【单选题】在基于区域的策略防火墙配置的哪个步骤中为策略应用标识流量？In

单选题【单选题】在基于区域的策略防火墙配置的哪个步骤中为策略应用标识流量？
In what step of zone-based policy firewall configuration is traffic identified for policy application?

A、定义区域
Defining zones

B、创建策略映射
Creating policy maps

C、将策略映射分配给区域
Assigning policy maps to zones

D、配置类映射
Configuring class maps

查看答案

下载APP答题

由4l***8n提供分享举报纠错

相关试题

单选题【单选题】哪个语句描述在实现基于区域的策略防火墙配置的上下文中控制接口行为的规则之一？
Which statement describes one of the rules that govern interface behavior in the context of implementing a zone-based policy firewall configuration?

A、缺省情况下，允许流量在区域成员接口和任何非区域成员接口之间流动。
By default, traffic is allowed to flow between a zone member interface and any interface that is not a zone member.

B、默认情况下，允许流量在属于同一区域成员的接口之间流动。
By default, traffic is allowed to flow among interfaces that are members of the same zone.

C、管理员可以将接口分配给区域，而不管是否已配置区域。
An administrator can assign interfaces to zones, regardless of whether the zone has been configured.

D、管理员可以将一个接口分配给多个安全区域。
An administrator can assign an interface to multiple security zones.

查看答案

单选题【单选题】哪个语句准确描述了 Cisco IOS 基于区域的策略防火墙操作？
Which statement accurately describes Cisco IOS zone-based policy firewall operation?

A、通过动作仅在一个方向上起作用。
The pass action works in only one direction.

B、必须手动将路由器管理接口分配给自身区域。
Router management interfaces must be manually assigned to the self zone.

C、服务策略在接口配置模式下应用。
Service policies are applied in interface configuration mode.

D、路由器接口可以属于多个区域。
A router interface can belong to multiple zones.

查看答案

单选题【单选题】为基于区域的策略防火墙配置类映射时，使用 match-all 参数时如何应用匹配条件？
When configuring a class map for a zone-based policy firewall, how is the match criteria applied when using the match-all parameter?

A、流量必须与 ACL 单独定义的所有条件匹配
Traffic must match all of the criteria solely defined by ACLs.

B、流量必须至少与一个匹配条件语句匹配。
Traffic must match at least one of the match criteria statements.

C、流量必须与语句中的第一个条件匹配。
Traffic must match the first criteria in the statement.

D、流量必须与语句中指定的所有匹配条件匹配。
Traffic must match all of the match criteria specified in the statement.

查看答案

单选题【单选题】设计 ZPF 需要几个步骤。哪一步涉及定义流量在穿越到网络的另一个区域时受到策略限制的边界？
Designing a ZPF requires several steps. Which step involves defining boundaries where traffic is subjected to policy restrictions as it crosses to another region of the network?

A、在区域之间建立策略
Establish policies between zones

B、设计物理基础结构
Design the physical infrastructure

C、识别区域内的子集并合并流量要求
Identify subsets within zones and merge traffic requirements

D、确定区域
Determine the zones

查看答案

单选题【单选题】在ZPF设计中，什么是自身区域？
In ZPF design, what is described as the self zone?

A、边缘路由器上的出站接口
The outward facing interface on the edge router

B、具有已配置接口的预定义服务器群集
A predefined cluster of servers with configured interfaces

C、路由器本身，包括具有分配了 IP 地址的所有接口
The router itself, including all interfaces with assigned IP addresses

D、具有已配置接口的预定义路由器群集
A predefined cluster of routers with configured interfaces

查看答案

单选题【单选题】哪个语句描述了基于区域的策略防火墙的功能？
Which statement describes a feature of a zone-based policy firewall?

A、通过给定接口的所有流量都受到相同的检查
All traffic through a given interface is subject to the same inspection.

B、它不依赖于 ACL.
It does not depend on ACLs.

C、路由器安全状况是允许流量，除非被显式阻止。
The router security posture is to allow traffic unless explicitly blocked.

D、它使用扁平的非分层数据结构，使其更易于配置和故障排除。
It uses a flat, non-hierarchical data structure making it easier to configure and troubleshoot.

查看答案

单选题【单选题】哪条语句描述了在配置基于区域的策略防火墙时要考虑的因素？
Which statement describes a factor to be considered when configuring a zone-based policy firewall?

A、路由器总是过滤同一区域中接口之间的流量。
The router always filters the traffic between interfaces in the same zone.

B、一个接口可以属于多个区域。
An interface can belong to multiple zones.

C、必须先使用zone security 全局命令配置区域，然后才能在zone-member security命令中使用该区域。
A zone must be configured with the zone security global command before it can be used in the zone-member security command.

D、经典防火墙 ip inspect 命令可以与 ZPF 共存，只要它在位于相同安全区域中的接口上使用即可。
The classic firewall ip inspect command can coexist with ZPF as long as it is used on interfaces that are in the same security zones.

查看答案

单选题【单选题】ZPF 如何处理作为区域成员的接口与不属于任何区域的另一个接口之间的流量？
How does ZPF handle traffic between an interface that is a zone member and another interface that does not belong to any zone?

A、通过
Pass

B、允许
Allow

C、丢弃
Drop

D、检查
Inspect

查看答案