Which statement is correct regarding the “sdm-permit” policy map?

Zone-based Firewall SDM Simlet
Which statement is correct regarding the �sdm-permit� policy map?
exhibit

Zone-based Firewall SDM Simlet


Which statement is correct regarding the “sdm-permit” policy map?

A.
Traffic not matched by any of the class maps within that policy map will be inspected.

B.
Traffic matching the “sdm-access” traffic class will be inspected.

C.
Traffic matching the “SDM_CA_SERVER” traffic class will be dropped.

D.
That policy map is applied to traffic sourced from the “self” zone and destined to the “out-zone” zone.

Explanation:
Go to “C3PL/policy Map/Protocol Inspection” and choose “smd-permit”, you will see the following “Match Class Name” and “Action:

SDM_CA_SERVER Inspect
sdm-access Inspect
class-default Drop

Based on the above information, the action on Traffic matching the “SDM_CA_SERVER” traffic class is “inspect” not “Drop”. Therefore, the answer C is wrong.

The correct answer is B. Traffic matching the “sdm-access” traffic class will be inspected.



Leave a Reply 1

Your email address will not be published. Required fields are marked *