When a Cisco IOS Zone-Based Policy Firewall is being configured, which two actions can be applied to a traffic class? (Choose two.)
Explanation: The three actions that can be applied are inspect, drop,and pass.
Inspect – This action offers state-based traffic control.
Drop – This is the default action for all traffic. Similar to the implicit deny any at the end of every ACL, there is an explicit drop applied by the IOS to the end of every policy map.
Pass – This action allows the router to forward traffic from one zone to another.
Explanation: The three actions that can be applied are inspect, drop,and pass. The inspect CCP action is similar to the classic firewall ip inspect command in that it inspects traffic going through the firewall and allowing return traffic that is part of the same flow to pass through the firewall. The drop action is similar to the deny parameter in an ACL. This action drops whatever traffic fits the defined policy. The pass action is similar to a permit ACL statement–traffic is allowed to pass through because it met the criteria of the defined policy statement.
More Questions: CCNA Security Chapter 4 Exam Answers
More Questions: Module 10: Quiz – Zone-Based Firewalls Network Security
More Questions: Network Security 1.0 Practice Final Exam Answers