CCNP Security FAQ : Firewall Technologies and the Cisco Security Appliance
Q1. True or false: Packet filtering on IOS routers provides security as good as that on the Cisco Security Appliances.
A. True
B. False
Q2. What design features enable Cisco Security Appliances, such as the PIX Firewall, to outperform conventional application firewalls?
A. Adaptive Security Algorithm
B. Super-packet filtering
C. Purpose-built, real-time operating environment
D. Hot standby proxy processing
E. Cut-through proxy support
Q3. True or false: With AAA Authentication disabled, cut-through proxy technology allows users to do anything they want after authenticating at the firewall.
A. True
B. False
Q4. What steps are required to add an ARP entry to a Cisco PIX Firewall if the PIX failed to learn it through other means?
A. Edit the /etc/interfaces/outside/arp.conf file.
B. Use the arp command in global configuration mode.
C. Add the ARP entry using the GUI.
D. Use the set arp command in interface config mode.
Q5. True or false: There is no limit to the number of connections an application proxy firewall can handle.
A. True
B. False
Q6. True or false: The Adaptive Security Algorithm requires a tremendous amount of processing by the firewall. Although the PIX Firewall is not very efficient at processing the ASA, it can handle the task.
A. True
B. False
Q7. True or false: Redundancy allows you to configure two or more PIX Firewalls in a cluster to protect critical systems.
A. True
B. False
Q8. Of the three firewall technologies, which one generates a separate connection on behalf of the requestor and usually operates at the upper layers of the OSI reference model?
A. Stateful inspection
B. Packet filtering
C. High-speed packet filtering
D. Application proxy
E. None of these answers are correct
Q9. Which of the following is not one of the three basic firewall technologies?
A. Stateful inspection
B. Packet filtering
C. High-speed packet filtering
D. Application proxy
E. None of these answers are correct
Q10. Which firewall technology is commonly implemented on a router?
A. Stateful inspection
B. Packet filtering
C. High-speed packet filtering
D. Application proxy
E. None of these answers are correct
Q11. What items does a packet filter look at to determine whether to allow the traffic?
Q12. What are the advantages of the Cisco Security Appliance family of firewalls over competing firewall products?
Q13. How many Security Appliances can you operate in a high-availability cluster?
Q14. What is the ASA, and how does the Cisco Security Appliance use it?
Q15. Why is cut-through proxy more efficient than traditional proxy?
Q16. What are the advantages of a real-time embedded system?
More Resources