Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Cisco Exam 300-710 Topic 4 Question 77 Discussion

Actual exam question for Cisco's 300-710 exam
Question #: 77
Topic #: 4
[All 300-710 Questions]

An engineer must deploy a Cisco FTD device. Management wants to examine traffic without requiring network changes that will disrupt end users. Corporate security policy requires the separation of management traffic from data traffic and the use of SSH over Telnet for remote administration. How must the device be deployed to meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

To deploy a Cisco FTD device that meets the requirements of the question, the engineer must use transparent mode with a management interface. Transparent mode is a firewall configuration in which the FTD device acts as a ''bump in the wire'' or a ''stealth firewall'' and is not seen as a router hop to connected devices.In transparent mode, the FTD device can examine traffic without requiring network changes that will disrupt end users, such as changing IP addresses or routing configurations1. A management interface is a dedicated interface that is used for managing the FTD device and separating management traffic from data traffic.A management interface can be configured to allow SSH access for remote administration, which is more secure than Telnet2.

The other options are incorrect because:

Routed mode is a firewall configuration in which the FTD device acts as a router and performs address translation and routing for connected networks.Routed mode requires network changes that may disrupt end users, such as changing IP addresses or routing configurations1. A diagnostic interface is a special interface that is used for troubleshooting and capturing traffic on the FTD device. A diagnostic interface does not separate management traffic from data traffic or allow SSH access for remote administration.

Transparent mode with a data interface does not meet the requirement of separating management traffic from data traffic. A data interface is a regular interface that is used for passing and inspecting traffic on the FTD device.A data interface does not allow SSH access for remote administration2.

Routed mode with a bridge virtual interface (BVI) does not meet the requirement of examining traffic without requiring network changes that will disrupt end users. A BVI is a logical interface that acts as a container for one or more physical or logical interfaces that belong to the same layer 2 broadcast domain. A BVI allows the FTD device to route between different bridge groups on the same security module/engine. However, routed mode still requires network changes that may disrupt end users, such as changing IP addresses or routing configurations.


by Donette at Dec 11, 2023, 09:49 PM

Limited Time Offer

25%

Off

Get Premium 300-710 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Domonique
8 days ago
Ha, can you imagine if they asked us to use Telnet? That would be a total security nightmare. Good thing they're at least requiring SSH for remote access.
upvoted 0 times
...
Janine
9 days ago
Yeah, I agree. And since the question mentions using SSH, that means we can't use Telnet, so option B with a management interface seems like the way to go.
upvoted 0 times
...
Brandon
10 days ago
I think the key is the requirement for separating management and data traffic. That rules out option C since it uses a data interface. So I'm leaning towards either option A or B.
upvoted 0 times
...
Jesus
11 days ago
Hmm, this question is tricky. We need to find a deployment option that separates management and data traffic while also using SSH for remote administration. I'm not sure if routed or transparent mode is the better choice here.
upvoted 0 times
...

Save Cancel