Access Through the PIX Firewall Questions Answers

1. 

Return traffic from an internal user going out on the Internet requires which of the following?

1. Static address translation

2. Enabling access control entry

3. Authenticated access

4. None of the above

2. 

In assigning a security level to a DMZ interface, which would be the logical choice?

1. 0

2. 1

3. 50

4. 100

3. 

In Cisco terminology, which TCP/IP layer is used in stateful filtering, which is not used in stateless?

1. Data link

2. Network

3. Transport

4. Application

4. 

What is the relationship between translations and connections?

1. They’re synonymous.

2. One translation equals one connection.

3. One connection can support many translations.

4. One translation can support many connections.

5. 

Which one of the following is not true about connections?

1. No packets can pass through a PIX Firewall without a connection and a state table entry.

2. All outbound connections are denied, except those specifically allowed by access control lists.

3. All ICMP packets are denied unless specifically permitted with ACLs or conduits.

4. Any packet dropped for failing to meet one of the rules triggers a syslog message to be sent.

6. 

Which one of the following is easiest for the PIX to monitor the state?

1. UDP

2. TCP

3. ICMP

4. Java

7. 

How many address translations result from the following command?

Pix(config)# static (inside,outside) 10.1.1.32 192.168.2.32 netmask 255.255.255.240

1. 254

2. 32

3. 14

4. 16

8. 

Setting the embryonic connection limit triggers what feature?

1. Static PAT

2. An All Hosts option

3. TCP intercept

4. Static NAT

9. 

The PIX filter command can be used to block which two of the following?

1. Rogue FTP sessions

2. ActiveX objects

3. Bad e-mail commands

4. Java applets

10. 

Which command filters all outbound HTTP connections?

1. pix(config)#filter url 80 0 0 0 0

2. pix#filter url 80 0 0 0 0

3. pix(config-if)#filter url 80 0 0 0 0

4. pix(config)#filter url N2H2 80 0 0 0 0

11. 

In the following syntax, what would be the result of nat_id being 0?

Pix(config)# nat (if_name) nat_id ip_address

1. The ip_address would be reserved for static mapping.

2. The ip_address would be used for PAT translations.

3. The ip_address would not be translated.

4. The ip_address would be dropped from the global pool.

12. 

TurboACL applies to which two of the following?

1. Compiled access lists

2. Short, quick ACLs

3. ACLs with many repeated statements

4. ACLs with at least 19 statements

13. 

Which one of the following is not true about downloadable ACLs?

1. Introduced PIX Firewall version 6.2.

2. Supports TACACS+ servers with Cisco Secure ACS v3.0.

3. Are based on either user or group profile entries.

4. Requires no additional configuration for the firewall once AAA authorization is configured.

14. 

Which one of the following will create an object group?

1. Pix(config)# object-group service dmz_service tcp

2. Pix(config)# object group service dmz_service udp

3. Pix(config)# object-group service dmz_service icmp

4. Pix# object-group service dmz_service icmp

15. 

Which statement is not true?

1. The PIX Firewall is not a router.

2. The PIX Firewall does not forward broadcast or multicast packets.

3. Cisco security strategy considers sending routing protocols across any firewall safe, but unnecessary, because of the route commanD.

4. The PIX interfaces do not support VLAN trunk link