CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

"Do I Know This Already?" Quiz

The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The 11-question quiz, derived from the major sections in the "Foundation Topics" portion of the chapter, helps you determine how to spend your limited study time.

1.

What is the best way to authenticate an H.323 connection?

1. Authenticate to the H.323 server

2. Telnet to the H.323 server

3. Virtual Telnet to the PIX Firewall for authentication

4. Virtual HTTP to the Cisco Secure ACS for authentication

2.

What three services are used to authenticate by default in the PIX Firewall?

1. FTP, HTTP, HTTPS

2. FTP, Telnet, SSH

3. Auth-proxy, Local-auth, console

4. FTP, HTTPS, Telnet

5. None of the above

3.

Which options are mandatory in every aaa authentication command on the PIX Firewall? (Select all that apply.)

1. include/exclude

2. inbound/outbound

3. local-ip/mask

4. group-tag

5. acl-name

4.

How do you configure client IP address assignment on the Cisco Secure ACS when using the PIX Firewall as the AAA client?

1. Edit the AAA-client IP address in the System Configuration window.

2. Edit the AAA-client information in the Network Configuration window.

3. Edit the AAA Server information in the Interface Configuration window.

4. Edit the PIX Firewall information in the Network Configuration window.

5. None of the above

5.

Why is it a good idea to rename your groups in Cisco Secure ACS?

1. To get the groups into a hierarchical format

2. To increase the performance of the Cisco Secure ACS

3. To simplify administration of users and groups

4. You cannot rename groups after they have been created.

5. None of the above

6.

You are trying to create downloadable IP ACLs in Cisco Secure ACS, but the option is not available. What are two possible reasons?

1. You are running an older version of Cisco Secure ACS that does not support downloadable ACLs.

2. The PIX Firewall cannot connect to the Cisco Secure ACS.

3. Your authentication protocol is not RADIUS.

4. You do not have User-Level or Group-Level Downloadable ACLs selected in the Interface Configuration window, Advanced Options pane.

7.

Where do you see the logs on the Cisco Secure ACS?

1. Interface Configuration window

2. Reports and Activity window

3. Network Configuration window

4. System Configuration window

8.

You are installing Cisco Secure ACS on your new Windows 2000 Professional, but you cannot get it to load correctly. What is most likely the problem?

1. Cisco Secure ACS requires server software.

2. Your patch level is not up to date.

3. You are running a personal firewall or host-based IDS that is blocking the installation.

4. You do not have administrative privileges on that system.

5. All of the above

9.

True or false: Cisco Secure ACS comes with its own online documentation.

10.

True or false: The show aaa command shows you everything that has to do with your AAA server in its configuration.

11.

What happens to virtual HTTP if you disable timeout uauth absolute?

1. The user cannot authenticate.

2. The user authenticates and never has to reauthenticate because the connection stays open.

3. The user can authenticate but cannot connect to the server.

4. None of the above

The answers to the "Do I Know This Already?" quiz are found in Appendix A, "Answers to the ''''Do I Know This Already?'''' Quizzes and Q&A Sections." The suggested choices for your next step are as follows:

• Foundation Topics," "Foundation Summary," and "Q&A" sections.

• Foundation Summary" section and then go to the "Q&A" section. Otherwise, move to the next chapter.