What are two benefits offered by a zone-based policy firewall on a Cisco router? (Choose two.)
- Policies are defined exclusively with ACLs.
- Policies are applied to unidirectional traffic between zones.
- Policies provide scalability because they are easy to read and troubleshoot.
- Any interface can be configured with both a ZPF and an IOS Classic Firewall.
- Virtual and physical interfaces are put in different zones to enhance security.
Answers Explanation & Hints:
There are several benefits of a ZPF:
It is not dependent on ACLs.
The router security posture is to block unless explicitly allowed.
Policies are easy to read and troubleshoot. This provides scalability because one policy affects any given traffic, instead of needing multiple ACLs and inspection actions for different types of traffic.
Virtual and physical interfaces can be grouped into zones.
Policies are applied to unidirectional traffic between zones.
Both IOS Classic Firewalls and ZPFs can be enabled concurrently on a Cisco router. However, the models cannot be combined on a single interface.