CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

Answer: d

Answer: c

Answer: b

Answer: b

Answer: d

Answer: b

Answer: a

Answer: a

Answer: b

Answer: e

Answer: TCP is a connection-oriented protocol, and UDP is a connectionless protocol.

Answer: By default, traffic is permitted from the inside (higher security level) to the outside (lower security level) network as long as the appropriate nat/global/static command has been configured.

Answer: False. Multiple connections can take place in a single translation.

Answer: nat and global are required to configure NAT on a Cisco PIX Firewall.

Answer: You can hide approximately 64,000 nodes. This is determined by subtracting the 1024 previously assigned ports from the 65,535 available ports. It is also estimated that that number could be significantly lower because there might be multiple connections occurring behind a single translation.

Answer: An embryonic connection is a half-open TCP session.

Answer: Static translations provide a one-to-one translation from external to internal/ DMZ addresses.

Answer: The PIX Firewall allows multiple outbound queries but allows only a single query response. All responses after the first are dropped.

Answer: False. The command clear xlate is the fastest method of clearing the translation table.

Answer: False. You also need to configure an ACL or conduit allowing the connection.

Answer: The PIX Firewall translates the local address to a global address and randomly generates a new initial TCP sequence number.

Answer: The PIX Firewall changes the local address and source port to a global address and random port, and generates a random initial TCP sequence number.

Answer: False. Each transport protocol has its strengths and weaknesses. UDP is connectionless and has much less overhead than TCP, however TCP is more reliable.

Answer:

- LabPIX(config)# nat (inside) 1 0.0.0.0 0.0.0.0

- LabPIX(config)# nat (inside) 1 0 0

Answer: You would want to configure NAT and PAT for the same inside segment when you have more internal users than addresses in the global pool. If you use only PAT, you limit all of your local addresses to a single global address.

Answer: RFC 1918 defines specific address ranges that are not routable across the Internet. These addresses are reserved for private networks.

Answer: The nat command has an id field so that the PIX Firewall can map a specific nat statement to a global statement.