When a Cisco IOS zone-based policy firewall is being configured, which three actions can be applied to a traffic class? (Choose three.)
Explanation: The inspect CCP action is similar to the classic firewall ip inspect command in that it inspects traffic going through the firewall and allowing return traffic that is part of the same flow to pass through the firewall. The drop action is similar to the deny parameter in an ACL. This action drops whatever traffic fits the defined policy. The pass action is similar to a permit ACL statement--traffic is allowed to pass through because it met the criteria of the defined policy statement.
Exam with this question: Modules 8 - 10: ACLs and Firewalls Group Exam Answers
Exam with this question: Checkpoint Exam: Firewalls, Cryptography, and Cloud Security Answers
Exam with this question: Network Defense - My Knowledge Check Answers