| A1: | b,c,d |
| A2: | a,c |
| A3: | a,e |
| A4: | c |
| A5: | a,d |
| A6: | a |
| A7: | d |
| A8: | a,d,e |
| A9: | b |
| A10: | b |
| A11: | b,d |
| A12: | b |
| A13: | d |
| A14: | d |
| A15: | b,c,e |
| 1: | What are the four segments used on the PIX Firewall in the medium-sized network design? |
| A1: | Inside Outside Remote access Public services |
| 2: | Name the main components within the medium-sized network design? |
| A2: | ISP router Edge router Cisco IOS Firewall router PIX Firewall NIDS HIDS VPN concentrator Layer 3 switch |
| 3: | What mitigation is performed by the ISP router? |
| A3: | DDoS IP spoofing |
| 4: | How can the Cisco IOS Firewall be used within the medium-sized network design? |
| A4: | If required, a defense-in-depth approach can be adopted within the medium-sized network design. This alternative design incorporates the functionality of the Cisco IOS Firewall and the functionality of the edge router in a single device. |
| 5: | How do you implement RFC 1918 filtering? |
| A5: | To implement RFC 1918 filtering, the following filter rules are defined on an extended IP ACL. This ACL is then applied to the appropriate interface. access-list 140 deny ip 10.0.0.0 0.255.255.255 any access-list 140 deny ip 172.16.0.0 0.15.255.255 any access-list 140 deny ip 192.168.0.0 0.0.255.255 any |
| 6: | Where is a NIDS implemented in the medium-sized network design? |
| A6: | A NIDS is deployed on the following segments: Public services segment PIX inside segment Layer 3 switch Optionally, PIX outside segment |
| 7: | What functionality does the Layer 3 switch provide within the medium-sized network? |
| A7: | VLAN segregation Access filtering |
| 8: | Where is RFC 1918 filtering performed within the medium-sized network? |
| A8: | ISP router Edge router PIX Firewalloutside interface |