SNCF — Securing Networks with Firepower — Question 23

An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs. Each DMZ has a unique private IP subnet range. How is this requirement satisfied?

Answer options

• A. Deploy the firewall in transparent mode with access control policies
• B. Deploy the firewall in routed mode with access control policies
• C. Deploy the firewall in routed mode with NAT configured
• D. Deploy the firewall in transparent mode with NAT configured

Correct answer: B

Explanation

The correct answer is B because deploying the firewall in routed mode allows it to manage traffic between different subnets effectively, applying access control policies for security. Options A and D use transparent mode, which does not support routing between different subnets, making them unsuitable. Option C includes NAT, which is unnecessary for managing multiple DMZs with unique private IP subnets.