Implementing Cisco IOS Zone-Based Firewalls

Question 1

Which zone is implied by default and does not need to be manually created?

Answer 1

Self

Question 2

If interface number 1 is in zone A, and interface number 2 is in zone B, and there are no policy or service commands applied yet to the configuration, what is the status of transit traffic that is being routed between these two interfaces?

Answer 2

Denied

Question 3

When creating a specific zone pair and applying a policy to it, the policy is being implemented on initial traffic in how many directions?

Answer 3

1

Question 4

What is the default policy between an administratively created zone and the self zone?

Answer 4

Permit

Question 5

What is one of the added configuration elements that the Advanced security setting has in the ZBF Wizard that is not included in the Low security setting?

Answer 5

Filtering on peer-to-peer networking applications

Question 6

Why is it that the return traffic, from previously inspected sessions, is allowed back to the user, in spite of not having a zone pair explicitly configured that matches on the return traffic?

Answer 6

Stateful entries (from the initial flow) are matched, which dynamically allows return traffic

Question 7

What does the keyword OVERLOAD imply in a NAT configuration?

Answer 7

PAT is being used

Question 8

What command shows the current NAT translations on the router?

Answer 8

show ip nat translations