While configuring FTD, a network engineer wants to ensure that traffic passing though the appliance does not require routing or VLAN rewriting. Which interface mode should the engineer implement to accomplish this task?
"traffic passing though the appliance" - Passive interface doesn't allow this.
Transparent - is not an interface mode.
"inline tap" can be appropriate but it should be named as "inline set with tap".
As for me "inline set" - is the best choice.
You're right, "transparent" is a deployment mode, not an interface mode. For Cisco FTD, if you want to ensure that traffic passing through the appliance does not require routing or VLAN rewriting, you should use:
A. inline set
In inline set mode, the device binds two interfaces together to transparently pass traffic without requiring routing or VLAN rewriting
While **A. inline set** is a mode where the device is placed inline to inspect and potentially alter traffic, it might involve routing and VLAN rewriting, which doesn't align with your requirement of not needing routing or VLAN rewriting.
The correct choice is:
**C. transparent**
In transparent mode, the Cisco FTD appliance acts as a bridge (bump-in-the-wire), allowing traffic to pass through without any routing or VLAN tagging changes. This ensures that the traffic remains unaltered while passing through the device.
If you have any more questions or need further clarification, feel free to ask!
should it be A
While A. inline set is a mode where the device is placed inline to inspect and potentially alter traffic, it involves routing and VLAN rewriting, which doesn't align with your requirement of not needing routing or VLAN rewriting.
The correct choice is indeed:
C. transparent
In transparent mode, the Cisco FTD appliance acts as a bridge, allowing traffic to pass through without any routing or VLAN tagging changes. This ensures that the traffic remains unaltered while passing through the device.
This is one of the worst questions Ive seen for this exam. Inline set is the only answer that can be correct but it is not an interface mode, its a type of deployment for interfaces. Passive is the only interface mode listed here. Still, i would go with A.
A - inline set is the only option that passes traffic.
D and C are not real options - D is sub option of A and C is another name for A
B - do not pass traffic - only receives packets from switch SPAN port
interface mode = C is not an interface mode.
pass through the appliance = B is not does not pass through traffic.
Did not say not allowed to drop malicious traffic = A (as security engineer, best to always chose the most secured design).
Transparent is not an interface mode in Cisco FTD. The correct answer is D. Inline set. This mode allows traffic to be forwarded through the FTD device as if it were a simple Layer 2 switch, without requiring any routing or VLAN rewriting.
The interface mode that should be implemented to ensure that traffic passing through the FTD does not require routing or VLAN rewriting is transparent mode. In transparent mode, the FTD is placed in-line with the network traffic, and it can inspect traffic without making changes to IP addresses or VLAN tags. The transparent mode is also known as bridge mode and is often used for passive intrusion detection and prevention.
No, the passive interface mode does not allow traffic to pass through the appliance, it only allows the appliance to receive a copy of the traffic for inspection.
To ensure that traffic passing through the FTD appliance does not require routing or VLAN rewriting, the network engineer should implement the transparent interface mode.
It should be A, since https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html
An inline set acts like a bump on the wire, and binds two interfaces together to slot into an existing network. This function allows the FTD to be installed in any network environment without the configuration of adjacent network devices.
Inline tap is not good.
With tap mode, the device is deployed inline, but instead of the packet flow passing through the device, a copy of each packet > do not flow through the device
Passive interfaces receive all traffic unconditionally and no traffic received on these interfaces is retransmitted. Inline is correct.
An inline set acts like a bump on the wire, and binds two interfaces together to slot into an existing network. This function allows the system to be installed in any network environment without the configuration of adjacent network devices. Inline interfaces receive all traffic unconditionally, but all traffic received on these interfaces is retransmitted out of an inline set unless explicitly dropped.
No, inline-set does not require VLAN rewriting. An inline set in Firepower Threat Defense (FTD) is a pair of interfaces1. One interface is for incoming (IN) traffic and the other is for outgoing (OUT) traffic1. You cannot create a VLAN for IN/OUT traffic for the inline set1. This means that VLAN rewriting is not a requirement when configuring an inline set on FTD devices
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kakakayayaya
Highly Voted 2 years, 7 months ago14a1949
Most Recent 1 week, 2 days ago14a1949
1 week, 3 days ago14a1949
1 week, 3 days agobassfunk
5 months agoachille5
6 months, 2 weeks agoBbb78
9 months, 1 week agoeric0430
9 months, 4 weeks agotanri04
10 months, 1 week agoJoe_Blue
10 months, 1 week agoJoe_Blue
10 months, 2 weeks agoBaumb
11 months, 2 weeks agominon_bob
1 year, 1 month agoBorZol
1 year, 4 months agoBorZol
1 year, 4 months agojaciro11
1 year, 5 months agoz6st2a1jv
3 months agoxziomal9
1 year, 7 months ago