What is the difference between inline and inline tap on Cisco Firepower?
A. Inline tap mode can send a copy of the traffic to another device.
B. Inline tap mode does full packet capture.
C. Inline mode cannot do SSL decryption.
D. Inline mode can drop malicious traffic.
Which two statements about bridge-group interfaces in Cisco FTD are true? (Choose two.)
A. The BVI IP address must be in a separate subnet from the connected network.
B. Bridge groups are supported in both transparent and routed firewall modes.
C. Bridge groups are supported only in transparent firewall mode.
D. Bidirectional Forwarding Detection echo packets are allowed through the FTD when using bridge-group members.
E. Each directly connected network must be on the same subnet.
What is the benefit of selecting the trace option for packet capture?
A. The option indicates whether the packet was dropped or successful.
B. The option indicated whether the destination host responds through a different path.
C. The option limits the number of packets that are captured.
D. The option captures details of each packet.
Which command is entered in the Cisco FMC CLI to generate a troubleshooting file?
A. show running-config
B. show tech-support chassis
C. system support diagnostic-cli
D. sudo sf_troubleshoot.pl
An administrator is configuring their transparent Cisco FTD device to receive ERSPAN traffic from multiple switches on a passive port, but the Cisco FTD is not processing the traffic. What is the problem?
A. The switches do not have Layer 3 connectivity to the FTD device for GRE traffic transmission.
B. The switches were not set up with a monitor session ID that matches the flow ID defined on the Cisco FTD.
C. The Cisco FTD must be in routed mode to process ERSPAN traffic.
D. The Cisco FTD must be configured with an ERSPAN port not a passive port.
An administrator is adding a QoS policy to a Cisco FTD deployment. When a new rule is added to the policy and QoS is applied on “Interfaces in Destination Interface Objects”, no interface objects are available. What is the problem?
A. The FTD is out of available resources for use, so QoS cannot be added.
B. The network segments that the interfaces are on do not have contiguous IP space.
C. A conflict exists between the destination interface types that is preventing QoS from being added.
D. QoS is available only on routed interfaces, and this device is in transparent mode.
Which two dynamic routing protocols are supported in Cisco FTD without using FlexConfig? (Choose two.)
A. EIGRP
B. OSPF
C. static routing
D. IS-IS
E. BGP
When a Cisco FTD device is configured in transparent firewall mode, on which two interface types can an IP address be configured? (Choose two.)
A. Diagnostic
B. EtherChannel
C. BVI
D. Physical
E. Subinterface
An organization has seen a lot of traffic congestion on their links going out to the internet. There is a Cisco Firepower device that processes all of the traffic going to the internet prior to leaving the enterprise. How is the congestion alleviated so that legitimate business traffic reaches the destination?
A. Create a NAT policy so that the Cisco Firepower device does not have to translate as many addresses.
B. Create a flexconfig policy to use WCCP for application aware bandwidth limiting.
C. Create a QoS policy rate-limiting high bandwidth applications.
D. Create a VPN policy so that direct tunnels are established to the business applications.
A network engineer wants to add a third-party threat feed into the Cisco FMC for enhanced threat detection. Which action should be taken to accomplish this goal?
A. Enable Rapid Threat Containment using REST APIs.
B. Enable Rapid Threat Containment using STIX and TAXII.
C. Enable Threat Intelligence Director using REST APIs.
D. Enable Threat Intelligence Director using STIX and TAXII.
