Refer to the exhibit. A router is configured with a zone-based policy firewall as shown. Which two statements describe how traffic between the LAN and external hosts will be processed? (Choose two.)
- All traffic sourced from the LAN zone that does not match the HTTP, HTTPS, or DNS protocols is dropped.
- Any traffic originating from the EXTERNAL zone is inspected and permitted into the LAN zone.
- HTTP, HTTPS and DNS traffic destined for the router itself is not permitted by this policy.
- Traffic originating from the LAN zone that matches the HTTP, HTTPS, or DNS protocols is inspected and permitted.
- All HTTP, HTTPS, and DNS responses originating from the EXTERNAL zone destined for the LAN zone are dropped.
Explanation & Hint:
HTTP, HTTPS, and DNS traffic sourced from the LAN zone and destined for the EXTERNAL zone will be inspected. Traffic sourced from the EXTERNAL zone and destined for the LAN zone will only be allowed if it is part of sessions originally initiated by LAN zone hosts. Also, notice thethat will drop all other traffic that is not a member of the WEB-TRAFFIC class. Traffic to and from the router is not affected unless the zone pairs are configured using the predefined self zone. |