Exam 300-710 topic 1 question 226 discussion

A and B (or A and E which send a copy of traffic) observe the table configurations that have, "No" under "Traffic can be Dropped". These are IDS settings. https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200924-configuring-firepower-threat-defense-int.html#:~:text=Here%20is%20a%20high%20level%20overview%20of%20the%20various%20FTD%20deployment%20and%20interface%20modes

Transparent mode is a deployment option and not a feature. Inline set with tap mode can achieve what is required: a bump in the wire with a passive way to analyze traffic without "disturbing" it

A&D. Both the FTD book and the Cisco fonfiguration manual refer to Inline Set and Transparent modes as "bump in the wire". Control-F both documents for "bump" and the only place your find the reference is either Inline-Sets or Transparent mode.

A&D. Both the FTD book and the Cisco fonfiguration manual refer to Inline Set and Transparent modes as "bump in the wire". Control-F both documents for "bump" and the only place your find the reference is either Inline-Sets or Transparent mode.

It's B&D. "The firewall mode only affects regular firewall interfaces, and not IPS-only interfaces such as inline sets or passive interfaces. IPS-only interfaces can be used in both firewall modes." https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/interface_overview_for_firepower_threat_defense.html#concept_DB45E8BBB07946728427FF98DB2DC56D

A&B. Transparent mode and inline set mode function as bump in the wire.

* B) is a must, since the question says "detect intrusions" & "not disturb the flow of packets",, meaning no drops. if you go for transparent (A), then it'll drop packets, unless you modify the IPS policy to not drop packets. * the other choice i'd go for is (D), since inline sets are needed for tap mode to work (also needed for transparent).

A&D From Cisco FTD Book Inline Mode Versus Transparent Mode Both Inline Mode and Transparent Mode work like bumps in the wire, which means they are invisible to the connected devices. However, they are two different techniques. In Inline Mode, the interfaces on an interface pair are network agnostic. They can send and receive any traffic, as long as the policies permit. In addition, you do not need to configure IP addresses on any of the member interfaces of an inline-pair

B & D Inline Set, with optional Tap mode—An inline set acts like a bump on the wire, and binds two interfaces together to slot into an existing network. This function allows the FTD to be installed in any network environment without the configuration of adjacent network devices. Inline interfaces receive all traffic unconditionally, but all traffic received on these interfaces is retransmitted out of an inline set unless explicitly dropped. https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html

I would say A&B- both config guide descriptions use the term Bump in the wire and a TAP mode interface hase to be inline to begin with. https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html https://www.cisco.com/c/en/us/td/docs/security/firepower/650/configuration/guide/fpmc-config-guide-v65/inline_sets_and_passive_interfaces_for_firepower_threat_defense.html

A & B Transparent mode as a Bumbp in the wired Tap Mode to does not block the traffic

B & D. To detect intrusion events you need inline set and not to block traffic it has to be TAP