An engineer is configuring a Cisco ASA and needs to ensure that traffic from the outside interface to a web server on the DMZ is allowed. The inside interface is security level 100 and the DMZ is level 50. The outside interface is level 0. Which statement about the default traffic flow is true?
Trap 1: Traffic from outside to DMZ is allowed implicitly because the ASA…
The ASA does not treat all interfaces equally; security levels govern implicit permissions.
Trap 2: Traffic from outside to DMZ is allowed implicitly because outside…
This contradicts the ASA default behavior; lower to higher is denied.
Trap 3: Traffic from outside to DMZ is allowed implicitly because both are…
Implicitly, only higher-to-lower is allowed; lower-to-higher is denied regardless of other levels.
- A
Traffic from outside to DMZ is allowed implicitly because the ASA inspects all interfaces equally.
Why wrong: The ASA does not treat all interfaces equally; security levels govern implicit permissions.
- B
Traffic from outside to DMZ is denied implicitly because outside level is lower than DMZ level.
Correct. ASA defaults deny traffic from lower to higher security levels.
- C
Traffic from outside to DMZ is allowed implicitly because outside is level 0 and DMZ is level 50.
Why wrong: This contradicts the ASA default behavior; lower to higher is denied.
- D
Traffic from outside to DMZ is allowed implicitly because both are lower than inside.
Why wrong: Implicitly, only higher-to-lower is allowed; lower-to-higher is denied regardless of other levels.