An organization has a Cisco IPS running in inline mode and is inspecting traffic for malicious activity. When traffic is received by the Cisco IPS, if it is not dropped, how does the traffic get to its destination?
A.
It is retransmitted from the Cisco IPS inline set
B.
The packets are duplicated and a copy is sent to the destination
C.
It is transmitted out of the Cisco IPS outside interface
D.
It is routed back to the Cisco ASA interfaces for transmission
The Answer is absolutely A.
"Inline interfaces receive all traffic unconditionally, but all traffic
received on these interfaces is retransmitted out of an inline set unless explicitly dropped."
You can verify my answer here: https://www.cisco.com/c/en/us/td/docs/security/firepower/601/configuration/guide/fpmc-config-guide-v601/fpmc-config-guide-v60_chapter_01011010.pdf
The third page, under (Inline IPS Deployments)
If the Cisco IPS in inline mode does not drop the traffic after inspection, it forwards the traffic directly to its destination via its outbound interface, but after reading the article below I will select A.
I believe D is correct, its just a poor choice of words....go figure. No matter if it is the Cisco IPS or and FTD the traffic is handed back to the LINA engine to be put out on the wire based on the SNORT verdict. Although the CISCO IPS no longer exist (TG!)
I was on the same line of thoughts with but they used the word "routed", which is not the case. Unfortunately these kind of questions are no longer testing candidates knowledge but are testing the focus capacity on phrasing, which in my opinion it is bad!
If traffic is not dropped by the Cisco IPS running in inline mode, the packets are retransmitted from the IPS inline set to the original destination. So, the correct option is A.
I believe D is correct. The fact the question says Cisco IPS and not Cisco Firepower, it is probably an ASA. I don't think it has inline set interfaces as an option, only inline and tap mode. Traffic that's not dropped goes Lina -> Snort -> and back to Lina for transmission to the destination even in FTD. And the question is asking how it reaches the destination as well. If the question said Cisco FTD, it would definitely be onboard with A as the answer.
And why not C?
It mentions that the IPS transmits it through the outside interface, which would be the interface through which the traffic belonging to the Inline-set will go out.
C is not the best answer. You have to make a couple unconventional assumptions about the outside interface for C to correct. Such as, "Outside" interface kind of implies the connection to your ISP, which is a routed interface. (see others below on that.)
Must be A
IPS-only interfaces can be deployed as the following types:
Inline Set, with optional Tap mode—An inline set acts like a bump on the wire, and binds two interfaces together to slot into an existing network. This function allows the FTD to be installed in any network environment without the configuration of adjacent network devices. Inline interfaces receive all traffic unconditionally, but all traffic received on these interfaces is retransmitted out of an inline set unless explicitly dropped.
The IPS-only (inline mode) does not have routing possibilities.
So, A is correct
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.300-710 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
eazy99
Highly Voted 1 year, 7 months agod0980cc
Most Recent 2 months agoTHEODORABLE
5 months, 3 weeks agoSilexis
3 months, 1 week agoJoe_Blue
8 months agoxziomal9
1 year, 4 months agoReece_S
1 year, 6 months agoGabranch
5 months, 2 weeks agoERGEGA
1 year, 8 months agoNoOn3x
1 year, 9 months agotrickbot
1 year, 8 months agoion123
1 year, 10 months agoonefa
2 years agoelliot67
2 years ago