Config Router

You are here: Home / Cisco / CCNP Security FAQ : Firewall Technologies and the Cisco Security Appliance

CCNP Security FAQ : Firewall Technologies and the Cisco Security Appliance

by

CCNP Security FAQ : Firewall Technologies and the Cisco Security Appliance

Q1. True or false: Packet filtering on IOS routers provides security as good as that on the Cisco Security Appliances.
A. True
B. False

Answer: A

Q2. What design features enable Cisco Security Appliances, such as the PIX Firewall, to outperform conventional application firewalls?
A. Adaptive Security Algorithm
B. Super-packet filtering
C. Purpose-built, real-time operating environment
D. Hot standby proxy processing
E. Cut-through proxy support

Answer: C

Q3. True or false: With AAA Authentication disabled, cut-through proxy technology allows users to do anything they want after authenticating at the firewall.
A. True
B. False

Answer: B

Q4. What steps are required to add an ARP entry to a Cisco PIX Firewall if the PIX failed to learn it through other means?
A. Edit the /etc/interfaces/outside/arp.conf file.
B. Use the arp command in global configuration mode.
C. Add the ARP entry using the GUI.
D. Use the set arp command in interface config mode.

Answer: B

Q5. True or false: There is no limit to the number of connections an application proxy firewall can handle.
A. True
B. False

Answer: B

Q6. True or false: The Adaptive Security Algorithm requires a tremendous amount of processing by the firewall. Although the PIX Firewall is not very efficient at processing the ASA, it can handle the task.
A. True
B. False

Answer: B

Q7. True or false: Redundancy allows you to configure two or more PIX Firewalls in a cluster to protect critical systems.
A. True
B. False

Answer: B

Q8. Of the three firewall technologies, which one generates a separate connection on behalf of the requestor and usually operates at the upper layers of the OSI reference model?
A. Stateful inspection
B. Packet filtering
C. High-speed packet filtering
D. Application proxy
E. None of these answers are correct

Answer: D

Q9. Which of the following is not one of the three basic firewall technologies?
A. Stateful inspection
B. Packet filtering
C. High-speed packet filtering
D. Application proxy
E. None of these answers are correct

Answer: C

Q10. Which firewall technology is commonly implemented on a router?
A. Stateful inspection
B. Packet filtering
C. High-speed packet filtering
D. Application proxy
E. None of these answers are correct

Answer: D

Q11. What items does a packet filter look at to determine whether to allow the traffic?

Answer: Source address/port, destination address/port, and protocol.

Q12. What are the advantages of the Cisco Security Appliance family of firewalls over competing firewall products?

Answer: The Cisco Security Appliance has a single embedded operating system, the Adaptive Security Algorithm, cut-through proxy, and redundancy.

Q13. How many Security Appliances can you operate in a high-availability cluster?

Answer: The Security Appliance can be configured in a failover configuration consisting of two firewalls.

Q14. What is the ASA, and how does the Cisco Security Appliance use it?

Answer: The Adaptive Security Algorithm is what the Security Appliance uses to perform stateful inspection. The ASA not only tracks the session information in the state table but also randomly generates TCP sequence numbers to ensure that a session cannot be hijacked.

Q15. Why is cut-through proxy more efficient than traditional proxy?

Answer: Cut-through proxy is a feature that the Cisco Security Appliance uses to authenticate and authorize a user during the initial creation of the session. Cut-through proxy uses the ASA to track session information but does not perform any proxy services. This greatly increases the firewall’s performance compared to traditional proxy firewalls.

Q16. What are the advantages of a real-time embedded system?

Answer: The advantages are improved security, functionality, and performance.

More Resources