Free Cisco 300-710 Actual Exam Questions - Question 14 Discussion

B imo makes most sense since each DMZ has a unique subnet—routed mode lets the firewall handle traffic between them cleanly without messing with IPs like NAT would.

C imo makes less sense since NAT changes IPs, which isn’t usually needed internally between DMZs with unique subnets. Routed mode without NAT fits better here.

It’s A. Transparent mode acts like a bump in the wire and can enforce policies without needing to re-route or change IPs, which is handy for internal perimeter firewalls. Since each DMZ already has its own subnet, transparent mode avoids extra routing complexity. NAT usually isn’t needed internally between DMZs, so B with routed mode might be overkill here. Transparent mode keeps things simpler while still controlling traffic between those separate DMZs.

Makes sense to me too. B seems right because in routed mode, the firewall can handle traffic between different subnets without messing with NAT, which is more for external address translation. B

It’s B for me, since routed mode lets the firewall route between different subnets, which fits multiple DMZs with unique IP ranges. But I’m not sure if NAT is always needed here or only for internet access. Anyone else think NAT might still be required depending on traffic direction?