Q: 6
A security engineer must deploy a Cisco FTD appliance as a bump in the wire to detect intrusion
events without disrupting the flow of network traffic. Which two features must be configured to
accomplish the task? (Choose two.)
Options
Discussion
B/C here, but if they wanted the FTD to block threats not just detect, A would actually make sense instead.
Would C alone be enough, or is transparent mode (B) always needed for bump-in-the-wire deployments like this?
Its B and C
B , trap is D since passive interfaces is for Firepower Management not FTD appliance.
B/C for sure. Transparent mode keeps the FTD invisible at L2, and tapemode is what lets it monitor traffic passively-no interruption or blocking. I think that's exactly what's needed for pure intrusion detection. Chime in if you see it differently.
Probably B and C here. Transparent mode plus tapemode let the FTD inspect without acting as a gate, so traffic just flows through untouched but still gets monitored. Pretty sure that's what Cisco means by "bump in the wire." Agree?
Inline set pair makes sense with passive interfaces for inspection, so A and D.
Yeah, has to be B and C. Transparent mode keeps the FTD invisible on the wire and tapemode just listens instead of blocking anything. That's what you'd want for pure intrusion detection without traffic interruption, I think. Anyone see an edge case for A?
Its D and E
B/C. Inline set pair is tempting but would disrupt traffic, so pretty sure that's the trap here.
Be respectful. No spam.
