Advanced PIX Firewall Features Questions and answers

1. 

Looking at the following output, what will be the result of the second statement?

Pix(config)# telnet 192.168.1.10 255.255.255.255 inside 
Pix(config)# telnet 192.168.1.47 255.255.255.255 
Pix(config)# telnet 192.168.2.0 255.255.255.0 inside 
Pix(config)# telnet 1.1.1.10 255.255.255.255 outside

1. It will allow Telnetting from the host on the default outside interface.

2. The command will fail because no interface is specified.

3. It will enable Telnet from the host on all nonoutside interfaces.

4. It will enable Telnet from the host only on the interface to that address.

2. 

The Telnet timeout 10 command does what?

1. Gives the firewall a ten-minute break

2. Sets the Telnet idle timer to ten seconds

3. Sets the Telnet idle timer to ten minutes

4. Sets the Telnet session limit to ten minutes

3. 

A group_tag refers to which one of the following?

1. AAA authentication protocol

2. Pool of AAA servers

3. The name of a AAA server

4. A AAA header field

4. 

What does the following AAA command do? Pick the best answer.

Pix(config)# aaa-server radius host 192.168.1.4 4key

1. It assigns server 192.168.1.4 to the default RADIUS group.

2. It creates a new group radius—protocol RADIUS—and assigns server 192.168.1.4 to it.

3. It will fail because no group radius exists.

4. It creates a new group radius—protocol TACACS+—and assigns server 192.168.1.4 to it.

5. 

What command displays the syntax and usage for the aaa authentication, aaa authorization, aaa accounting, and aaa proxy-limit commands in summary form?

1. show aaa

2. show aaa options

3. help aaa

4. show aaa help

6. 

Which of the following statements is not true?

1. The local user database requires only a user name and a password.

2. PIX Firewall v6.2 introduced the local user database command to firewalls.

3. The local user database can be used to authenticate users.

4. The local user database can be used for command authorization.

7. 

What feature does the PIX ASA use to establish and maintain its stateful access control and traffic-monitoring security?

1. Application layer inspection

2. Access control lists

3. ip audit command

4. The Filter command

8. 

With the Fixup Protocol command, what is typically the only variable?

1. Source address

2. Port number or port range

3. Destination address

4. Enable/disable

9. 

The PIX Java and ActiveX filtering is an example of which one of the following?

1. Fixup protocol

2. Attack guards

3. Shunning

4. Flood defender

10. 

Which is not a Voice over IP (VoIP) fixup protocol?

1. H.323

2. Session Initiation Protocol (SIP)

3. Skinny Client Control Protocol (SCCP)

4. Internet Locator Service (ILS)

11. 

What does the FragGuard fragment size 1 command do?

1. Limits fragments to 1 byte

2. Limits fragments to 1 kilobyte

3. Blocks fragmenting

4. Limits fragmentation time to one minute

12. 

Which command specifies an SMTP trap level for logging messages?

1. logging trap

2. logging history

3. logging on

4. logging host

13. 

What two additional security checks are added by the sysopt security fragguard command?

1. Each noninitial IP fragment must be associated with known valid initial IP fragments.

2. All IP fragments are blocked.

3. IP fragments are limited to 100 per second to each internal host.

4. Only RFC 1858 fragmentation protection is allowed.

14. 

Which attack guard uses the firewall route table to look for spoofed addresses?

1. Virtual Reassembly

2. TCP Intercept

3. Unicast Reverse Path Forwarding

4. Flood Defender

15. 

Which command is an example of setting an IDS audit default action?

1. ip audit name Audit.99 info action alarm drop reset

2. ip audit signature 1001 disable

3. ip audit attack action reset

4. ip audit interface outside audit.99