Free Cisco 300-710 Actual Exam Questions - Question 1 Discussion
pair in a highly secure environment. The information exchanged between the FTD devices over the
failover link must be encrypted. Which protocol supports this on the Cisco FTD?
It’s A. IPsec is the go-to for securing failover communication on Cisco devices, not just general VPN use. MACsec isn’t commonly used on FTD failover links.
A/D? IPsec is widely used for secure device communication and is definitely supported by Cisco FTD for failover encryption, but MACsec’s link-layer encryption might be more specialized here. Worth considering both.
Makes sense to go with D here since MACsec encrypts at the link layer and is perfect for direct device-to-device failover links. A feels too broad for this specific use case. D
It’s D, since MACsec encrypts the actual failover link at the data link layer directly.
MACsec definitely stands out since it’s built for securing direct links between devices, which sounds like what the failover link needs. IPsec usually handles encrypting traffic over broader networks, not necessarily point-to-point device failover communication. SSH and SSL don’t really fit here since they’re more about remote management or web-based encryption, not link-level encryption. So, is it safe to say MACsec is the better option here for encrypting the failover link specifically?
D vs A? MACsec is designed specifically for link-layer encryption between devices, which fits the failover link scenario better than IPsec that usually handles network-layer VPNs.
Gotta go with A on this one.