SNCF — Securing Networks with Firepower — Question 192

A Cisco Secure Firewall Threat Defense device is configured in inline IPS mode to inspect all traffic that passes through the interfaces in the inline set. Which setting in the inline set configuration must be selected to allow traffic to pass through uninterrupted when VDB updates are being applied?

Answer options

• A. Tap Mode
• B. Strict TCP Enforcement
• C. Propagate Link State
• D. Snort Fail Open

Correct answer: D

Explanation

The correct answer is D, Snort Fail Open, because it allows traffic to pass through even when updates are occurring, preventing disruptions. The other options do not facilitate uninterrupted traffic flow during updates, as Tap Mode does not inspect traffic, Strict TCP Enforcement can block connections, and Propagate Link State does not manage traffic during updates.