Module 3 part 1 Flashcards
Firewalls and ACL
What are the security goals that Firewall protect ?
- Access Control
- Availability
What is firewall ?
- device that monitors and filters traffic
What are the two principles of ACL ?
- sequential processing
- deny all except when explicitly permitted
What are the two types of ACL ?
- standard ACL
- extended ACL
What is the standard ACL format ?
access-list all-number(1-99) (permit/deny) source mask
interface interface-number(E0, S0, S1) #name
ip access-group all-number(1-99) (in/out)
Which TCP/IP layer odes a firewall operate ?
a. physical and above
b. data link layer and above
c. transport and above
d. network and above
e. application
data link and above
what is the most important function of a firewall ?
a. encrypt data
b. redirect traffic
c. filter traffic
d. stop viruses and worms
filter traffic
which one of there cannot be protected by a firewall ?
a. encrypted data
b. backdoor data
c. internal attacks
d. all of the above
all of the above
which of these is a recent addition to firewall technology ?
a. packet filtering
b. circuit level gateway
c. stateful inspection
d. DMZ
stateful inspection
which one of these is a host based firewall ?
a. Cisco PIX
b. NetScreen
c. Zone Alarm
d. Nortel Contivity
zone alarm
What is the rule about port filtering?
a. block all incoming ports
b. block ICMP packets
c. block all unused ports
d. block all non-standard ports.
block all unused ports
What is a bastion host ?
a. Translates addresses between private and public networks
b. Provides layer 3 protection
c. Sets up proxy clients and servers.
d. Defines a demilitarized zone network
Sets up proxy clients and servers.
What is a NAT?
a. Translates IP addresses between private and public networks
b. Translates Ethernet addresses between private and public networks
c. Encrypts firewall addresses
d. All of the above
a. Translates IP addresses between private and public networks
What is deep inspection?
a. Another term for NAT
b. Checking encrypted headers
c. Rejecting packets that are encrypted
d. Checking the data portion of the packet for hidden attacks
d. Checking the data portion of the packet for hidden attacks
Which is one of Cisco’s recent addition to its firewall line of products?
a. Firewall-1
b. Firepower 2100 Series
c. PIX
d. NetGuar
b.Firepower 2100 Series