An engineer is configuring a Cisco FTD device to place on the Finance VLAN to provide additional protection for company financial data. The device must be deployed without requiring any changes on the end user workstations, which currently use DHCP to obtain an IP address. How must the engineer deploy the device to meet this requirement?
The engineer should deploy the device in transparent mode and allow DHCP traffic in the access control policies. Transparent mode enables the device to be inserted into the network without requiring any reconfiguration of the IP addresses on end-user workstations, as it operates at Layer 2 (bridging) rather than Layer 3 (routing). Allowing DHCP traffic in the access control policies ensures that the DHCP traffic can pass through the FTD device, enabling end-user workstations to continue obtaining IP addresses via DHCP without interruption.
I would go for C since it will inspect the traffic within the same subnet, so being transparent is required.
For example, by using an access rule, you can allow DHCP traffic (instead of the unsupported DHCP relay feature) or multicast traffic such as that created by IP/TV. You can also establish routing protocol adjacencies through a transparent firewall; you can allow OSPF, RIP, EIGRP, or BGP traffic through based on an access rule. Likewise, protocols like HSRP or VRRP can pass through the FTD device. https://www.cisco.com/c/en/us/td/docs/security/firepower/670/configuration/guide/fpmc-config-guide-v67/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html
C is most correct, but not entirely. The FTD in transparent mode will allow DHCP requests and responses to pass between the workstations and the DHCP server without interference, as long as no policies explicitly block UDP ports 67 and 68.