SNCF — Securing Networks with Firepower — Question 155

A security engineer must deploy a Cisco FTD appliance as a bump in the wire to detect intrusion events without disrupting the flow of network traffic. Which two features must be configured to accomplish the task? (Choose two.)

Answer options

• A. transparent mode
• B. tap mode
• C. bridged mode
• D. inline set pair
• E. passive interfaces

Correct answer: B, D

Explanation

The correct answers are B and D. Tap mode allows the appliance to monitor traffic passively without being part of the data path, while inline set pair enables active monitoring and response capabilities without interrupting the flow. The other options, such as transparent mode and bridged mode, do not specifically fulfill the requirement of detecting intrusions without affecting traffic flow.