Passive Interface Mode

A.

The correct answer is C. tap.

When deploying a Cisco Firepower Threat Defense (FTD) appliance in passive mode, the appliance is inserted inline with traffic flows and configured to monitor traffic without actively blocking or altering traffic. This mode is commonly used for traffic inspection and analysis.

In order to passively receive traffic that passes through the appliance, the tap interface mode must be configured. In this mode, the appliance monitors traffic flowing through a network segment by copying traffic from the switch or router to the tap interface, allowing the appliance to inspect the traffic without disrupting network traffic.

The other interface modes listed in the answer choices have different purposes:

• ERSPAN (Encapsulated Remote SPAN) is a method for mirroring traffic across Layer 3 networks. ERSPAN can be used to send mirrored traffic to a remote location for analysis.
• Firewall mode is used for traditional stateful inspection firewalling, in which the appliance actively blocks or allows traffic based on a set of security rules.
• IPS-only mode is used when the appliance is deployed purely for intrusion prevention system (IPS) functions, without any firewalling capabilities. In IPS-only mode, the appliance actively inspects and blocks traffic based on predefined signatures and rules.