Zone-based Firewall SDM Simlet
Which statement is correct regarding the “sdm-permit” policy map?
A.
Traffic not matched by any of the class maps within that policy map will be inspected.
B.
Traffic matching the “sdm-access” traffic class will be inspected.
C.
Traffic matching the “SDM_CA_SERVER” traffic class will be dropped.
D.
That policy map is applied to traffic sourced from the “self” zone and destined to the “out-zone” zone.
Explanation:
Go to “C3PL/policy Map/Protocol Inspection” and choose “smd-permit”, you will see the following “Match Class Name” and “Action:SDM_CA_SERVER Inspect
sdm-access Inspect
class-default DropBased on the above information, the action on Traffic matching the “SDM_CA_SERVER” traffic class is “inspect” not “Drop”. Therefore, the answer C is wrong.
The correct answer is B. Traffic matching the “sdm-access” traffic class will be inspected.