In which three cases does the ASA firewall permit inbound HTTP GET requests during normal operations? (Choose three).
A. when matching NAT entries are configured
B. when matching ACL entries are configured
C. when the firewall receives a SYN-ACK packet
D. when the firewall receives a SYN packet
E. when the firewall requires HTTP inspection
F. when the firewall requires strict HTTP inspection
A,B,C are correct answers.
Only a SYN-ACK can be permitted inbound on an ASA in normal (stateful) operation.
SYNs are permitted only if explicitly configured.
A and B seems to be correct. C won’t be correct because FW uses stateful inspection and it would only allow this packet if it is present in ASAs state table. Answer doesn’t mention it.
D also won’t be correct because we don’t know where this packet came from.
It seems there is some info missing in these answers…
I also agree with Sharone,
In option D the firewall receives a SYN, and then? The Firewall can reject or allow, we don’t know.
At least with the SYN-ACK we know that the firewall have allow the first SYN.
The answer should be ABC.
ABC?
What a disapointment. Questions 175 and 191 are absolutely the same, but the answers differ. 🙁