What are two benefits offered by a zone-based policy firewall on a Cisco router? (Choose two.)

What are two benefits offered by a zone-based policy firewall on a Cisco router? (Choose two.)

• Policies are defined exclusively with ACLs.
• Policies are applied to unidirectional traffic between zones.
• Policies provide scalability because they are easy to read and troubleshoot.
• Any interface can be configured with both a ZPF and an IOS Classic Firewall.
• Virtual and physical interfaces are put in different zones to enhance security.

Explanation: There are several benefits of a ZPF:
– It is not dependent on ACLs.
– The router security posture is to block unless explicitly allowed.
– Policies are easy to read and troubleshoot. This provides scalability because one policy affects any given traffic, instead of needing multiple ACLs and inspection actions for different types of traffic.
– Virtual and physical interfaces can be grouped into zones.
– Policies are applied to unidirectional traffic between zones.
Both IOS Classic Firewalls and ZPFs can be enabled concurrently on a Cisco router. However, the models cannot be combined on a single interface.

Exam with this question: Network Security 1.0 Practice Final Exam Answers
Exam with this question: Network Defense (NetDef) Course Final Exam Answers