SNCF — Securing Networks with Firepower — Question 300

An engineer is configuring two new Cisco FTD devices to replace the existing high availability firewall pair in a highly secure environment. The information exchanged between the FTD devices over the failover link must be encrypted. Which protocol supports this on the Cisco FTD?

Answer options

• A. MACsec
• B. IPsec
• C. SSH
• D. SSL

Correct answer: B

Explanation

The correct answer is B, IPsec, as it is specifically designed to provide encryption for data being transmitted over IP networks, including failover links in Cisco FTD devices. MACsec (A) is used for layer 2 encryption and does not apply here, while SSH (C) and SSL (D) are used for secure remote access and web traffic encryption, respectively, but are not suitable for encrypting failover communication between firewalls.