An engineer must deploy a Cisco FTD appliance via Cisco FMC to span a network segment to detect malware and threats. When setting the Cisco FTD interface mode, which sequence of actions meets this requirement?
A.
Set to passive, and configure an access control policy with an intrusion policy and a file policy defined.
B.
Set to passive, and configure an access control policy with a prefilter policy defined.
C.
Set to none, and configure an access control policy with an intrusion policy and a file policy defined.
D.
Set to none, and configure an access control policy with a prefilter policy defined.
The answer is definitely C, not A.
First, “span a network segment” indicates that the mode of FTD itself is routed, not transparent, and that the interface to each segment must be assigned an IP address.
Interfaces in passive mode cannot be assigned an IP address; they must be in none mode in order to be assigned an IP address.
" An engineer must deploy a Cisco FTD appliance via Cisco FMC to span a network segment to detect malware and threats"
to span a network is setting up the device as a bump in the road where to interfaces are connected and traffic is passing through the device. To do so the interface mode should be set to none and not passive
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
tinyJoe
3 months agorbrain
3 months, 2 weeks agoDoris8000
8 months ago