Securing Cisco Perimeter Routers Questions and Answers

1. 

True or False. In the screened subnet architecture network model, the inside network is everything from the perimeter router in to the corporate network.

1. True

2. False

2. 

Which one of the following is considered the trusted network?

1. Inside

2. Outside

3. Dirty DMZ

4. Protected DMZ

3. 

Which of the following would not be a function of a perimeter router in a screened subnet architecture network?

1. Providing a serial connection to the outside world

2. Providing any filtering of outside traffic

3. Providing LAN routing

4. Implementing basic security for the dirty DMZ

4. 

True or False. CDP facilitates a secure environment on a perimeter router.

1. True

2. False

5. 

Which one is not true about IP directed broadcast?

1. It’s a datagram sent to the subnet broadcast addresIt’s routed through the network as a unicast packet.

2. Only the router directly connected to the target subnet can positively identify iIt can be blocked by a smurf defens

6. 

True or False. Filtering incoming ICMP redirects on a perimeter router should never cause any problems.

1. True

2. False

7. 

Which two of the following reduces spoofing attacks?

1. RFC 2827 filtering

2. Weighted fair queuing

3. RFC 1918 filtering

4. Routing protocol authentication

8. 

Which of the following is most like the TCP established option?

1. Dynamic ACL

2. Lock and key

3. Reflexive ACL

4. Finger ACL

9. 

In NAT terminology, what’s the IP address of a network member computer?

1. Inside local

2. Outside local

3. Inside global

4. Outside global

10. 

Which statement is not true about Network Address Translation (NAT)?

1. It’s a mechanism that allows private addresses to be translated to use the InterneIt can be configured both static and dynamic on the same routeIt provides good security by hiding internal IP addresses.

2. It reduces the cost of IP addresse

11. 

True or False. Static NAT entries appear in the translation table the first time they’re used.

1. True

2. False

12. 

Which command shows the NAT table?

1. show ip nat statistics

2. show run

3. show ip nat translations

4. show ip nat table

13. 

What one word changes dynamic NAT to PAT?

1. PAT

2. Overflow

3. Overload

4. Rotary

14. 

Which command sets the idle timeout for a dynamic (lock-and-key) access list?

1. access-list 101 dynamic temp-in timeout 30 permit ip any any

2. ip dynamic-list timeout 30

3. autocommand access-enable host timeout 30

4. ip reflexive-list timeout 30

15. 

Which statement is true about reflexive access lists?

1. They create temporary holes into the network security, based on a successful Telnet authenticatioThey only work with TCP traffiThey create temporary holes in the network security–based specific outbound traffiThey rely on named standard access list