1. Which statement accurately describes Cisco IOS zone-based policy firewall operation?
- The pass action works in only one direction.
- A router interface can belong to multiple zones.
- Router management interfaces must be manually assigned to the self zone.
- Service policies are applied in interface configuration mode.
2. How does ZPF handle traffic between an interface that is a zone member and another interface that does not belong to any zone?
3. Which statement describes a factor to be considered when configuring a zone-based policy firewall?
- The classic firewall ip inspect command can coexist with ZPF as long as it is used on interfaces that are in the same security zones.
- The router always filters the traffic between interfaces in the same zone.
- A zone must be configured with the zone security global command before it can be used in the zone-member security command.
- An interface can belong to multiple zones.
4. Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?
- An administrator can assign interfaces to zones, regardless of whether the zone has been configured.
- By default, traffic is allowed to flow between a zone member interface and any interface that is not a zone member.
- An administrator can assign an interface to multiple security zones.
- By default, traffic is allowed to flow among interfaces that are members of the same zone.
5. Designing a ZPF requires several steps. Which step involves defining boundaries where traffic is subjected to policy restrictions as it crosses to another region of the network?
- determine the zones
- design the physical infrastructure
- identify subsets within zones and merge traffic requirements
- establish policies between zones
6. When a Cisco IOS zone-based policy firewall is being configured, which two actions can be applied to a traffic class? (Choose two.)
7. Which three statements describe zone-based policy firewall rules that govern interface behavior and the traffic moving between zone member interfaces? (Choose three.)
- To permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone.
- If traffic is to flow between all interfaces in a router, each interface must be a member of a zone.
- Interfaces can be assigned to a zone before the zone is created.
- An interface can be assigned to multiple security zones.
- Traffic is implicitly prevented from flowing by default among interfaces that are members of the same zone.
- Pass, inspect, and drop options can only be applied between two zones.
8. Which statement describes a feature of a zone-based policy firewall?
- All traffic through a given interface is subject to the same inspection.
- It uses a flat, non-hierarchical data structure making it easier to configure and troubleshoot.
- The router security posture is to allow traffic unless explicitly blocked.
- It does not depend on ACLs.
9. In what step of zone-based policy firewall configuration is traffic identified for policy application?
- creating policy maps
- configuring class maps
- defining zones
- assigning policy maps to zones
10. When configuring a class map for a zone-based policy firewall, how is the match criteria applied when using the match-all parameter?
- Traffic must match all of the criteria solely defined by ACLs.
- Traffic must match at least one of the match criteria statements.
- Traffic must match all of the match criteria specified in the statement.
- Traffic must match the first criteria in the statement.
11. In ZPF design, what is described as the self zone?
- a predefined cluster of routers with configured interfaces
- a predefined cluster of servers with configured interfaces
- the outward facing interface on the edge router
- the router itself, including all interfaces with assigned IP addresses
12. Which statement describes a zone when implementing ZPF on a Cisco router?
- Only one zone can be attached to a single interface.
- A zone is used to define security policies for a unique interface on the router.
- A zone is used to implement traffic filtering for either TCP or UDP.
- A zone establishes a security border of a network.