CCNP Security FAQ : Routing and the Cisco Security Appliance

CCNP Security FAQ : Routing and the Cisco Security Appliance

Q1. Which dynamic routing protocols are supported by the Cisco Security Appliance?
A. RIP
B. OSPF
C. BGP
D. EIGRP

Answer: E

Q2. Which command do you use to configure static routes?
A. interface
B. mroute
C. route
D. static
E. None of these answers are correct

Answer: C

Q3. Which command do you use to configure the PIX Firewall to statically receive a multicast session?
A. igmp forward
B. igmp static
C. multicast static
D. igmp join-group
E. None of these answers are correct

Answer: D

Q4. What type of Ethernet VLAN tagging does the PIX Firewall support?
A. ISL
B. 802.1x
C. 802.1q
D. 802.3
E. None of these answers are correct

Answer: C

Q5. IP multicasting is a technique that
A. Consumes more network bandwidth by sending IP traffic to multiple hosts on the network.

B. Enables the PIX Firewall to communicate with multiple hosts on the network.

C. Sends traffic to specific Class C IP addresses.

D. Sends traffic to specific Class D IP addresses, thus enabling multiple recipients to receive the same traffic stream.

E. None of these answers are correct

Answer: D

Q6. Which of the following is true with respect to Cisco Security Appliance RIP support?
A. RIP routing updates cannot be propagated by a Security Appliance.
B. A Security Appliance can advertise a default route.
C. Authentication is supported only for RIP version 2.
D. RIP version 1 supports classless addressing on a Security Appliance.
E. None of these answers are correct.

Answer: D

Q7. Which Cisco Security Appliance command do you use to create logical interfaces?
A. interface
B. nameif
C. logical
D. static
E. None of these answers are correct

Answer: A

Q8. Which Security Appliance command enables you to configure the security level for logical interfaces?
A. static
B. interface
C. nameif
D. logical
E. None of these answers are correct

Answer: E

Q9. Which OSPF subcommand defines which Type 3 LSA traffic to filter?
A. network
B. area
C. router ospf
D. prefix-list
E. access-list

Answer: D

Q10. PIX Firewall can propagate which types of routes?
A. BGP
B. OSPF
C. RIP
D. Static
E. None of these answers are correct

Answer: B

Q11. What type of Ethernet tagging does the Cisco Security Appliance support?

Answer: The PIX Firewall supports 802.1Q tagging

Q12. Which command do you use to configure logical interfaces?

Answer: You use the interface command to define one or more logical interfaces on a single physical interface.

Q13. What three basic configuration parameters do you need to define for each logical interface?

Answer: For each logical interface, you need to define an interface name, a VLAN ID, a security level, and an IP address.

Q14. What command do you use to define static routes on a PIX Firewall?

Answer: The route command enables you to define static routes on the PIX Firewall or any Security Appliance.

Q15. What is the default route, and what values do you use for the IP address and netmask when creating the default route?

Answer: The default route is a static route that is used when no other route matches the specified destination address. When configuring the default route, you use 0.0.0.0 for both the destination IP address and the network mask.

Q16. The ASA Security Appliance provides functionality for which two routing protocols?

Answer: The Security Appliance provides functionality for both RIP and OSPF. This is true for any Security Appliance.

Q17. Can a Security Appliance propagate RIP routes?

Answer: The Security Appliance only passively listens to RIP routing updates. It cannot propagate this information to other devices. It can, however, advertise a default route for one of its interfaces.

Q18. Which LSAs can the Security Appliance filter, and why is this important?

Answer: OSPF routes are advertised to all the interfaces configured for OSPF. This can send information about private networks to public interfaces. Therefore, you can filter Type 3 LSAs to prevent the public interfaces from receiving information on private networks.

Q19. Which two commands enable you to configure LSA filtering?

Answer: Theprefix-list command defines which advertisements are permitted and which advertisements are not permitted (denied). The area command then applies this prefix list to a specific OSPF area.

Q20. What are the steps involved in setting up OSPF on your Security Appliance?

Answer: To set up OSPF, you must first enable OSPF. Next, you define the Security Appliance interfaces that will run OSPF. Finally, you define the OSPF areas. Optionally, you may need to configure LSA filtering to protect private addresses.

Q21. Can a Security Appliance operate as a fully functional multicast router?

Answer: The PIX Firewall, or any Security Appliance, cannot operate as a fully functional multicast router, but it can operate as a Stub Multicast Router (SMR), in which case, it proxies all IGMP requests to the actual multicast router.

Q22. If you have clients that cannot send IGMP messages, which command do you use to statically configure the Security Appliance to receive messages from a multicast group?

Answer: To statically configure the Security Appliance to join a multicast group, you use the igmp join-group command that is available as a subcommand to the multicast interface command.

Q23. What is the range of addresses for multicast traffic?

Answer: Multicast traffic uses Class D addresses in the range of 224.0.0.0 through 239.255.255.255.

Q24. If the multicast transmission source is protected by the Security Appliance, which command do you use to configure the Security Appliance to allow clients to access it?

Answer: When the multicast traffic is coming from a protected network behind the Security Appliance, you need to use the mroute command to statically configure routes for the multicast traffic to the next hop.

Q25. Which two commands can you use to view the multicast configuration on a PIX 535 Firewall?

Answer: To view the multicast configuration on the PIX Firewall, or any other Security Appliance, you can use the show multicast command to display multicast settings for one or more interfaces. The show igmp command displays information about one or more IGMP groups, and the show mroute command shows the current multicast routes

Q26. Which command enables you to view the routes currently in use on the Security Appliance?

Answer: The show route command enables you to view the routes currently being used by the Security Appliance.

Q27. Which command enables you to pass OSPF routing information between multiple OSPF domains or processes?

Answer: The redistribute ospf command enables you to pass OSPF routes between multiple OSPF processes on your PIX Firewall.

Q28. Why would you run multiple OSPF processes on your Security Appliance?

Answer: When you are using your Security Appliance as an ASBR OSPF router using multiple interfaces, you need to use two OSPF processes if you want to perform address filtering

More Resources

About the author

Scott

Leave a Comment