Frequent Questions      

 Home > Cisco > CCNA Security > Sample Question 7

    CCNA™ Security (210-260) Practice Questions


Download CCNA™ Security Practice Test

Buy CCNA™ Security Practice Test


Previous      Next

Q7. You are creating a ZBF for securing your DMZ. Which one of the following is NOT a policy map action?

A. Inspect

B. Pass

C. Drop

D. Log

E. Ignore

  Correct Answer: E


Inspect - Permit and statefully inspect the traffic. This is used on transit traffic initiated by users who expect to get replies from servers on the other side of the firewall.
Pass - Permits the traffic but does not create an entry in the Stateful database. Traffic that doesn't need a reply. Also in the case of protocols that do not support inspection, this policy could be applied to the zone pair for specific outbound traffic, and be applied to a second zone pair for inbound traffic.
Drop - Deny the packet. Traffic you do not want to allow between the zones where this policy map is applied.
Log - Log the packets. For example, you may want to log information about packets that were dropped because of policy, and then you can add this option.

Previous      Next

Copyright © 2000-2018 All rights reserved

Website design by

Disclaimer: All Simulation Exams practice tests, study guides and/or material are neither sponsored by, nor endorsed by, nor affiliated with Cisco® Systems or any other company. All trademarks are trademarks of their respective owners and duly  acknowledged. CCNA™, CCENT™, ICND2™, CCNP™, CCIE™ are registered trade marks of Cisco® Systems. The practice tests material is a copyright of and the same is not approved or endorsed by respective certifying bodies. Thank-you for your interest in Simulation Exams. Please see read me file before you download, install, and/or use any software from  For any information or questions regarding this Website, please e-mail webmaster at