What are two benefits offered by a zone-based policy firewall on a Cisco router? (Choose two.)
- Policies are defined exclusively with ACLs.
- Policies are applied to unidirectional traffic between zones.
- Policies provide scalability because they are easy to read and troubleshoot.
- Any interface can be configured with both a ZPF and an IOS Classic Firewall.
- Virtual and physical interfaces are put in different zones to enhance security.
Explanation: There are several benefits of a ZPF:
– It is not dependent on ACLs.
– The router security posture is to block unless explicitly allowed.
– Policies are easy to read and troubleshoot. This provides scalability because one policy affects any given traffic, instead of needing multiple ACLs and inspection actions for different types of traffic.
– Virtual and physical interfaces can be grouped into zones.
– Policies are applied to unidirectional traffic between zones.
Both IOS Classic Firewalls and ZPFs can be enabled concurrently on a Cisco router. However, the models cannot be combined on a single interface.
Exam with this question: Network Security 1.0 Practice Final Exam Answers
Exam with this question: Network Defense (NetDef) Course Final Exam Answers
Please login or Register to submit your answer