Which two features are supported in CBAC on IPv6? (Choose two.)
A.
Intrusion Detection System inspection
B.
inspection of encrypted packets
C.
inspection of tunneled packets in transit
D.
inspection of packets on nonstandard ports
E.
inspection of fragmented packets
Explanation:
IPv6 packets tunneled in IPv4 are not inspected. If a tunnel terminates on a router, and
IPv6 traffic exiting the tunnel is nonterminating, then the traffic is inspected.
Using the port information, PAM establishes a table of default port-to-application mapping information at the firewall. The information in the PAM table enables Contextbased Access Control (CBAC) supported services to run on nonstandard ports
When Virtual Fragment Reassembly is enabled, VFR processing begins after ACL input
lists are checked against incoming packets. The incoming packets are tagged with the
appropriate VFR information.
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_cbac_fw/configuration/15-
2mt/ip6-firewall.html#GUID-183AE99F-284F-4152-9443-B13AEA0DBB29