Based on the command output, to which zones can the S0/1/0 interface send traffic? (Select the best answer.)

Last Updated on August 2, 2021 by Admin 3

You issue the show zone security command on a Cisco router and receive the following command output:
RouterA#show zone security
zone self
Description: System defined zone
zone inside
Member Interfaces:
FastEthernet0/0
FastEthernet0/1
zone outside
Member Interfaces:
Serial0/0/0

zone dmz
Member Interfaces:
Serial0/0/1

Based on the command output, to which zones can the S0/1/0 interface send traffic? (Select the best answer.)

  • S0/1/0 can send traffic to the dmz zone.
  • S0/1/0 can send traffic to the outside zone.
  • S0/1/0 can send traffic to the inside zone, but only in response to traffic initiated from the inside zone.
  • S0/1/0 can send traffic to any zone.
  • S0/1/0 cannot send traffic to any configured zones.
Explanation:
In this scenario, the S0/1/0 interface cannot send traffic to any configured zones. S0/1/0 is not a member of any zones, as shown by the following output from the show zone security command:
RouterA#show zone security
zone self
Description: System defined zone
zone inside
Member Interfaces:
FastEthernet0/0
FastEthernet0/1
zone outside
Member Interfaces:
Serial0/0/0

zone dmz
Member Interfaces:
Serial0/0/1

Traffic cannot flow between an interface that does not belong to a security zone and an interface that does belong to a security zone. Therefore, S0/1/0 cannot send traffic to Fa0/0, Fa0/1, S0/0/0, or S0/0/1. However, S0/1/0 can send traffic to S0/1/1 because S0/1/1 is not a member of any security zone.
Even if S0/1/0 were a member of the outside zone, S0/1/0 would not be able to send traffic to the inside zone or dmz zone. When no zone pair exists for a pair of zones, traffic is blocked by default. Traffic is allowed to pass freely between interfaces within the same zone.
If S0/1/0 were a member of the dmz zone, S0/1/0 would be able to send traffic to the inside zone only in response to traffic initiated from the inside zone. RouterA is configured to allow Telnet traffic and traffic sent to 10.2.2.3 from the inside zone to the dmz zone and to allow return traffic from the dmz zone to the inside zone for these sessions.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments