| When configured with the "PASS" action, stateful inspection is applied to all traffic passing between the configured zones. | |
| Policies are applied to traffic moving between zones, not between interfaces. | |
| The firewalls can be configured simultaneously on the same interface as classic CBAC using the ip inspect CLI command. | |
| Interface ACLs are applied before zone-based policy firewalls when they are applied outbound. |
| The running Cisco IOS image is encrypted and then automatically backed up to the NVRAM. | |
| When the router boots up, the Cisco IOS image is loaded from a secured FTP location. | |
| The running Cisco IOS image is encrypted and then automatically backed up to a TFTP server. | |
| The Cisco IOS image file is not visible in the output from the show flash command. | |
| The show version command does not show the Cisco IOS image file location. |
| Develop a security policy. | |
| Install a firewall. | |
| Install an intrusion prevention system. | |
| Update servers and user PCs with the latest patches. |