What is a valid implicit permit rule for traffic that i…

What is a valid implicit permit rule for traffic that is traversing the ASA firewall?

What is a valid implicit permit rule for traffic that is traversing the ASA firewall?

A.
Unicast IPv6 traffic from a higher security interface to a lower security interface is permitted in transparent
mode only

B.
Only BPDUs from a higher security interface to a lower security interface are permitted in routed mode

C.
Unicast IPv4 traffic from a higher security interface to a lower security interface is permitted in routed mode
only

D.
Only BPDUs from a higher security interface to a lower security interface are permitted in transparent mode

E.
ARPs in both directions are permitted in transparent mode only

Explanation:
Brad
Answer- E
Confidence level: 0%
Note: Never bothered to research this question.
BD
ARPs are allowed through the transparent firewall in both directions without an ACL. ARP traffic can be
controlled by ARP inspection.
It is missing the only word.
More reading here
Source: http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/introfw.html



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Michael

Michael

Option E is 100% correct
Cisco says

Implicit Permits
For routed mode, the following types of traffic are allowed through by default:

Unicast IPv4 traffic from a higher security interface to a lower security interface.
Unicast IPv6 traffic from a higher security interface to a lower security interface.

For transparent mode, the following types of traffic are allowed through by default:

Unicast IPv4 traffic from a higher security interface to a lower security interface.
Unicast IPv6 traffic from a higher security interface to a lower security interface.
ARPs in both directions.

Note ARP traffic can be controlled by ARP inspection, but cannot be controlled by an access rule.

BPDUs in both directions.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/access_rules.html