CCNP Security 350-701 Dumps PDF

 IOS zone-based firewalls (ZBFW) are a feature that provides stateful firewall policies between groups of interfaces known as zones. A zone is a logical grouping of one or more interfaces that have similar security requirements. A zone can be applied to physical interfaces, subinterfaces, port channels, VLAN interfaces, or tunnel interfaces. However, an interface can be assigned only to one zone, and it cannot be shared between zones. This is because the ZBFW policy is applied between zones, not interfaces, and it controls the bidirectional traffic flow between them. Therefore, an interface can belong to only one zone at a time, and it must be removed from one zone before it can be added to another zone. This ensures that the firewall policy is consistent and unambiguous for each interface.

References :=

Security Configuration Guide: Zone-Based Policy Firewall, Cisco IOS XE Gibraltar 16.12.x, Configuring Zones

Understand the Zone-Based Policy Firewall Design, Zone-Based Policy Overview

IOS Zone Based Firewall Step-by-Step Basic Configuration, Zone Based Firewall Vs CBAC

Posture is a service in Cisco ISE that allows you to check the compliance, also known as posture, of endpoints, before allowing them to connect to your network. A posture agent, such as the AnyConnect ISE Posture Agent or Network Admission Control (NAC) Agent, runs on the endpoint and collects information about the endpoint’s security posture, such as antivirus, antispyware, firewall, and patch status. The posture agent then communicates with the ISE server, which evaluates the posture information against the posture policy and determines the compliance state of the endpoint. Based on the compliance state, the ISE server can grant or deny network access to the endpoint, or apply remediation actions to bring the endpoint into compliance. Posture service is part of the ISE solution for network access control (NAC), which aims to secure the network from unauthorized or compromised endpoints. References:

Cisco Identity Services Engine Administrator Guide, Release 2.2 - Configure Client Posture Policies

Configuring posture services with the Cisco Identity Services Engine - Cisco Community

Cisco Content Hub - Configure Client Posture Policies