CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources]

Greg Bastien; Earl Carter; Christian Degu

نسخه متنی -صفحه : 191/ 123
نمايش فراداده

  • "Do I Know This Already?" Quiz

    The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

    The ten-question quiz, derived from the major sections in the "Foundation Topics" portion of the chapter, helps you determine how to spend your limited study time.

    1.

    What does the Flood Defender feature on the PIX Firewall do?

    1. It prevents the PIX Firewall from being flooded with water.

    2. It protects the inside network from being engulfed by rain.

    3. It protects against SYN flood attacks.

    4. It protects against AAA attacks.

    2.

    Which PIX feature mitigates a DoS attack that uses an incomplete IP datagram?

    1. Floodguard

    2. Incomplete Guard

    3. Fragguard

    4. Mail Guard

    3.

    Which of the following multimedia application(s) is(are) supported by PIX Firewall?

    1. CuSeeMe

    2. NetMeeting

    3. Internet Video Phone

    4. All of the above

    4.

    Which is the default port that PIX inspects for H.323 traffic?

    1. 1628

    2. 1722

    3. 1720

    4. 1408

    5.

    Which of the following describes how the Mail Guard works on the PIX Firewall?

    1. It lets all mail in except for mail described by an access list.

    2. It restricts SMTP requests to seven commands.

    3. It revokes mail messages that contain attacks.

    4. It performs virus checks on each mail message.

    6.

    Which of the following statements about DNS Guard is true?

    1. It is disabled by default.

    2. It allows only a single DNS response for outgoing requests.

    3. It monitors the DNS servers for suspicious activities.

    4. It is enabled by default.

    7.

    Which of the following are PIX Firewall attack mitigation features?

    1. DNS Guard

    2. Floodgate Guard

    3. Mail Guard

    4. Webguard

    8.

    Which command enables the PIX Firewall IDS feature?

    1. ids enable

    2. ip audit

    3. ip ids audit

    4. audit ip ids

    9.

    What is the default action of the PIX IDS feature?

    1. Nothing

    2. Drop

    3. Alarm

    4. Reset

    10.

    What does the reset action do in the PIX Firewall IDS configuration?

    1. Warns the source of the offending packet before it drops the packet

    2. Drops the offending packet and closes the connection if it is part of an active connection with a TCP RST

    3. Waits 2000 offending packets, and then permanently bans the connection to the source host

    4. Reports the incident to the syslog server and waits for more offending packets from the same source to arrive

    The answers to the "Do I Know This Already?" quiz are found in Appendix A, "Answers to the ''''Do I Know This Already?'''' Quizzes and Q&A Sections." The suggested choices for your next step are as follows: