Exam 300-710 topic 1 question 6 discussion

Passive Mode: This mode is used to monitor traffic without actively participating in the traffic flow. It receives a copy of the traffic for analysis but does not alter or forward the traffic itself. Inline Tap Mode: This mode allows the device to monitor traffic inline, meaning it can see the traffic as it passes through the device, but it does not modify the traffic. It is similar to passive mode but is used in an inline deployment. Given the requirement to passively receive traffic that passes through the appliance, Inline Tap Mode (Option D) could indeed be a suitable choice as it allows the device to monitor traffic inline without altering it.

With Cisco FTD software, which interface mode must be configured to >>>>passively receive traffic that >>>>passes through the appliance? INLINE TAP sends a COPY of the data to the SNORT Engineer where THAT COPY then is dropped... Meanwhile in parallel the actual traffic continues THROUGH the appliance uninterrupted. This to me fits the definition of passive receiving traffic that PASSES THROUGH the appliance. Answer D.

since the Traffic goes "THROUGH" the Firewall, Passive doesn't make sense. So "Inline tap" is correct

It is definitely B: (passive), since the question refers to the interface mode, and not the Inline-Set "Advanced Settings".

The answer is B. Tested it in my lab. The only interface modes are ERSPAN, Passive and None. Tap is a mode for inline pairs. Not an interface.

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuring-firepower-threat-defense-int.html#:~:text=Inline%20Pair%20with%20Tap

You have to really doubt the talent of anyone who answered "B" here, as Cisco is EXTREMELY clear about interface modes, which ones pass traffic THROUGH the appliance, and which ones just make copies of packets "passing by" the appliance. So much so, I have noted a couple of names in here that if my answers agree with theirs, I go back and take a HARD look at the documentation to make sure I am right. Some folks are so consistently wrong, and on such simple, basic questions, you almost gotta think they may be Cisco employees trying to muddy the waters.

It appears to be D as the traffic does still "passes through the appliance", if it is B, then it would only receive a copy of the traffic via SPAN or ERSpan

Inline-tap for sure, because the key word here is "passing" and the interface in passive mode receives copies of the traffic

the main thing here is "passing"...with passive traffic is not "passing"

The answer is B, Passive Interface. The Passive interface is passively receiving traffic thought the SPAN.

The correct answer is D. inline tap. In inline tap mode, the Cisco FTD appliance is configured to passively receive a copy of the traffic that is passing through it, without actively processing or inspecting the traffic. This allows for non-disruptive monitoring and analysis of network traffic.

With passive interface configuration, traffic does not "pass through" the device, the FTD is configured in an out of band mode. Inline TAP seems a better answer.

Answer D

Answer here is B However most the question is formulated weirdly. Inline Set with TAP could be a better answer

Correct answer is: D

Passive is the correct answer, think about it like that. In passive mode, the FTD is (IDS) detects but can't do anything else, you are just getting a copy of the traffic On the other hand, Inline Mode is (IPS) you detect, and prevent.