CCSP SECUR FAQ : The Cisco IOS Firewall

CCSP SECUR FAQ : The Cisco IOS Firewall

Q1. The Cisco IOS firewall feature set is usually configured on a what?
A. Firewall
B. PIX
C. Router
D. Switch

Answer: C

Q2. Which of the following places would be the appropriate position to place your IOS firewall?
A. Between subnetworks.
B. Between the internal network and an external network such as the Internet.
C. There is no appropriate place.
D. Only on the DMZ network.

Answer: A, B

Q3. What are firewalls?
A. Firewalls are devices that prevent access to your network.

B. Firewalls are devices that permit access to your network for everyone.

C. Firewalls are networking devices that control access to your organization’s network assets.

D. None of the above.

Answer: C

Q4. Which of the following is not part of the Cisco IOS feature set?
A. Authentication proxy
B. Intrusion detection
C. Cisco PIX
D. CBAC

Answer: C

Q5. Which of the following are the benefits of the Cisco IOS firewall feature set?
A. Reduces spam e-mails
B. Monitors traffic through network perimeters
C. Increases DoS attacks
D. Protects internal networks from unauthorized access

Answer: B, D

Q6. What does port-to-application mapping, otherwise known as PAM, do?

Answer: PAM enables you to customize TCP or UDP port numbers for network services or applications on nonstandard ports.

Q7. What is the command to configure PAM?

Answer: ip port-map appl_name port port_num [list acl_num]

Q8. Name two benefits of the Cisco IOS firewall?

Answer: The Cisco IOS firewall feature set protects internal networks from intrusion, monitors traffic through the perimeter of the network, and enables network commerce via the World Wide Web.

Q9. What are the different ways the IDS feature in the Cisco IOS firewall can be configured to respond to an attack or suspicious activity on the network?

Answer: Send an alarm, drop the packet, or reset the TCP connection.

Q10. What does the IDS feature use to detect and identify patterns of misuse in network traffic?

Answer: The IDS feature identifies 59 of the most common attack signatures to detect patterns of misuse in network traffic.

More Resources

About the author

Scott

Leave a Comment