Site icon

Cisco FirePower (FTD) Interview Questions and Answers

This article will help you crack your next Network security interview. this document solely focuses on Cisco Firepower Threat Defense. it covers all the current questions that are being asked.

Q. What is FTD?
FTD is one of the latest firewall software that has been launched by cisco which would provide the firewall capability as well as IPS/IDS which would provide you the details of about the incoming traffic to your network and block the malicious traffic based upon the IPS signatures, SHA value, globally recognized malicious IP and domains.

Q. On which platform FTD can be deployed?
FTD can be deployed on both physical and virtual appliances

Q. How can we manage FTD?
FTD has both on box and off box management capabilities available

Q. What is FMC?
FMC (Firepower Management Center) provides you the off-box management capability for FTD. This is the management box for the FTD which can manage multiple FTD at the same time. The policies are configured on the FMC and are deployed to FTDs it also stores your connection log for the traffic which is either incoming or which has been initiated form your network.

Q. What are the advantages of FMC?
FMC provides a unified log collection capability that can store the connection event logs, intrusion log and malware log for a certain amount of time you can view the log and generate report to give your enterprise a full network visibility. FMC can we integrated with Cisco ISE, cisco threat grid and cisco AMP for endpoints to provide identity firewall sandboxing and SHA values. FMC can be integrated with syslog and estreamer (splunk, hp arc sight) to forward the logs.

Q. On which platform FMC can be deployed?
FMC can be deployed on hardware as well as on virtual platforms

Q. What are license required for FTD?
We need Smart license for FTD to operate,  the different licenses are as follows

The virtual FMC also requires a perpetual license to manage FTD.

Q. What is the mode in that an FTD can be deployed?
FTD is deployed in two modes

Q. How can be the interfaces be deployed on FTD?
The interface on FTD can be deployed on the following modes

Q. What Inline pair with tap mode?
A copy of the packet is sent when the interfaces are deployed in inline mode with tap mode enabled and the actual traffic is not dropped.

Q. How does the packet flow on FTD?
FTD is made up of two engines lina (asa component) and snort ( firepower) when the packets arrive on FTD it first processed through the lina engine and then it is sent to snort for further deep packet inspection and once the packet is inspected on snort then it is sent back again to lina for some other checks and finally exists out of FTD.

Q. What is pre-filter policy?
The pre-filter policy was introduced from firepower version 6.1 the use of pre-filter policy is

There are three types of pre-filter policy that can be configured on firepower.

Q. What is a NAP?
NAP or network analysis policy process packet in a phased manner where it does the following functions

Q. What is ACP?
The ACP or access-control policy are the rules that are configured of the FTD and which are deployed into the FTD. Each firewall can only have one ACP assigned to it. ACP will also help to define the traffic which you need to send for analysis under IPS, file policy. The different actions that can be configured in the IPS rule are.

Q. What is file policy?
File policies are basically the malware policies that are created on FTD, this policy helps to block the malicious file based upon the SHA. The file policy needs to be bound with the ACP.
The action which can be configured for the file policies are

Q. What is dynamic analysis policy under file policy?
Whenever there is a new file whose SHA value is not known then the FTD can send fthe ile to cisco cloud to analyze it and provide a reputation to file i.e. clean, unknown and malware.

Q. What are SI and DNS policy?
SI and DNS policy are basically the feed of malicious IPs domain which is populated by Talos to block the traffic destined for the malicious domain. When we block traffic based on the SI it helps to reduce the resource utilization of the device.

Q. What is identity policy?
Identity policy are the rules are the user-based policy that can be configured on the firewall. FTD can be integrated with AD to get the user information to create a policy based upon the specific set of the users.
FTD can be integrated with ISE and user agent to get the user to IP mapping of the user.
Identity policy uses two methods of authentication

Q. How can FTD detect encrypted traffic?
We can configure ssl-decryption on the FTD to decrypt the ssl traffic and to send it for further inspections the ssl policies are applied to the whole box. The action which can be configured for ssl policy are

Q. What is flex config on FTD?
There are few configs that are available on the lina (ASA part) which are not directly supported through FMC hence flex config generates a sequence of ASA commands that can be deployed on the FTD.

Q. What are different alerts that can be configured on the FTD?
The alerts that can be configured on the FTD are

Q. What are the Geo-location rules?
Geo-location will help you to configure rules based upon the geographical location of the ip address you can block the ip address from continent or country.

Q. What are platform settings?
Platform settings are basically the FTD related config which can be configured such as arp inspection, banner, DNS, SNMP, timeout etc.

Q. What are the different mode of deployment of FPR chassis in the network?
FPR 4100 and 9300 chassis can be single instance mode (single context mode on ASA), multi instance mode (multi-context ASA) in HA and in cluster mode.

FTD 2100 and ASA 5500 can be deployed in single instance HA mode only.

ISE interview question and answer

Information Security interview questions

Exit mobile version