CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

c

b,d,e

b

a,b,d,f

b

b

b,c,d,e,g

a

c

c

What is RFC 2827 filtering?

RFC 2827 filtering ensures that any traffic with a source address that is not part of the organization's public address space is filtered out.

What public services should be available to Internet users?

It is normal practice to allow only those specific ports that are required for a service to function. All other access should be denied. Any attempt to gain access to other public services ports should be logged.

What is the command to implement a Cisco IOS Firewall rule set to an interface?

ip inspect name [in | out]

What technique is used to perform rate limiting within the ISP router?

Rate limiting of traffic in the ISP router can be achieved by the use of committed access rate (CAR) filtering. This technique flags traffic to be rate limited via an ACL. Matched traffic is then rate limited according to the parameters selected in the rate-limit command.

How do you implement RFC 1918 filtering?

To implement RFC 1918 filtering, the following filter rules are defined on an extended IP ACL, which is then applied to the appropriate interface:

access-list 140 deny ip 10.0.0.0 0.255.255.255 any

access-list 140 deny ip 172.16.0.0 0.15.255.255 any

access-list 140 deny ip 192.168.0.0 0.0.255.255 any

How should traffic that is flowing from the internal network to the public services segment be restricted?

Only the traffic that is specifically required to flow to the public services segment should be allowed. All other traffic should be explicitly denied.

How are remote users affected in the small network when the small network is used in a branch configuration?

Under this circumstance, all remote connectivity is normally provided via the corporate headquarters. Consequently, all related configuration for remote user connectivity is removed from the design.

What commands are used to implement IDS services on the PIX Firewall in the small network design?

ip audit name IDSinfo action alarm

ip audit name IDSattack action alarm drop reset

ip audit interface outside IDS

ip audit interface inside IDS

ip audit interface dmz IDS

What is the importance of the isakmp key command?

The isakmp key command defines the preshared key to be used by the specified peer in the command.