CCNA Security Chapter 15 - Implementing Cisco IOS Zone- Based Firewalls | Take the Quiz

If interface number 1 is in zone A, and interface number 2 is in zone B, and there are no policy or service commands applied yet to the configuration, what is the status of transit traffic that is being routed between these two interfaces?

Denied

Permitted

Inspected

Logged

When creating a specific zone pair and applying a policy to it, policy is being implemented on initial traffic in how many directions?

Depends on the policy

What is one of the added configuration elements that the Advanced security setting has in the ZBF Wizard that is not included in the Low security setting?

Generic TCP inspection

Generic UDP inspection

Filtering of peer-to-peer networking applications

NAT

Why is it that the return traffic, from previously inspected sessions, is allowed back to the user, in spite of not having a zone pair explicitly configured that matches on the return traffic?

Stateful entries (from the initial flow) are matched, which dynamically allows return traffic.

Return traffic is not allowed because it is a firewall.

Explicit ACL rules need to be placed on the return path to allow the return traffic.

A zone pair in the opposite direction of the initial zone pair (including an applied policy) must be applied for return traffic to be allowed.

What doe the keyword overload imply in a NAT configuration?

NAT is willing to take up to 100 percent of available CPU.

PAT is being used.

NAT will provide “best effort” but not guaranteed service, due to an overload.

Static NAT is being used.

Which of the following commands shows the current NAT translations on the router?

Show translations

Show nat translations

Show ip nat translations

Show ip nat translations *

Unlock and Upgrade

Remove all limits from your Quizzes

CCNA Security Chapter 15 - Implementing Cisco IOS Zone- Based Firewalls

More Quizzes