Ayda Test 1

Question 1

where can you configure firewalls?

Answer 1

device
virtual appliance
software component of an OS
software component on a network device (eg router)

Question 2

A firewall Permits desirable traffic to be transported between what?

Answer 2

untrusted network/host to a trusted network/host

Question 3

What does a firewall execute to permit and/or prevent network traffic?

Answer 3

it executes rules

Question 4

A firewall prevents ______ ________ from being transported from an untrusted network/host to a trusted network/host

Answer 4

harmful traffic

Question 5

Stateless Packet filtering filters which layers of traffic?

Answer 5

Layer 3 protocols (standard)

Layer 3 and layer 4 protocols (extended)

Question 6

Stateless packet filtering can filter which two ports?

Answer 6

Can filter UDP and TCP ports?

Question 7

Firewall Rules may control traffic based on/ applied that what?

Answer 7

Interface
Direction-inbound/outbound
IP addresses
Port addresses

Question 8

What are potential issues with firewall rules?

Answer 8

Erroneous rule configuration
Non-removal of stale rules
Excessively permissive
Excessively restrictive

Question 9

Determine placement of firewall(s) to ______ networks and hosts of different trust levels. Include physical security

Answer 9

segregate

Question 10

Packet Filtering Firewall Fundamental rules govern traffic transport based on what?

Answer 10

Permit or deny
Source and/or destination IP address
Source and/or destination ports
Layer 4 protocol
Direction (inbound/outbound)

Question 11

On Cisco devices Packet Filtering is Implemented as _______ _______ ________

Answer 11

Access Control Entries (ACEs)

Question 12

AccessAccess Control Entries (ACEs) are implemented within _________ ____________ ________

Answer 12

Access Control Lists (ACLs)

Question 13

Standard ACLs inspects only source _______ _______

Answer 13

Standard inspects only source IP address

Question 14

Extended ACLs inspects ______ and _______ L3 and L4 addresses plus L4 protocols

Answer 14

source and destination

Question 15

Packet Filtering Rules are processed in order from ????

Answer 15

top to bottom

Question 16

Access lists are attached to whatt?

Answer 16

interfaces

Question 17

To reduce the load on the firewall inbound rules process prior to what?

Answer 17

routing processes

Question 18

Outbound rules are processed after what?

Answer 18

after routing process

Question 19

Can often simplify multiple inbound ACLs by

Answer 19

a single outbound ACL

Question 20

NAT translates L3 addreses between?

Answer 20

interfaces

Question 21

Changes source IP on _______ packets and destination IP on _____ packets

Answer 21

Changes source IP on outbound packets and destination IP on inbound packets

Question 22

What are the three types of NAT?

Answer 22

• Static
• dynamic
• Overloading (Port address translation)

Question 23

What type of NAT manually maps a private IP to public?

Answer 23

Static Nat

Question 24

What type of NAT Automatically map private IP to public IP? Typically using a pool of available ip addresses.

Answer 24

Dynamic NAT

Question 25

What type of NAT automatically map many private IPs to one public IP?

Answer 25

Overloading | PAT

Uses ports to track individuals from many

Question 26

Inside local addresses are?

Answer 26

Actual IP address assigned to an inside host

Typically private

Question 27

Inside global addresses are?

Answer 27

Outside view IP address of inside host after translation

Typically address of router connected to ISP

Question 28

Outside local addresses are?

Answer 28

Inside view IP address of outside host after translation Only when NAT from outside to inside

Question 29

Outside global addressed are?

Answer 29

Actual IP address assigned to outside host

Question 30

NAT processed from inside to outside or vice versa

How do you configure the interfaces?

Answer 30

inside or outside
ed: ip nat inside
ip nat outside

Question 31

Interfaces have security levels which reduce need for?

Answer 31

ACLs

Question 32

Zone based firewall is contextual firewall allowing logical application of security policy through groups of ?

Answer 32

interfaces

Question 33

Zone based firewall features?

Answer 33

Application inspection (not new but easier to configure)
URL filtering
Transparent firewall (bridged rather than routed)
Supports Virtual Routing and Forwarding (VRF)

Question 34

A Zone is object consisting of one or more?

Answer 34

interfaces

May be physical or virtual

Question 35

Traffic between zones are _______ by default

Answer 35

blocked

Question 36

Zones are easily modified by adding/removing?

Answer 36

interfaces

Question 37

A ______ ______ is an object consisting of two or more zones

Answer 37

Zone pair

Question 38

What are the steps in creating zone based firewall?

Answer 38

Create zones
Map interfaces to zones
Create zone pairs
Create class maps
Create policy maps
Apply policy maps to zone pairs with service policies

Question 39

What is ASA?

Answer 39

Adaptive Security Appliance

Question 40

What command is used to see real live NAT translation occurring on the router?
show ip nat translation
debug ip nat
clear ip nat translations *
show ip nat statistics

Answer 40

debug ip nat

Question 41

What command is used to clear all translations on the router?
show ip nat translation
debug ip nat
clear ip nat translations *
show ip nat statistics

Answer 41

clear ip nat translations *

Question 42

What command is used to show the summary of NAT configuration?
show ip nat translation
debug ip nat
clear ip nat translations *
show ip nat statistics

Answer 42

show ip nat statistics