SNCF — Securing Networks with Firepower — Question 44

A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet. How is this accomplished on an
FTD device in routed mode?

Answer options

• A. by assigning an inline set interface
• B. by using a BVI and creating a BVI IP address in the same subnet as the user segment
• C. by leveraging the ARP to direct traffic through the firewall
• D. by bypassing protocol inspection by leveraging pre-filter rules

Correct answer: B

Explanation

The correct answer is B because using a Bridge Virtual Interface (BVI) allows the FTD device to inspect traffic while remaining in the same subnet as the user segment. Options A, C, and D do not facilitate the requirement of extending the user segment without creating a new IP subnet, making them invalid choices for this scenario.