The correct answers are C and D .
For D , the session output shows proto=6, which means TCP, and proto_state=01. The study guide explains that for TCP sessions, “the first number (from left to right) is related to the server-side state and is 0 when the session is not subject to any inspection (flow or proxy). … The second digit is the client-side state.” It also shows that value 1 = ESTABLISHED
So proto_state=01 means:
first digit 0 = no inspection
second digit 1 = ESTABLISHED
That confirms the TCP session has been successfully established.
For C , the study guide section “Session for an Authenticated User” states: “Any session for traffic coming from an authenticated user contains the authed flag. Additionally, the username is added to the session information.”
In the exhibit, the session contains user=User1 and an authentication state flag (authd), which indicates the session is associated with an authenticated user.
Why the other options are wrong:
A is wrong because the session did match a firewall policy . The study guide says the session output includes “The ID of the matching policy” In the exhibit, the session shows policy_id=1 , so a firewall policy was matched.
B is wrong because the study guide explains the gwy field as:
first value = gateway to destination
second value = gateway to source The exhibit shows gwy=10.1.0.254/10.1.10.1, so:
gateway to destination = 10.1.0.254
gateway to source = 10.1.10.1
So the verified answers are: C, D .
Submit