Config Router

You are here: Home / Cisco / CCNP Security FAQ : Getting Started with the Cisco Security Appliance Family of Firewalls

CCNP Security FAQ : Getting Started with the Cisco Security Appliance Family of Firewalls

by

CCNP Security FAQ : Getting Started with the Cisco Security Appliance Family of Firewalls

Q1. Which command tests connectivity?
A. ping
B. nameif
C. ip address
D. write terminal

Answer: A

Q2. Which command saves the configuration you made on the Cisco PIX Firewall?
A. write terminal
B. show start-running config
C. write memory
D. save config

Answer: C

Q3. Which command assigns security levels to interfaces on the PIX Firewall?
A. ip address
B. route
C. security-level
D. secureif

Answer: C

Q4. Which command flushes the ARP cache of the PIX Firewall?
A. flush arp cache
B. no arp cache
C. clear arp
D. You cannot flush the ARP cache

Answer: C

Q5. Which of following configures a message when a firewall administrator enters the enable command?
A. banner motd enter the enable password
B. banner enable enter the enable password
C. banner exec enter the enable password
D. banner login enter the enable password

Answer: C

Q6. Why would you want authentication enabled between the PIX and the NTP server?
A. To ensure that the PIX does synchronize with an unauthorized NTP server
B. To maintain the integrity of the communication
C. To increase the speed of communication
D. To reduce latency

Answer: B

Q7. How do you access the enable mode?
A. Enter the enable command and the enable password.
B. Enter the privilege command and the privilege password.
C. Enter the super-secret password.
D. Enter only the command privilege.

Answer: A

Q8. How do you view the current configuration on your PIX Firewall?
A. show running-config
B. show current
C. write memory
D. save config

Answer: A

Q9. What command enables transparent mode?
A. firewall mode transparent
B. firewall transparent
C. transparent enable
D. no ip firewall standard

Answer: B

Q10. In a DHCP client configuration, what is the command to release and renew the IP address on the outside interface?
A. ipconfig release
B. ip address dhcp outside
C. outside ip renew
D. ip address renew outside

Answer: B

Q11. How do you access privileged mode?

Answer: Enter the enable command and the enable password to access the privileged mode.

Q12. What is the function of the nameif command?

Answer: The nameif command is used to name a PIX Firewall interface.

Q13. Which seven commands produce a basic working configuration for a Cisco Security Appliance?

Answer: The seven commands that are used to create a very basic PIX configuration are nameif, security-level, interface, ip address, nat, global, and route.

Q14. Why is the route command important?

Answer: The route command is important because it instructs the PIX Firewall where to send a packet that arrives at its interfaces.

Q15. What is the command to flush out the Address Resolution Protocol (ARP) cache on a Cisco PIX Firewall?

Answer: clear arp

Q16. What is the syntax to configure a MOTD banner that says, “System shall not be available on 18:00 Monday January 19th for 2 hours due to system maintenance?”

Answer: First, enter the configuration mode on the PIX Firewall. Then, enter the following command: banner motd System shall not be available on 18:00 Monday January 19th for 2 hours due to system maintenance.

Q17. What is the command used to configure PAT on a Cisco Security Appliance?

Answer: The NAT command, nat (if-name) nat-id local-ip [netmask], is used to configure PAT on the Cisco PIX Firewall.

Q18. Which command releases and renews an IP address on the PIX?

Answer: ip address dhcp

Q19. Give at least one reason why it is beneficial to use NTP on the Cisco PIX Firewall.

Answer: You can use NTP on the PIX Firewall (1) for certificate revocation lists (CRL) because it is time stamp sensitive; and (2) because it makes troubleshooting events easier.

Q20. Why would you want to secure the NTP messages between the Cisco PIX Firewall and the NTP server?

Answer: To prevent the Cisco PIX Firewall from synchronizing with unauthorized NTP servers.

Q21. What is the difference between a Security Appliance in transparent mode and a Security Appliance in routed mode?

Answer: Transparent firewalls act like Layer 2 filtering bridges when handling traffic, while standard firewalls act like a Layer 3 routed device.

More Resources