You need incorporate subinterfaces with vlan IDs as logical devices on a single physical device to external host, and shared management interface strictly for management but it does not provide the necessary separation or routing for data traffic.
A management interface does not allow logical devices to communicate with each other or handle data traffic to external hosts.
My answer is C
Correct - VLAN-tagging is the way
Option D regarding shared management interface has nothing o do with control data plane access (traffic to external hosts).
Only D has the keywords in the question:
These interfaces can be shared by one or more logical devices to access external hosts;
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/firepower_threat_defense_logical_devices.html#id_77524:~:text=These%20interfaces%20can%20be%20shared%20by%20one%20or%20more%20logical%20devices%20to%20access%20external%20hosts%3B
D - like Cokemaniak said: its a literal copy from the cisco doc regarding mgmt interface for virtual devices:
These interfaces can be shared by one or more logical devices to access external hosts;
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/firepower_threat_defense_logical_devices.html#id_77524
Mgmt—Use to manage application instances. These interfaces can be shared by one or more logical devices to access external hosts; logical devices cannot communicate over this interface with other logical devices that share the interface. You can only assign one management interface per logical device. Depending on your application and manager, you can later enable management from a data interface; but you must assign a Management interface to the logical device even if you don't intend to use it after you enable data management.
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/firepower_threat_defense_logical_devices.html#id_77524
ITS C
Option C, defining VLAN subinterfaces for each logical device, is necessary to allow each logical device to access external hosts. Each logical device should be assigned its own VLAN subinterface, which can be used to route traffic to external hosts.
I am retracting my answer for D. To allow multiple logical devices on a single physical device to have access to external hosts on Cisco Firepower, VLAN subinterfaces must be defined for each logical device.
By defining VLAN subinterfaces for each logical device, traffic can be logically separated and each logical device can be assigned to a different VLAN. This allows each logical device to communicate with external hosts independently.
Option D, adding one shared management interface on all logical devices, is incorrect because a shared management interface is used to manage the device and does not provide separation between logical devices.
I think it's D: "The management interface is required. Note that this management interface is not the same as the chassis management interface that is used only for chassis management (in FXOS, you might see the chassis management interface displayed as MGMT, management0, or other similar names).
https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-4100-9300-cluster.html#id_78369
But a shared Mgmt interface is not required. Each container could have its own dedicated mgmt interface.
Option 1: shared-data interfces
Option 2: vlan subinterfaces on a shared port-channel. ( C )
Option 3: dedicated separate data interfaces
https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/firepower_threat_defense_logical_devices_for_the.html#id_90184
Mgmt—Use to manage application instances. These interfaces can be shared by one or more logical devices to access external hosts; logical devices cannot communicate over this interface with other logical devices that share the interface. You can only assign one management interface per logical device. Depending on your application and manager, you can later enable management from a data interface; but you must assign a Management interface to the logical device even if you don't intend to use it after you enable data management.
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/firepower_threat_defense_logical_devices.html
For me only C is a correct answer, management interface has nothing to do with access to external host.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.300-710 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
d0980cc
1 month, 2 weeks agoNian
2 days, 8 hours agoDoris8000
9 months agoz6st2a1jv
1 year, 5 months agoSegaMasterSystemAdmin
1 year, 10 months agoCokamaniako
1 year, 11 months agojaciro11
2 years agoJoe_Blue
2 years, 1 month agoMevijil
2 years, 2 months agoGabranch
1 year, 11 months agoJoe_Blue
2 years, 2 months agoLolob
2 years, 2 months ago