ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-710 All Questions

View all questions & answers for the 300-710 exam
Go to Exam

Exam 300-710 topic 1 question 138 discussion

Actual exam question from Cisco's 300-710
Question #: 138
Topic #: 1
[All 300-710 Questions]

Within an organization’s high availability environment where both firewalls are passing traffic, traffic must be segmented based on which department it is destined for. Each department is situated on a different LAN. What must be configured to meet these requirements?

  • A. redundant interfaces
  • B. span EtherChannel clustering
  • C. high availability active/standby firewalls
  • D. multi-instance firewalls
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by gwb at March 5, 2024, 4:21 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
d0980cc
1 month, 2 weeks ago
Selected Answer: C
2 Options: On the FTD devices in the HA pair, configure interfaces to handle traffic for each department’s VLAN: *Option 1: Subinterfaces for VLANs If the FTD is connected to a trunk port, configure subinterfaces on a physical interface for each VLAN. Example: Interface GigabitEthernet0/0.10 for VLAN 10 (Department A) Interface GigabitEthernet0/0.20 for VLAN 20 (Department B) Interface GigabitEthernet0/0.30 for VLAN 30 (Department C) Assign IP addresses to each subinterface in the corresponding subnet (e.g., 192.168.10.1 for VLAN 10). *Option 2: Separate Physical Interfaces If each department’s traffic arrives on a dedicated physical interface, configure those interfaces with the appropriate IP addresses and security zones. Sorry, but have to go against the grain on this one. I choose C.
upvoted 1 times
d0980cc
1 week, 3 days ago
Retract, I choose B https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/740/management-center-device-config-74/device-ops-cluster-sec-fw-3100.html?bookSearch=true#concept_txk_fnz_pz:~:text=to%20load%2Dbalance%20the%20data%20coming%20to%20and%20from%20the%20cluster%20using%20Spanned%20EtherChannels.
upvoted 1 times
...
...
tinyJoe
3 months, 2 weeks ago
Selected Answer: D
This is a very unclear question, but I guess it would be D. I assume that the author's intended configuration is similar to the “Network Diagram” in the following document: https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-management-center-virtual/221625-configure-ftd-multi-instance-high-availa.html#toc-hId--1943291811 We will configure an HA with two FTDs, each with two instances. Then, for instance A, Unit 1 is Active - Unit 2 is Passive, and for instance B, Unit 1 is Passive - Unit 2 is Active. In this way, even with Active/Passive HA, the “both firewalls are passing traffic” requirement of the question can be satisfied.
upvoted 1 times
...
gwb
7 months, 3 weeks ago
segmentation means separation. Redundant interface is backup, not separation. EtherChannel is to bump up throughput and redundant path. HA active/standby - does NOT allow both firewalls passing traffic
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago