Question 7
An engineer modifies a data policy for DIA in VPN 67. The location has two Internet-bound circuits. Only the web browsing traffic must be admitted for DIA, without further discrimination about which transport to use.
Here is the existing data policy configuration:
data-policy DIA
vpn-list VPN-67
sequence 10
match
destination-data-prefix-list INTERNAL-NETWORKS
!
!
default-action drop
Which policy configuration sequence meets the requirements?
sequence 5
match
destination-port 80 443
destination-ip 0.0.0.0/0
!
action accept
nat use-vpn 0
sequence 20
match
destination-port 80 443
source-ip 0.0.0.0/0
!
action accept
set
local-tloc-list
color biz-internet
sequence 20
match
destination-port 80 443
destination-ip 0.0.0.0/0
!
action accept
nat use-vpn 0
sequence 5
match
destination-port 80 443
source-ip 0.0.0.0/0
!
action accept
set
local-tloc-list
color biz-internet
Correct answer: C