Question 6 of 251

With Cisco FTD software, which interface mode must be configured to passively receive traffic that passes through the appliance?

    Correct Answer: B

    To passively receive traffic that passes through the appliance with Cisco FTD software, you need to configure the interface in 'passive' mode. In passive mode, the device operates as an Intrusion Detection System (IDS), where it monitors the traffic without being in the data path itself. It receives copies of the traffic, often through mechanisms like port mirroring (SPAN), enabling it to detect and analyze traffic without interfering with the actual data flow.

Question 7 of 251

Which two deployment types support high availability? (Choose two.)

    Correct Answer: CD

    High availability in deployment types is generally supported by those setups that involve redundancy or scaling across multiple instances or devices. Clustered deployment supports high availability by distributing the load across multiple devices, ensuring that if one fails, others can take over. Intra-chassis multi-instance deployment also supports high availability by running multiple instances within the same chassis, allowing continuous operation even if individual instances fail.

Question 8 of 251

Which protocol establishes network redundancy in a switched Firepower device deployment?

    Correct Answer: A

    STP (Spanning Tree Protocol) establishes network redundancy in a switched device deployment by preventing bridge loops and ensuring there is a loop-free topology in a network with redundant paths. Firepower devices can use STP to create a resilient network by automatically activating backup paths if the primary one fails. This maintains network uptime and stability in an environment with multiple switches.

Question 9 of 251

Which interface type allows packets to be dropped?

    Correct Answer: B

    The correct answer is 'inline'. An inline interface type allows packets to be evaluated and dropped or modified as necessary. Passive interfaces, ERSPAN (Encapsulated Remote Switched Port Analyzer), and TAP (Test Access Points) typically involve monitoring or mirroring traffic without actively dropping packets.

Question 10 of 251

Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)

    Correct Answer: CE

    When configuring a routed interface on Cisco Firepower Threat Defense, the settings for Speed and Duplex are required. Speed allows you to specify the transmission rate of the interface, and Duplex determines whether the interface operates in half-duplex or full-duplex mode. These settings are essential for ensuring proper communication and performance of the network interface.