SNCF — Securing Networks with Firepower — Question 70

A network engineer implements a new Cisco Firepower device on the network to take advantage of its intrusion detection functionality. There is a requirement to analyze the traffic going across the device, alert on any malicious traffic, and appear as a bump in the wire. How should this be implemented?

Answer options

• A. Specify the BVI IP address as the default gateway for connected devices
• B. Enable routing on the Cisco Firepower
• C. Add an IP address to the physical Cisco Firepower interfaces
• D. Configure a bridge group in transparent mode

Correct answer: D

Explanation

The correct answer is D because configuring a bridge group in transparent mode allows the Cisco Firepower to inspect traffic without altering its address, enabling it to function as a bump in the wire. Options A, B, and C are incorrect as they involve routing or IP address assignments that do not align with the requirement for transparency in traffic analysis.