1-2-2 Flashcards
In which firewall mode does Cisco Secure Firewall operate without IP addresses on its interfaces?
Transparent mode.
What are the two firewall modes available in Cisco Secure Firewall?
Transparent and Routed modes.
What advantage does routed mode have over transparent mode in Cisco Secure Firewall?
It supports advanced services like routing, DHCP, and VPN functionalities.
Explain a practical scenario where transparent mode is preferable.
When firewall protection is required without changing the existing network addressing scheme.
What is the primary functional difference between inline interfaces and inline tap interfaces?
Inline interfaces actively block malicious traffic, while inline tap interfaces only detect and monitor copied traffic without blocking.
When would it be beneficial to deploy passive mode interfaces in your network? Provide an example scenario.
For intrusion detection purposes without affecting actual traffic flow, such as monitoring mirrored traffic for policy tuning or compliance verification.
How does clustering differ from failover pair deployments in Cisco Secure Firewall? Provide one advantage.
Clustering groups multiple firewalls actively handling traffic simultaneously, increasing throughput and availability, whereas failover pairs have one active and one standby firewall. Advantage: Enhanced scalability alongside high availability.
What scenario might justify using the fail-to-wire option with inline interfaces?
Ensuring business continuity by allowing traffic flow during firewall outages, power failures, or software upgrades.
