CCSP Cisco Secure PIX Firewall Advanced Exam Certification Guide, Second Edition [Electronic resources]

Greg Bastien; Earl Carter; Christian Degu

نسخه متنی -صفحه : 191/ 44
نمايش فراداده

  • "Do I Know This Already?" Quiz

    The purpose of the "Do I Know This Already?" quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

    The ten-question quiz, derived from the major sections in the "Foundation Topics" portion of the chapter, helps you determine how to spend your limited study time.

    1.

    By default, how long will an embryonic connection remain open?

    1. 2 minutes

    2. 3600 seconds

    3. 1800 seconds

    4. Unlimited

    5. 30 minutes

    2.

    You have configured two additional DMZ interfaces on your PIX Firewall. How do you prevent nodes on DMZ1 from accessing nodes on DMZ2 without adding rules to the security policy?

    1. Route all traffic for DMZ2 out the outside interface.

    2. Dynamically NAT all DMZ2 nodes to a multicast address.

    3. Assign a higher security level to DMZ2.

    4. All of the above

    3.

    Which of the following is not a method of address translation supported by the PIX Firewall?

    1. Network Address Translation

    2. Socket Address Translation

    3. Port Address Translation

    4. Static Address Translation

    4.

    What happens if you configure two interfaces with the same security level?

    1. Traffic will pass freely between those connected networks.

    2. Traffic will not pass between those interfaces.

    3. Specific ACLs must allow traffic between those interfaces.

    4. The two interfaces will not apply the nat or global commands.

    5.

    When should you run the command clear xlate ?

    1. When updating a conduit on the firewall

    2. When editing the NAT for the inside segment

    3. When adding addresses to the global pool

    4. All of the above

    6.

    How do you define the global addresses used when configuring NAT?

    1. Define a subnet.

    2. Define an address range.

    3. Define individual IP addresses.

    4. You can define only /24 address segments for global addresses.

    5. None of the above

    7.

    How many external IP addresses are required to configure PAT?

    1. A single address

    2. A /24 subnet

    3. A defined address range

    4. Any of the above

    5. None of the above

    8.

    What command shows all active TCP connections on the PIX Firewall?

    1. show conn

    2. show xlate

    3. show connection status

    4. show tcp active

    5. None of the above

    9.

    Why is it difficult to penetrate the PIX Firewall over UDP port 53?

    1. The PIX Firewall allows multiple outbound queries but randomizes the UDP sequence numbers.

    2. The PIX Firewall allows queries to go out to multiple DNS servers but drops all but the first response.

    3. The PIX Firewall allows responses only to outbound DNS queries.

    4. All of the above

    10.

    How many connections can you hide behind a single global address?

    1. 65,536

    2. 255

    3. 17,200

    4. An unlimited number

    5. None of the above

    The answers to the "Do I Know This Already?" quiz are found in Appendix A, "Answers to the ''''''''''''''''Do I Know This Already?'''''''''''''''' Quizzes and Q&A Sections." The suggested choices for your next step are as follows: