Sim-Ex™ Practice Exams for CCNA Security (210-260) : Practice Questions

Download Sim-Ex™ Practice Exams for CCNA Security

Buy Sim-Ex™ Practice Exams for CCNA Security

Home     Previous     Next

Q7. You are creating a ZBF for securing your DMZ. Which one of the following is NOT a policy map action?

A. Inspect

B. Pass

C. Drop

D. Log

E. Ignore

Correct Answer: E

Explanation:

Inspect - Permit and statefully inspect the traffic. This is used on transit traffic initiated by users who expect to get replies from servers on the other side of the firewall.
Pass - Permits the traffic but does not create an entry in the Stateful database. Traffic that doesn't need a reply. Also in the case of protocols that do not support inspection, this policy could be applied to the zone pair for specific outbound traffic, and be applied to a second zone pair for inbound traffic.
Drop - Deny the packet. Traffic you do not want to allow between the zones where this policy map is applied.
Log - Log the packets. For example, you may want to log information about packets that were dropped because of policy, and then you can add this option.

Home     Previous     Next


Disclaimer: Simulationexams.com is not affiliated with any certification vendor, and Sim-Ex™ Practice Exams are written independently by SimulationExams.com and not affiliated or authorized by respective certification providers. Sim-Ex™ is a trade mark of SimulationExams.com or entity representing Simulationexams.com.CCNA™ is a trademark of Cisco® systems