Cisco 300-710 - Securing Networks with Cisco Firepower (300-710 SNCF)

In a passive IPS deployment for a Cisco Secure Firewall Threat Defense (FTD) device, the administrator must configure the interface to operate in passive mode. This involves setting the interface mode, associating it with a security zone, enabling the interface, and setting the MTU parameter.

Steps:

Set the interface mode to passive:

In FMC, navigate toDevices > Device Management.

Select the FTD device and configure the relevant interface.

Set the interface mode to "Passive."

Associate the interface with a security zone:

Create or select an appropriate security zone.

Assign the passive interface to this security zone.

Enable the interface:

Ensure the interface is enabled to receive traffic.

Set the MTU parameter:

Configure the Maximum Transmission Unit (MTU) parameter as required.

This ensures that the FTD device can inspect traffic passively without impacting the network flow.

A low-impact attack indicates that the host is not vulnerable to those attacks. A low-impact attack is an attack that does not exploit any known vulnerability on the target host or does not match any signature or anomaly rule on the FTD device5. A low-impact attack does not mean that the attack is not dangerous to the network or that the host is not within the administrator’s environment. It simply means that the attack did not succeed in compromising or affecting the host.

The other options are incorrect because:

All attacks are not listed as low until manually categorized. The FTD device automatically assigns an impact level to each attack based on various factors, such as vulnerability information, threat score, and confidence rating5. The impact level can be high, medium, or low, depending on how likely and how severe the attack is.

The attacks are not necessarily harmless to the network. A low-impact attack may still cause some damage or disruption to the network, such as consuming bandwidth, generating noise, or distracting attention from other attacks6. A low-impact attack may also indicate that the attacker is probing or scanning the network for potential vulnerabilities or weaknesses7.

The host is not necessarily outside the administrator’s environment. A low-impact attack can target any host on the network, regardless of its location or ownership. A low-impact attack does not imply that the host is external or irrelevant to the administrator’s environment.

To ensure high availability of internet access when deploying a pair of Cisco Secure Firewall Threat Defense (FTD) devices managed by Cisco Secure Firewall Management Center (FMC), the following features must be deployed:

Route Tracking:This feature monitors the reachability of a specified target (such as an external IP address) through the configured routes. If the route to the target is lost, the FTD can dynamically adjust the routing to use an alternate path, ensuring continuous internet access.

SLA Monitor:Service Level Agreement (SLA) monitoring works alongside route tracking to continuously verify the status and performance of the internet links. If the SLA for one of the ISP links fails (indicating the link is down or underperforming), the FTD can switch traffic to the secondary ISP link.

Steps to configure:

In FMC, navigate toDevices > Device Management.

Select the FTD device and configure route tracking to monitor the ISP links.

Configure SLA monitors to continuously check the health and performance of the internet circuits.

These configurations ensure that internet access remains available to users even if one of the ISPs goes down.