SNCF — Securing Networks with Firepower — Question 166

A security engineer must configure a Cisco FTD appliance to inspect traffic coming from the internet. The internet traffic will be mirrored from the Cisco Catalyst 9300 Switch. Which configuration accomplishes the task?

Answer options

• A. Set the firewall mode to routed.
• B. Set interface configuration mode to passive.
• C. Set the firewall mode to transparent.
• D. Set interface configuration mode to none.

Correct answer: B

Explanation

The correct answer is B because setting the interface configuration mode to passive allows the FTD appliance to observe traffic without interfering with it. The other options either do not allow for passive traffic monitoring or change the firewall's operational mode inappropriately for this scenario.