with a neutral inspection policy. Then, the keyword is "by": By unchecking "drop when inline" in the inspection policy, you create an IDS policy, instead of an IPS policy. So I choose D But that could be wrong, depending on how Cisco want to interpret things...

The official name of the policy is IPS. You then uncheck "drop when inline" to make it function as IDS.

i think B is correct, since the cisco terminology, there's not IDS deployment, only IPS deployment for FTD. https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/getting_started_with_intrusion_policies.html?bookSearch=true#concept_D1F1CDE29BDE4ACF9F254D8E5F1D518D Also the option of drop does exist too, have to be unchecked: https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/getting_started_with_intrusion_policies.html?bookSearch=true#ID-2231-0000003d

IDS = Intrusion Detection System IPS = Intrusion Prevention System Doesn't this ^ pretty much say it all? One detects and one prevents. This is a classic example of a Cisco trip-you-up question. Its purpose is not to test whether or not you know and understand a concept. No...it's purpose is to present you with designed, indecipherable ambiguity in an effort to collect another $300.

Welcome to Cisco Trivia Game where each Game cost $300! I think its D because we are creating an IDS behaving policy by deselecting drop when inline option on the policy. Semantics are making Cisco too much money. I don't know if its technically called IDS or still IPS mode when you disable the drop when selected checkbox? I cannot find a definitive documentation that calls it out.