ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-401 All Questions

View all questions & answers for the 350-401 exam
Go to Exam

Exam 350-401 topic 1 question 257 discussion

Actual exam question from Cisco's 350-401
Question #: 257
Topic #: 1
[All 350-401 Questions]

Which NGFW mode blocks flows crossing the firewall?

  • A. tap
  • B. inline
  • C. passive
  • D. inline tap
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by J_C_STUDY at Aug. 23, 2020, 4:23 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
fc719d6
1 month ago
Selected Answer: B
B is correct
upvoted 1 times
...
Abbribas
5 months, 2 weeks ago
Selected Answer: B
In inline mode the NGFW acts as a gatekeeper, analyzing and enforcing policies on all traffic in real-time.
upvoted 1 times
...
AbdullahMohammad251
8 months ago
Selected Answer: B
From the option provided, only option 'B' can block traffic. When Inline Pair Mode is in use, packets can be blocked since they are processed inline. When Tap Mode is enabled, a copy of the packet is inspected and dropped internally while the actual traffic goes through FTD unmodified. Inline pair mode is an active mode, Tap mode is a passive mode. https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200924-configuring-firepower-threat-defense-int.html#toc-hId-1297094981:~:text=Yes-,Inline%20Pair,No,-Configure%20Inline%20Pair
upvoted 3 times
...
[Removed]
11 months, 1 week ago
Selected Answer: B
B is correct In a Next-Generation Firewall (NGFW), the "inline" mode makes the NGFW actively inspects and filters traffic as it passes through, allowing or blocking flows based on defined security policies.
upvoted 1 times
...
shamkhal
3 years, 2 months ago
Selected Answer: B
provided answer is correct
upvoted 2 times
...
hex2
3 years, 3 months ago
Selected Answer: B
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200924-configuring-firepower-threat-defense-int.html Check out the table under "Here is a high level overview of the various FTD deployment and interface modes". Tap doesn't exist and Inline Pair is the only mode traffic CAN be dropped in. Of course the question implies its asking what mode will block ALL flows, I suspect that's a grammar problem.
upvoted 2 times
...
kthekillerc
3 years, 7 months ago
Provided answer is correct
upvoted 2 times
...
circledan
4 years, 1 month ago
Should be B. In the reference, there is table: "Traffic can be DROPPED" column, inline pair - Yes, inline TAP - No.
upvoted 4 times
...
rezavage
4 years, 5 months ago
B is correct . only inline mode place the FTD in the path of actual data and the FTD can drop packets. Inline Tap just log the bad packets but do not disturb the flow . and passive mode FTD is sit out of the data path and receive mirrored data from SPAN port.
upvoted 2 times
...
Summa
4 years, 6 months ago
should be D. INLINE allows those traffic from paired interfaces. INLINE TAP blocks all traffic. PASSIVE does nothing on traffics, allows all.
upvoted 1 times
...
XalaGyan
4 years, 7 months ago
Answer B is correct for every sort of firewall. if it is not INLINE in the traffic it cannot block anything.
upvoted 2 times
...
J_C_STUDY
4 years, 8 months ago
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200924-configuring-firepower-threat-defense-int.html#anc4
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago