SNCF — Securing Networks with Firepower — Question 121

An engineer wants to connect a single IP subnet through a Cisco FTD firewall and enforce policy. There is a requirement to present the internal IP subnet to the outside as a different IP address. What must be configured to meet these requirements?

Answer options

• A. Configure the Cisco FTD firewall in routed mode with NAT enabled.
• B. Configure the upstream router to perform NAT.
• C. Configure the Cisco FTD firewall in transparent mode with NAT enabled.
• D. Configure the downstream router to perform NAT.

Correct answer: A

Explanation

The correct answer is A because configuring the Cisco FTD firewall in routed mode with NAT allows for the translation of the internal IP subnet to a different external IP address. Options B and D suggest performing NAT on routers, which would not enforce policy through the FTD firewall. Option C is incorrect because transparent mode does not support NAT in the same way as routed mode.