nerdexam
Exams300-415Questions#310
Cisco

300-415 · Question #310

300-415 Question #310: Real Exam Question with Answer & Explanation

The correct answer is D: zones. In Cisco SD-WAN firewall policies, zones are the component used for stateful inspection of TCP, UDP, and ICMP flows, defining security boundaries for policy application.

Policies

Question

Which component is used for stateful inspection of TCP, UDP, and ICMP flows in Cisco SD-WAN firewall policies?

Options

  • Asubnets
  • Bsites
  • Cinterfaces
  • Dzones

Explanation

In Cisco SD-WAN firewall policies, zones are the component used for stateful inspection of TCP, UDP, and ICMP flows, defining security boundaries for policy application.

Common mistakes.

  • A. Subnets define IP address ranges, which can be part of a zone, but they are not the component that performs stateful inspection itself.
  • B. Sites represent physical locations; while firewall policies apply across sites, sites are not the granular component for stateful inspection of individual traffic flows.
  • C. Interfaces are endpoints where traffic enters or leaves a device and are assigned to zones, but the stateful inspection logic and policy enforcement are applied at the zone level.

Concept tested. Cisco SD-WAN firewall zones

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/sdwan-security-book/sdwan-firewall.html

Topics

#Firewall Policies#Security Zones#Stateful Inspection#SD-WAN Security

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-415 Practice