Examice

Exam 300-710 All QuestionsBrowse all questions from this exam

Question 224

A network administrator is configuring a BVI interface on a routed FTD. The administrator wants to isolate traffic on the interfaces connected to the bridge group and not have the FTD route this traffic using the routing table. What must be configured?

A new VRF must be created for the BVI interface

An IP address must be configured on the BVI

IP routing must be removed from the physical interfaces connected to the BVI

The BVI interface must be configured for transparent mode

Correct Answer: D

To isolate traffic on the interfaces connected to the bridge group and ensure that the FTD does not route this traffic using the routing table, the BVI interface must be configured for transparent mode. In this mode, bridge group traffic is isolated and not routed to another bridge group within the Firepower Threat Defense device. Traffic must exit the device before being routed by an external router back to another bridge group in the device.

Discussion

Stevens0103Option: A

"How to Manage Overlapping Segments in Routed Firewall Mode with BVI Interfaces" In the following example, BVI-G is configured in VRG and Bridge Group 1 is the routed interface for interfaces G0/1 and G0/2. Similarly, BVI-B is configured in VRB and Bridge Group 2 is the routed interface for interfaces G0/3 and G0/4. Consider that both BVIs have the same IP subnet address, say 10.10.10.5/24. Because of virtual routers, the network is isolated on the shared resources. https://www.cisco.com/c/dam/en/us/td/i/400001-500000/440001-450000/442001-443000/442782.jpg https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/virtual-routing-for-firepower-threat-defense.html

Stevens0103

Option D is off topic.

Dash_888Option: D

I believe D is the correct answer given the below https://www.cisco.com/c/en/us/td/docs/security/firepower/610/configuration/guide/fpmc-config-guide-v61/fpmc-config-guide-v61_chapter_01110000.html#ID-2106-00000036 Bridge Groups in Transparent Firewall Mode Bridge group traffic is isolated from other bridge groups; traffic is not routed to another bridge group within the Firepower Threat Defense device, and traffic must exit the Firepower Threat Defense device before it is routed by an external router back to another bridge group in the Firepower Threat Defense device.

teenytiny

Questions specifies, "and not have the FTD route this traffic"

teenytiny

To complete my thought below, I agree with Dash_888 because VRFs use the routing table. Question specifies, "and not have the FTD route traffic using the routing table"

KISRUVEMOption: A

I’m thinking A. Creating a VRF with just the BVI would effectively isolate it from routing.