What can be determined about this Cisco IOS zone based firewall policy?

On the basis of the show policy-map type inspect zone-pair session command output provided in the exhibit.What can be determined about this Cisco IOS zone based firewall policy?
exhibit

On the basis of the show policy-map type inspect zone-pair session command output provided in the exhibit.What can be determined about this Cisco IOS zone based firewall policy?

A.
This is an outbound policy (applied to traffic sourced from the more secured zone destined to the less secured zone).

B.
All packets will be dropped since the class-default traffic class is matching all traffic.

C.
This is an inbound policy (applied to traffic sourced from the less secured zone destined to the more secured zone).

D.
Stateful packet inspection will be applied only to HTTP packets that also match ACL 110.

Explanation:
The “TEST-Class” map has two match statements: Match access-group 110, and Match
protocol HTTP. To qualify for the “TEST-Class” map, both of these conditions apply, as
the “(match-all)” operator indicates. Nothing else matches this class-map, so everything
else moves on to class-map “class-default”, where the action is to Drop the traffic.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


networkmanagers

networkmanagers

I agree with the answer.