Xtras Flashcards
What does ZBF stand for?
Zone-Based Firewall
What is the purpose of ZBF?
To control traffic between security zones using stateful inspection.
What command defines a new security zone?
zone security [ZONE_NAME]
What command assigns an interface to a zone?
zone-member security [ZONE_NAME]
What is a zone-pair?
A configuration that defines allowed traffic between a source and destination zone.
What command creates a zone-pair?
zone-pair security [PAIR_NAME] source [ZONE1] destination [ZONE2]
What is a class-map used for in ZBF?
To match specific types of traffic like protocols or ports.
What is a policy-map used for in ZBF?
To define actions (inspect, drop, pass) on matched traffic.
What command applies a policy to a zone-pair?
service-policy type inspect [POLICY_NAME]
What action allows return traffic in ZBF?
inspect
What action blocks traffic without logging in ZBF?
drop
What action allows traffic without stateful inspection in ZBF?
pass
Can traffic flow between two zones without a zone-pair?
No, traffic is denied by default.
Is ZBF unidirectional or bidirectional?
Unidirectional, you must configure both directions separately.
What is the default action for traffic between zones with no zone-pair?
Traffic is denied.
What does ACL stand for?
Access Control List
What is the purpose of an ACL?
To control traffic by permitting or denying packets based on criteria.
What is the default behavior at the end of every ACL?
Implicit deny all
Which ACL type filters by source IP only?
Standard ACL
Which ACL type filters by source, destination, and protocol?
Extended ACL
What command applies an ACL to an interface?
ip access-group [ACL_NAME or NUMBER] [in|out]
Where should a standard ACL be placed?
As close to the destination as possible.
Where should an extended ACL be placed?
As close to the source as possible.
What command applies a standard ACL to VTY lines?
access-class [ACL_NAME or NUMBER] in
