CiscoCisco
350-701 · Question #8
350-701 Question #8: Real Exam Question with Answer & Explanation
The correct answer is D: An interface can be assigned only to one zone.. In Cisco IOS Zone-Based Firewalls, an interface can be assigned to only one security zone to maintain clear policy enforcement.
Submitted by devops_kid· Mar 30, 2026DOMAIN_LIST_MISSING
Question
Which statement about IOS zone-based firewalls is true?
Options
- AAn unassigned interface can communicate with assigned interfaces
- BOnly one interface can be assigned to a zone.
- CAn interface can be assigned to multiple zones.
- DAn interface can be assigned only to one zone.
Explanation
In Cisco IOS Zone-Based Firewalls, an interface can be assigned to only one security zone to maintain clear policy enforcement.
Common mistakes.
- A. An unassigned interface is implicitly considered to be in a 'null' zone and cannot communicate with an assigned interface unless explicitly configured to do so via zone-to-zone policies, which is not the default behavior.
- B. Multiple interfaces can be assigned to the same zone, for instance, all interfaces connected to an internal LAN segment can be grouped into an 'inside' zone.
- C. Assigning an interface to multiple zones would create ambiguous policy enforcement and is explicitly prevented by the design of IOS Zone-Based Firewalls.
Concept tested. IOS Zone-Based Firewall interface assignment
Topics
#Cisco IOS#Zone-Based Firewall#ZBF interface assignment
Community Discussion
No community discussion yet for this question.