Question 110 of 530 from exam 400-251: CCIE Security written exam

Prev Question Next Question

Question

policy-map type inspect ipv6 IPv6-map match header routing-type range 0 255 drop class-map outside-class match any policy-map outside-policy class outside-class inspect ipv6 IPv6-map service-policy outside-policy interface outside Refer to the exhibit.

@ VPN Client | Propertie

ies for “Test ASA’ =—_

Connection Enty: [Test ASA

ctltontis
cisco

Desctpton

Host: 01.11

Authentication | Trantpot | Backup Severs | DihUp |

© Group Authentication © Mutual Group Authentication

Name: Real

Paseword

Confirm Password

© Cettticate Authentication

Naf O”O”~C

I Send CA Certificate Chain

|) ese User Paso Save Cancel

Given the Cisco ASA configuration above, which commands need to be added in order for the Cisco ASA appliance to deny all IPv6 packets with more than three extension headers?

Answers

A. policy-map type inspect ipv6 IPv6-map match ipv6 header count > 3

B. policy-map outside-policy class outside-class inspect ipv6 header count gt 3

C. class-map outside-class match ipv6 header count greater 3

D. policy-map type inspect ipv6 IPv6-map match header count gt 3

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Prev Question Next Question