| A1:
| Answer: The ASA is an algorithm used by the PIX Firewall to provide better security than packet filters and better performance than application proxies. |
| A2:
| Answer: The initial TCP sequence numbers for outbound connections are randomly generated by the PIX Firewall to greatly reduce the chances of an inbound TCP session being hijacked. |
| A3:
| Answer: - Source IP and port - Destination IP and port - TCP sequencing information - Additional TCP and UDP flags - A new random TCP sequence number
|
| A4:
| Answer: The session is not authorized by the security policy, the session has ended, or the session has timed out. |
| A5:
| Answer: Initiate an HTTP, FTP, or Telnet session. |
| A6:
| Answer: - Entrust Technologies, Inc.Entrust/PKI 4.0 - Microsoft Corp.Windows 2000 Certificate Server 5.0 - VeriSignOnsite 4.5 - Baltimore TechnologiesUniCERT 3.05
|
| A7:
| Answer: PIX 515E supports up to six 10/100 interfaces. |
| A8:
| Answer: The PIX 515E is the lowest model to support failover. |
| A9:
| Answer: - Command-line interface (CLI) - PIX Device Manager (PDM) - CiscoWorks Management Center for Firewalls (PIX MC)
|
| A10:
| Answer: - It is more secure than packet filtering. - It has greater performance than application proxy. - It can guard against session hijacking. - It is part of the embedded PIX operating system.
|