Assume the default-policy has not been configured.Given the configuration shown in the exhibit, which two statements about traffic from host_a in the HR zone to host_b in the trust zone are true? (Choose two.)
A.
DNS traffic is denied.
B.
HTTP traffic is denied.
C.
FTP traffic is permitted.
D.
SMTP traffic is permitted.
This is an example of a dickhead test question writer
The “deny” action in the second policy is meant to throw off a cocky test taker who is moving too quickly through the question and chose “D”
0
0
Here in “policy one” http and ftp (explicitly permitted) and all other applications (e.g. DNS, SMTP, TFTP..etc) are denied.
Policy two denies http and smtp, however policy one already allowed http and denied
smtp. In policy one “source address any” and “destination address any” included host_a and host_b, and so, policy two will not be evaluated. So answer A and C are true
DNS will be denied
Http is permitted
FTP is permitted
SMTP will be denied
in this question default policy means that the statement “set default-policy permit-all” is not onfigured.
0
0