Exam 300-710 topic 1 question 29 discussion

We're screwed with this question. The correct answer depends on whether the question is based on the FMC configuration Guide, or the FMC GUI user interface. If this question comes from the FMC configuration Guide, the answer could very well be D - IPS-only mode. According to the first sentence of the "INTERFACE MODES AND TYPES" section of The FMC configuration manual: "You can deploy FTD interfaces in two modes: Regular firewall mode and IPS-only mode." TAP mode would be an Advanced setting on an interface in IPS-only mode. If this question is based on the FMC GUI, then there are three modes available. Two mode choices on Firewall mode interfaces. Default is mode:none, but mode can be set to passive mode, or ERSPAN mode. There is one mode on an inline pair interface, "Tap mode" found in the advanced options. And to muddy the waters even more, ERSPAN could also be the correct answer because ERSPAN traffic is passive copies of traffic that doesnt go through the device, but the original traffic still has to go out somewhere, and that somewhere is probably through that ftd's firewall mode interfaces. I'm undecided between IPS-only mode, and TAP mode.

IDS is passive but IPS is not, with IPS the inline traffic can be dropped. I go with tap

For Cisco FTD software, the correct interface mode to passively receive traffic is IPS-only mode (option D). This mode allows the appliance to monitor and analyze traffic without actively participating in the traffic flow. Tap mode (option C) is another passive monitoring option, but it is typically used in inline deployments where the device is physically inserted into the network path. In contrast, IPS-only mode is specifically designed for passive monitoring without affecting the traffic flow.

It's gotta be D, IPS-only. Of the interface modes, there's Routed, Passive and ERSPAN. Tap is a mode that's used with inline tap or inline set. IPS-only is NOT an interface mode, however it can be configured to allow traffic to flow through an interface passively, as counterintuitive as that might seem.

Agree it should be D as the TAP woulnd't let the traffic pass

I don't understand why Cisco exam is doing this tricky question. Although I don't like this kind of question, I think I am going to choose IPS-Only mode. like trickbot explained very well below. I am more focusing higher interface mode (firewall vs IPS-mode) although TAP and ERSPAN are also possible answers.

https://www.cisco.com/c/en/us/td/docs/security/firepower/622/configuration/guide/fpmc-config-guide-v622/fpmc-config-guide-v622_chapter_01111001.html

I wish there was a way to upload pics to these boards. I'm looking at the FMC right now and the only interface modes are passive, ERSPAN or none. I'm going with ERSPAN. Some of you might be going off of old guides based on older versions of the software. I'm using FMC7.2.

A - ERSPAN. If we're talking interface type, ERSPAN is the only option here. tap is a setting on on inline set (which isn't an interface type).

D is correct, IPS-Only is an interface mode. Tap mode is a type of interface mode can be deployed: IPS-only interfaces can be deployed as the following types

I would go with ERSPAN, this is a Passive interface with encapsulating mode. TAP is a copy of the traffic.

The correct answer is C, tap. The tap mode is used for passive monitoring of traffic without affecting the traffic flow. The traffic is simply copied to the tap interface for analysis, while the original traffic continues to its destination.

From the start, only two answers are possible. B and D. There are only two interface modes on FTD, "You can deploy FTD interfaces in two modes: Regular firewall mode and IPS-only mode. You can include both firewall and IPS-only interfaces on the same device. IPS-only interfaces can be deployed as the following types: Inline Set, with optional Tap mode". So you could have IPS-only as inline with tap that would make it into IDS and therefore passive. Firewall interface mode can be deployed as Routed or Bridge Groups with BVI. Do your own reading here: https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/interface_overview_for_firepower_threat_defense.html

TAP interface is not copy any traffic to other interface. Just received it. (Passive) IPS-only the correct. —An inline set acts like a bump on the wire, and binds two interfaces together to slot into an existing network. This function allows the system to be installed in any network environment without the configuration of adjacent network devices. Inline interfaces receive all traffic unconditionally, but all traffic received on these interfaces is retransmitted out of an inline set unless explicitly dropped.

Correct answer: C

Correct C With tap mode, the FTD is deployed inline, but the network traffic flow is undisturbed. Instead, the FTD makes a copy of each packet so that it can analyze the packets. Note that rules of these types do generate intrusion events when they are triggered, and the table view of intrusion events indicates that the triggering packets would have dropped in an inline deployment. There are benefits to using tap mode with FTDs that are deployed inline

of the "Interface modes" the only valid answers is "TAP" or "ERSPAN" Tap is passive and traffic is not going through the FTD, but with ERSPAN it does. Further there is no "IPS-only" mode on interface. if any discussion about "xxx-only" mode is shout be "IDS-only" mode and that would be a passive interface mode