SNCF — Securing Networks with Firepower — Question 169

An engineer is configuring a Cisco FTD device to place on the Finance VLAN to provide additional protection for company financial data. The device must be deployed without requiring any changes on the end user workstations, which currently use DHCP to obtain an IP address. How must the engineer deploy the device to meet this requirement?

Answer options

• A. Deploy the device in transparent mode and enable the DHCP Server feature.
• B. Deploy the device in routed mode and enable the DHCP Relay feature.
• C. Deploy the device in transparent mode and allow DHCP traffic in the access control policies.
• D. Deploy the device in routed mode and allow DHCP traffic in the access control policies.

Correct answer: C

Explanation

The correct answer is C because deploying the device in transparent mode allows it to pass traffic without needing to alter the network configuration, while permitting DHCP traffic ensures that DHCP requests from workstations are not blocked. Options A and B either require additional configuration that could affect end users or do not align with the requirement of no changes to workstations. Option D involves routed mode, which is not suitable for this scenario.