Exam 300-710 topic 1 question 35 discussion

Option B, passive monitor-only mode, is also a valid approach for evaluating traffic without affecting the network. In this mode, the device monitors traffic passively, meaning it doesn't interfere with the traffic flow, which meets the requirement of not affecting the network. However, the key difference is that inline tap monitor-only mode (option A) provides visibility into what the ASA FirePOWER module would have done to the traffic if it were actively managing it, without actually impacting the network. This can be particularly useful for evaluating the potential impact of security policies and actions.

I agree that the answer is B. "However, in this mode, the ASA does apply its policies to the traffic, so traffic can be dropped due to access rules, TCP normalization, and so forth." https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/configuration/firewall/asa-910-firewall-config/access-sfr.html#:~:text=the%20ASA%20does%20apply%20its%20policies%20to%20the%20traffic

I can understand why you might think that, but let's clarify the best option. To evaluate the contents of the traffic without affecting the network, the correct deployment mode would be: **B. passive monitor-only mode** In passive monitor-only mode, the Cisco ASA Firepower module can analyze traffic without actively interfering with it, making it ideal for evaluating traffic without impacting the network. **A. inline tap monitor-only mode** would still involve placing the device inline, which can affect network traffic flow to some extent.

Passive monitor only (B) could be the answer if there was only 1 instance but the question says there are more tan one. Thus the second option which does not affect traffic is inline tap monitor only (A)

Inline tap monitor-only mode (ASA inline)—In an inline tap monitor-only deployment, a copy of the traffic is sent to the ASA FirePOWER module, but it is not returned to the ASA. Inline tap mode lets you see what the ASA FirePOWER module would have done to traffic, and lets you evaluate the content of the traffic, without impacting the network. However, in this mode, the ASA does apply its policies to the traffic, so traffic can be dropped due to access rules, TCP normalization, and so forth.

A. inline tap monitor-only mode - Affect CPU and hardware intensive B. passive monitor-only mode - Only monitor the traffic - Correct option C. passive tap monitor-only mode - Not exist D. inline mode - Question not asking to copy all the traffic, so not a option here

The Firepower module can be deployed in either inline mode, passive monitor-only mode, or passive tap monitor-only mode. In this mode, the Cisco ASA Firepower module is configured to passively monitor traffic without introducing any delay or disruption to the network. This is achieved by configuring the module to operate in tap mode, where a copy of the traffic is sent to the module for inspection and analysis, but the original traffic continues to flow uninterrupted.

A is correct as inline would drop packets and therefor, affect the network.

Correct answer is: A

Correct answer is: a

A is correct

A @Orotta is correct

Thank you @orotta for the reference, and reminder that we are talking about an ASA with firepower module. The answer is A inline TAP

" Let you evaluate the content of the traffic, without impacting the network. " The question is taken exact sentence from the Cisco site for the Inline tap monitor-only Mode. Please see link below. So A is the correct answer. https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/configuration/firewall/asa-910-firewall-config/access-sfr.html

A The problem with B is that in passive monitor-only you cannot have more than one instance. Passive monitor-only (traffic forwarding) mode—If you want to prevent any possibility of the ASA with FirePOWER Services device impacting traffic, you can configure a traffic-forwarding interface and connect it to a SPAN port on a switch. In this mode, traffic is sent directly to the ASA FirePOWER module without ASA processing. The traffic is dropped, and nothing is returned from the module, nor does the ASA send the traffic out any interface. You must operate the ASA in single context transparent mode to configure traffic forwarding. https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/configuration/firewall/asa-910-firewall-config/access-sfr.html

The tap mode "IS affecting the traffic", so B is correct

Indeed, A fits better. Inline tap monitor-only mode (ASA inline)—In an inline tap monitor-only deployment, a copy of the traffic is sent to the ASA FirePOWER module, but it is not returned to the ASA. Inline tap mode lets you see what the ASA FirePOWER module would have done to traffic, and lets you evaluate the content of the traffic, without impacting the network. However, in this mode, the ASA does apply its policies to the traffic, so traffic can be dropped due to access rules, TCP normalization, and so forth.