Professional Documents
Culture Documents
CCNA Security Exam Module 4-Last Answer Is Not DMZ
CCNA Security Exam Module 4-Last Answer Is Not DMZ
CCNA Security Exam Module 4-Last Answer Is Not DMZ
Window
Close
Window
Assessment System
4904043
T
o Time
p
o
f
F
Remaining:
o
r
m
B
o
tt
o
m
o
f
F
o
r
m
1 Top of Form
Refer to the exhibit. Based on the SDM screen shown, which statement describes the zone-based firewall
component being configured?
a class map that inspects all traffic that uses the HTTP, IM, P2P, and email protocols
a class map that prioritizes traffic that uses HTTP first, followed by SMTP, and then DNS
a class map that denies all traffic that uses the HTTP, SMTP, and DNS protocols
a class map that inspects all traffic that uses the HTTP, SMTP, and DNS protocols
a class map that inspects all traffic, except traffic that uses the HTTP, SMTP, and DNS protocols
Bottom of Form
2 Top of Form
Which statement accurately describes Cisco IOS zone-based policy firewall operation?
The pass action works in only one direction.
3 Top of Form
What is the first step in configuring a Cisco IOS zone-based policy firewall using the CLI?
Create zones.
4 Top of Form
A router has CBAC configured and an inbound ACL applied to the external interface. Which action does the
router take after inbound-to-outbound traffic is inspected and a new entry is created in the state table?
A dynamic ACL entry is added to the external interface in the inbound direction.
The internal interface ACL is reconfigured to allow the host IP address access to the Internet.
The entry remains in the state table after the session is terminated so that it can be reused by the host.
When traffic returns from its destination, it is reinspected, and a new entry is added to the state table.
Bottom of Form
5 Top of Form
Which statement describes the characteristics of packet-filtering and stateful firewalls as they relate to the OS
model?
Both stateful and packet-filtering firewalls can filter at the application layer.
A stateful firewall can filter application layer information, while a packet-filtering firewall cannot filter
beyond the network layer.
A packet-filtering firewall typically can filter up to the transport layer, while a stateful firewall can filter
to the session layer.
A packet-filtering firewall uses session layer information to track the state of a connection, while a statef
firewall uses application layer information to track the state of a connection.
Bottom of Form
6 Top of Form
Which statement correctly describes a type of filtering firewall?
A transparent firewall is typically implemented on a PC or server with firewall software running on it.
A packet-filtering firewall expands the number of IP addresses available and hides network addressing
design.
An application gateway firewall (proxy firewall) is typically implemented on a router to filter Layer 3 an
Layer 4 information.
A stateful firewall monitors the state of connections, whether the connection is in an initiation, data trans
or termination state.
Bottom of Form
7 Top of Form
For a stateful firewall, which information is stored in the stateful session flow table?
TCP control header and trailer information associated with a particular session
8 Top of Form
Which three actions can a Cisco IOS zone-based policy firewall take if configured with Cisco SDM? (Choos
three.)
inspect
evaluate
drop
analyze
pass
forward
Bottom of Form
9 Top of Form
Refer to the exhibit. The ACL statement is the only one explicitly configured on the router. Based on this
information, which two conclusions can be drawn regarding remote access network connections? (Choose tw
SSH connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are allowed.
Telnet connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are allowed.
SSH connections from the 192.168.2.0/24 network to the 192.168.1.0/24 network are allowed.
Telnet connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are blocked.
SSH connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are blocked.
Telnet connections from the 192.168.2.0/24 network to the 192.168.1.0/24 network are allowed.
Bottom of Form
10 Top of Form
Which type of packet is unable to be filtered by an outbound ACL?
ICMP packet
broadcast packet
multicast packet
router-generated packet
Bottom of Form
11 Top of Form
Refer to the exhibit. In a two-interface CBAC implementation, where should ACLs be applied?
inside interface
outside interface
no interfaces
Bottom of Form
12 Top of Form
When configuring a Cisco IOS zone-based policy firewall, which three actions can be applied to a traffic clas
(Choose three.)
drop
inspect
pass
reroute
queue
shape
Bottom of Form
13 Top of Form
Which two parameters are tracked by CBAC for TCP traffic but not for UDP traffic? (Choose two.)
source port
protocol ID
sequence number
destination port
14 Top of Form
Which location is recommended for extended numbered or extended named ACLs?
a location as close to the destination of traffic as possible
if using the established keyword, a location close to the destination to ensure that return traffic is allowe
Bottom of Form
15 Top of Form
Which two are characteristics of ACLs? (Choose two.)
Extended ACLs can filter on destination TCP and UDP ports.
Standard ACLs can filter on source and destination TCP and UDP ports.
Bottom of Form
Top of Form
Page:
<Pr
Showing 1 of 2 1 Next>
ev
Bottom of Form
Close Window
Assessment System
4933476
T
o Time
p
o
f
F
Remaining:
o
r
m
B
o
tt
o
m
o
f
F
o
r
m
16 Top of Form
Which zone-based policy firewall zone is system-defined and applies to traffic destined for the router or
originating from the router?
self zone
system zone
local zone
inside zone
outside zone
Bottom of Form
17 Top of Form
Refer to the exhibit. Based on the SDM screen shown, which two statements describe the effect this zone-base
policy firewall has on traffic? (Choose two.)
HTTP traffic from the in-zone to the out-zone is inspected.
Traffic from the in-zone to the out-zone is denied if the source address is in the 127.0.0.0/8 range.
Traffic from the in-zone to the out-zone is denied if the destination address is in the 10.1.1.0/29 range.
Bottom of Form
18 Top of Form
Which type of packets exiting the network of an organization should be blocked by an ACL?
packets that are not encrypted
packets with source IP addresses outside of the organization's network address space
packets with destination IP addresses outside of the organization's network address space
Bottom of Form
19 Top of Form
When using Cisco IOS zone-based policy firewall, where is the inspection policy applied?
a global service policy
an interface
a zone
a zone pair
Bottom of Form
20 Top of Form
In addition to the criteria used by extended ACLs, what conditions are used by CBAC to filter traffic?
TCP/IP protocol numbers
21 Top of Form
Refer to the exhibit. If a hacker on the outside network sends an IP packet with source address 172.30.1.50,
destination address 10.0.0.3, source port 23, and destination port 2447, what does the Cisco IOS firewall do w
the packet?
The packet is forwarded, and an alert is generated.
The packet is forwarded, and no alert is generated.
22 Top of Form
When logging is enabled for an ACL entry, how does the router switch packets filtered by the ACL?
topology-based switching
autonomous switching
process switching
optimum switching
Bottom of Form
23 Top of Form
internal network
trusted network
untrusted network
Bottom of Form
Top of Form
2
Showing 2 of 2 <Prev Next>
Page:
Bottom of Form
Close Window
All contents copyright 1992-2010 Cisco Systems, Inc. Privacy Statement and Trademarks.
Top of Form
2
Bottom of Form