- (Exam Topic 1)
Within an organization's high availability environment where both firewalls are passing traffic, traffic must be segmented based on which department it is destined for. Each department is situated on a different LAN. What must be configured to meet these requirements?

1. A. span EtherChannel clustering
2. B. redundant interfaces
3. C. high availability active/standby firewalls
4. D. multi-instance firewalls

Correct Answer: D

- (Exam Topic 1)
An engineer is building a new access control policy using Cisco FMC. The policy must inspect a unique IPS policy as well as log rule matching. Which action must be taken to meet these requirements?

1. A. Configure an IPS policy and enable per-rule logging.
2. B. Disable the default IPS policy and enable global logging.
3. C. Configure an IPS policy and enable global logging.
4. D. Disable the default IPS policy and enable per-rule logging.

Correct Answer: C

- (Exam Topic 1)
When deploying a Cisco ASA Firepower module, an organization wants to evaluate the contents of the traffic without affecting the network. It is currently configured to have more than one instance of the same device on the physical appliance Which deployment mode meets the needs of the organization?

1. A. inline tap monitor-only mode
2. B. passive monitor-only mode
3. C. passive tap monitor-only mode
4. D. inline mode

Correct Answer: A
https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/configuration/firewall/asa-910-firewall-config/access Inline tap monitor-only mode (ASA inline)—In an inline tap monitor-only deployment, a copy of the traffic is sent to the ASA FirePOWER module, but it is not returned to the ASA. Inline tap mode lets you see what the ASA FirePOWER module would have done to traffic, and lets you evaluate the content of the traffic, without impacting the network. However, in this mode, the ASA does apply its policies to the traffic, so traffic can be dropped due to access rules, TCP normalization, and so forth.

- (Exam Topic 3)
Which command should be used on the Cisco FTD CLI to capture all the packets that hit an interface?

1. A. configure coredump packet-engine enable
2. B. capture-traffic
3. C. capture
4. D. capture WORD

Correct Answer: C
Reason: the command "capture-traffic" is used for SNORT Engine Captures. To capture a LINA Engine Capture, you use the "capture" command. Since the Lina Engine represents the actual physical interface of the device, "capture" is the only reasonable choice Reference: https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-de
The command is firepower# capture DMZ interface dmz trace detail match ip host 192.168.76.14 host 192.168.76.100 firepower# capture INSIDE interface inside trace detail match ip host 192.168.76.14 host 192.168.75.14

- (Exam Topic 5)
A network administrator needs to create a policy on Cisco Firepower to fast-path traffic to avoid Layer 7 inspection. The rate at which traffic is inspected must be optimized. What must be done to achieve this goal?

1. A. Enable lhe FXOS for multi-instance.
2. B. Configure a prefilter policy.
3. C. Configure modular policy framework.
4. D. Disable TCP inspection.

Correct Answer: B