300-415 Question #71: Real Exam Question with Answer & Explanation

The correct answer is A: stateful inspection for TCP and UDP. When the "inspect" action is used in a Cisco SD-WAN application-aware firewall, it performs stateful inspection for both TCP and UDP traffic.

Security and Quality of Service

Question

A network administrator is configuring an application-aware firewall between inside zones to an outside zone on a WAN edge router using vManage GUI. What kind of Inspection is performed when the "inspect" action is used?

Options

Astateful inspection for TCP and UDP
Bstateful inspection for TCP and stateless inspection of UDP
CIPS inspection for TCP and-Layer 4 inspection for UDP
DLayer 7 inspection for TCP and Layer 4 inspection for UDP

Explanation

When the "inspect" action is used in a Cisco SD-WAN application-aware firewall, it performs stateful inspection for both TCP and UDP traffic.

Common mistakes.

B. The "inspect" action provides stateful inspection for both TCP and UDP traffic, not stateless inspection for UDP.
C. IPS inspection is a distinct security function, and while Layer 4 inspection for UDP is involved, the term "inspect" refers to comprehensive stateful tracking.
D. While application-aware firewalls can perform Layer 7 inspection for application identification, the "inspect" action itself primarily signifies stateful connection tracking at Layer 4 for both TCP and UDP.

Concept tested. Application-aware firewall inspect action

Reference. https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/ios-xe-17/security-book-xe/application-aware-firewall.html#C_Actions_in_an_Application_Aware_Firewall_Policy_13876.html

Topics

#Firewall#Stateful Inspection#WAN Edge#vManage

Community Discussion

No community discussion yet for this question.

Full 300-415 Practice