Which of these is mandatory when configuring Cisco IOS Firewall?
A.
Cisco IOS IPS enabled on the untrusted interface
B.
NBAR enabled to perform protocol discovery and deep packet inspection
C.
a route map to define the trusted outgoing traffic
D.
a route map to define the application inspection rules
E.
an inbound extended ACL applied to the untrusted interface
Explanation:
The inbound IP access list at the external interface must be an extended access list. This inbound access list should deny traffic that you want to be inspected by CBAC. (CBAC will create temporary openings in this inbound access list as appropriate to permit only return traffic that is part of a valid, existing session.)