ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-101 All Questions

View all questions & answers for the 300-101 exam
Go to Exam

Exam 300-101 topic 1 question 409 discussion

Actual exam question from Cisco's 300-101
Question #: 409
Topic #: 1
[All 300-101 Questions]

Which option is one way to mitigate symmetric routing on an active/active firewall setup for TCP-based connections?

  • A. Performing packet captures
  • B. Disabling asr-group commands on interfaces that are likely to receive asymmetric traffic
  • C. Replacing them with redundant routers and allowing load balancing
  • D. Disabling stateful TCP checks
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by CraigB83 at Oct. 18, 2020, 11:09 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CraigB83
4 years, 6 months ago
I think the question may have meant to read asymmetric? TCP State Bypass Specifically for TCP-based connections, disabling stateful TCP checks can help mitigate asymmetric routing. When TCP state checks are disabled, the ASA can allow packets in a TCP connection even if the ASA didn't see the entire TCP 3-way handshake. This feature is called TCP State Bypass (introduced in ASA 8.2). https://community.cisco.com/t5/security-documents/asa-asymmetric-routing-troubleshooting-and-mitigation/ta-p/3117045 If it did want to mitigate symmetric then load balancing would be the correct answer.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago