Which two dynamic routing protocols are supported in Firepower Threat Defense without using FlexConfig? (Choose two.)
A. EIGRP
B. OSPF
C. static routing
D. IS-IS
E. BGP
Correct Answer: BE
"static routing" is wrong, OSPF and BGP are the right choice, both can be configured with Smart CLI without FlexConfig Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-routing.html
Question 282:
Which Cisco Firepower Threat Defense, which two interface settings are required when configuring a routed interface? (Choose two.)
With Cisco Firepower Threat Defense software, which interface mode must be configured to passively receive traffic that passes through the appliance?
A. inline set
B. passive
C. routed
D. inline tap
Correct Answer: B
In passive mode, the only copy of the traffic will be sent to FTD from a network device for traffic inspection, and original traffic never passes through it.
I think the answer should be "inline TAP," in FTD interface configuration, we configure the mode as "none," and in the inline pair section in the advanced tab, check the "Tap Mode:" option.
In FMC online help section:
In the Mode drop-down list, choose one of the following:
None-Choose this setting for regular firewall interfaces and inline sets. The mode will automatically be changed to Routed, Switched, or Inline based on further configuration.
What is the difference between inline and inline tap on Cisco Firepower?
A. Inline tap mode can send a copy of the traffic to another device.
B. Inline tap mode does full packet capture.
C. Inline mode cannot do SSL decryption.
D. Inline mode can drop malicious traffic.
Correct Answer: D
INLINE TAP
Copies the data to the SNORT Engine to be checked but then dropped while the actual data flow continues uninterrupted. Therefore, INLINE TAP does not send traffic to another device.
The Data is copied but not captured. You still would need to enable packet capture to capture packets (AKA Save PCAP).
INLINE:
Both inline and Inline Tap mode do not support SSL Decryption-resign... Although im a bit conflicted by this....
Truth is that Inline Mode can DROP malicious traffic but remember that Inline TAP mode CANNOT. Agan this is because tap mode sends a copy of the data to be inspected but not the actual data.
Question 289:
On the advanced tab under inline set properties, which allows interfaces to emulate a passive interface?
A. transparent inline mode
B. TAP mode
C. strict TCP enforcement
D. propagate link state
Correct Answer: B
Click Advanced to set the following optional parameters:
CORRECT ANSWER (B) Tap Mode — Set to inline tap mode.
INCORRECT ANSWER Propagate Link State:
Link state propagation automatically brings down the second interface in the inline interface pair when one of the interfaces in an inline set goes down. When the downed interface comes back up, the second interface automatically comes
back up, also. In other words, if the link state of one interface changes, the device senses the change and updates the link state of the other interface to match it. Note that devices require up to 4 seconds to propagate link state changes. Link
state propagation is especially useful in resilient network environments where routers are configured to reroute traffic automatically around network devices that are in a failure state.
What is a result of enabling Cisco FTD clustering?
A. For the dynamic routing feature, if the master unit fails, the newly elected master unit maintains all existing connections.
B. Integrated Routing and Bridging is supported on the master unit.
C. Site-to-site VPN functionality is limited to the master unit, and all VPN connections are dropped if the master unit fails.
D. All Firepower appliances can support Cisco FTD clustering.
Correct Answer: C
"Remote access VPN is not supported with clustering. VPN functionality is limited to the control unit and does not take advantage of the cluster high availability capabilities.
If the control unit fails, all existing VPN connections are lost, and VPN users will see a disruption in service. When a new control unit is elected, you must re-establish the VPN connections.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-710 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.