When using Cisco IOS zone-based policy firewall, where is the inspection policy applied? to a global service policy to an interface to a zone to a zone pair Answers Explanation…
Which two rules about interfaces are valid when implementing a Zone-Based Policy Firewall? (Choose two.) If neither interface is a zone member, then the action is to pass traffic. If…
What is the result in the self zone if a router is the source or destination of traffic? No traffic is permitted. All traffic is permitted. Only traffic that originates…
When a Cisco IOS zone-based policy firewall is being configured, which three actions can be applied to a traffic class? (Choose three.) drop inspect pass reroute queue shape Answers Explanation…
Designing a ZPF requires several steps. Which step involves dictating the number of devices between most-secure and least-secure zones and determining redundant devices? determine the zones establish policies between zones…
Which two statements describe the two configuration models for Cisco IOS firewalls? (Choose two.) The IOS Classic Firewall and ZPF cannot be combined on a single interface. ZPF must be…
When implementing a ZPF, what is the default security setting when forwarding traffic between two interfaces in the same zone? Traffic between interfaces in the same zone is selectively forwarded…
How does a firewall handle traffic when it is originating from the public network and traveling to the private network? Traffic that is originating from the public network is not…
What are two differences between stateful and stateless firewalls? (Choose two.) A stateless firewall is able to filter sessions that use dynamic port negotiations while a stateful firewall cannot. A…
Which type of firewall makes use of a proxy server to connect to remote servers on behalf of clients? stateful firewall stateless firewall packet filtering firewall application gateway firewall Answers…
What are two possible limitations of using a firewall in a network? (Choose two.) It cannot sanitize protocol flows. A misconfigured firewall can create a single point of failure. Network…
When implementing components into an enterprise network, what is the purpose of a firewall? A firewall is a system that stores vast quantities of sensitive and business-critical information. A firewall…
What are two characteristics of a stateful firewall? (Choose two.) uses static packet filtering techniques uses connection information maintained in a state table analyzes traffic at Layers 3, 4 and…
What is one limitation of a stateful firewall? poor log information weak user authentication cannot filter unnecessary traffic not as effective with UDP- or ICMP-based traffic Answers Explanation & Hints:…
What is one benefit of using a stateful firewall instead of a proxy server? prevention of Layer 7 attacks better performance ability to perform user authentication ability to perform packet…
Refer to the exhibit. A network administrator created an IPv6 ACL to block the Telnet traffic from the 2001:DB8:CAFE:10::/64 network to the 2001:DB8:CAFE:30::/64 network. What is a command the administrator…
A security specialist designs an ACL to deny access to a web server from all sales staff. The sales staff are assigned addressing from the IPv6 subnet 2001:db8:48:2c::/64. The web…
What two statements describe characteristics of IPv6 access control lists? (Choose two.) They can be named or numbered. They are applied to an interface with the ip access-group command .…
In the creation of an IPv6 ACL, what is the purpose of the implicit final command entries, permit icmp any any nd-na and permit icmp any any nd-ns ? to…
Which two types of addresses should be denied inbound on a router interface that attaches to the Internet? (Choose two.) private IP addresses public IP addresses NAT translated IP addresses…