Exam 300-710 topic 1 question 232 discussion

A/C Subinterface can obviously configured with an IP just like a physical one. Diagnostic Interface (cannot be configured with an IP) The Diagnostic logical interface can be configured along with the rest of the data interfaces on the Devices > Device Management > Interfaces screen. Using the Diagnostic interface is optional (see the routed and transparent mode deployments for scenarios). The Diagnostic interface only allows management traffic, and does not allow through traffic. It does not support SSH; you can SSH to data interfaces or to the Management interface only. The Diagnostic interface is useful for SNMP or syslog monitoring. https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/interface_overview_for_firepower_threat_defense.html#concept_8628A651D0AF4F59B7021A67FADCD513 The Diagnostic/Management interface does not belong to a zone or interface group.

in transparent firewall mode you can only configure BVI and Diagnostic interfaces

D and E are correct. in transparent firewall mode you can only configure BVI and Diagnostic but not the physical interfaces

D & E is my choice. Physical & sub-int are layer 2

n addition to each Bridge Virtual Interface (BVI) IP address, you can add a separate slot/port interface that is not part of any bridge group, and that allows only management traffic to the FTD device.

The correct answers are A (Physical) and C (Subinterface). (Diagnostic) is not correct because Diagnostic interfaces are used for troubleshooting and are not used for normal network traffic. https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuring-firepower-threat-defense-int.html