Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Cisco Exam 300-710 Topic 8 Question 86 Discussion

Actual exam question for Cisco's 300-710 exam
Question #: 86
Topic #: 8
[All 300-710 Questions]

An engineer must deploy a Cisco FTD device. Management wants to examine traffic without requiring network changes that will disrupt end users. Corporate security policy requires the separation of management traffic from data traffic and the use of SSH over Telnet for remote administration. How must the device be deployed to meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

To deploy a Cisco FTD device that meets the requirements of the question, the engineer must use transparent mode with a management interface. Transparent mode is a firewall configuration in which the FTD device acts as a ''bump in the wire'' or a ''stealth firewall'' and is not seen as a router hop to connected devices.In transparent mode, the FTD device can examine traffic without requiring network changes that will disrupt end users, such as changing IP addresses or routing configurations1. A management interface is a dedicated interface that is used for managing the FTD device and separating management traffic from data traffic.A management interface can be configured to allow SSH access for remote administration, which is more secure than Telnet2.

The other options are incorrect because:

Routed mode is a firewall configuration in which the FTD device acts as a router and performs address translation and routing for connected networks.Routed mode requires network changes that may disrupt end users, such as changing IP addresses or routing configurations1. A diagnostic interface is a special interface that is used for troubleshooting and capturing traffic on the FTD device. A diagnostic interface does not separate management traffic from data traffic or allow SSH access for remote administration.

Transparent mode with a data interface does not meet the requirement of separating management traffic from data traffic. A data interface is a regular interface that is used for passing and inspecting traffic on the FTD device.A data interface does not allow SSH access for remote administration2.

Routed mode with a bridge virtual interface (BVI) does not meet the requirement of examining traffic without requiring network changes that will disrupt end users. A BVI is a logical interface that acts as a container for one or more physical or logical interfaces that belong to the same layer 2 broadcast domain. A BVI allows the FTD device to route between different bridge groups on the same security module/engine. However, routed mode still requires network changes that may disrupt end users, such as changing IP addresses or routing configurations.


Contribute your Thoughts:

Cassi
6 months ago
And they mentioned SSH, which points towards a secure management method.
upvoted 0 times
...
Ty
6 months ago
Management and data traffic separation fits better with B.
upvoted 0 times
...
Candra
6 months ago
But why not A, routed mode with a diagnostic interface?
upvoted 0 times
...
Denna
7 months ago
I think it's B, in transparent mode with a management interface.
upvoted 0 times
...
Ty
7 months ago
Yeah, they want no disruption and separation of traffic.
upvoted 0 times
...
Cassi
7 months ago
This exam question is tricky.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77