Which statement describes a factor to be considered when configuring a zone-based policy firewall?
- The classic firewall ip inspect command can coexist with ZPF as long as it is used on interfaces that are in the same security zones.
- The router always filters the traffic between interfaces in the same zone.
- A zone must be configured with the zone security global command before it can be used in the zone-member security command.
- An interface can belong to multiple zones.
Explanation: An interface cannot belong to multiple zones. A firewall never filters traffic between interfaces that have been configured for the same zone. The way that a zone-based policy firewall coexists with a class firewall configuration is that interfaces that are not members of a security zone can still have the classic firewall ip inspect command applied and operational.
Exam with this question: Module 10: Quiz – Zone-Based Firewalls Network Security
Exam with this question: CCNA Security Final Exam (CCNAS v1.2)
Exam with this question: Network Defense: Module 6.4.2 Zone-Based Firewalls Quiz
Please login or Register to submit your answer