Anthony Schulmeister
Quiz por , criado more than 1 year ago

CCNA Security HW 3 & 4 (also exam review) Professor Shirong Du University of Akron

2258
0
0
Anthony Schulmeister
Criado por Anthony Schulmeister mais de 8 anos atrás
Avalie este recurso clicando nas estrelas abaixo:
1 2 3 4 5 (0)
Classificação (0)
0
0
0
0
0

0 comentários

There are no comments, be the first and leave one below:

Fechar

CCNA Security HW 3 & 4 (also exam review)

Questão 2 de 16 Questão 1 de 16

1

Which statement describes a stateful firewall?

Selecione uma das seguintes:

  • It can only filter packets based on limited Layer 3 and 4 information.

  • It can determine if the connection is in the initiation, data transfer, or termination phase.

  • It can expand the number of IP addresses available and can hide network addressing design.

  • It can filter packets based on information at Layers 3, 4, 5 and 7 of the OSI reference model.

Explicação

Questão 13 de 16 Questão 2 de 16

1

What are two characteristics of ACLs? (Choose two.)

Selecione uma ou mais das seguintes:

  • Extended ACLs can filter on destination TCP and UDP ports.

  • Extended ACLs can filter on source and destination IP addresses.

  • Standard ACLs can filter on source TCP and UDP ports.

  • Standard ACLs can filter on source and destination TCP and UDP ports.

  • Standard ACLs can filter on source and destination IP addresses.

Explicação

Questão 7 de 16 Questão 3 de 16

1

In general which ICMP message type should be stopped inbound?

Selecione uma das seguintes:

  • echo-reply

  • source quench

  • unreachable

  • echo

Explicação

Questão 8 de 16 Questão 4 de 16

1

Which two types of addresses should be denied inbound on a router interface that attaches to the Internet? (Choose two.)

Selecione uma ou mais das seguintes:

  • public IP addresses

  • any IP address that starts with the number 127

  • private IP addresses

  • NAT translated IP addresses

  • any IP address that starts with the number 1

Explicação

Questão 10 de 16 Questão 5 de 16

1

Where is the firewall policy applied when using Classic Firewall?

Selecione uma das seguintes:

  • security zones

  • interfaces

  • multiple zones

  • self zone

Explicação

Questão 3 de 16 Questão 6 de 16

1

Consider the following access list command applied outbound on a router serial interface:
access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo reply
What is the effect of applying this access list command?

Selecione uma das seguintes:

  • Users on the 192.168.10.0/24 network are not allowed to transmit traffic to any other destination.

  • No traffic will be allowed outbound on the serial interface.

  • The only traffic denied is echo-replies sourced from the 192.168.10.0/24 network. All other traffic is allowed.

  • The only traffic denied is ICMP-based traffic. All other traffic is allowed.

Explicação

Questão 9 de 16 Questão 7 de 16

1

What is the result in the self zone if a router is the source or destination of traffic?

Selecione uma das seguintes:

  • Only traffic that is destined for the router is permitted.

  • No traffic is permitted.

  • All traffic is permitted.

  • Only traffic that originates in the router is permitted.

Explicação

Questão 11 de 16 Questão 8 de 16

1

Consider the configured access list.
R1# show access-lists
extended IP access list 100
deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet
deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet
permit ip any any (15 matches)
What are two characteristics of this access list? (Choose two.)

Selecione uma ou mais das seguintes:

  • Any device can telnet to the 10.1.2.1 device.

  • The 10.1.2.1 device is not allowed to telnet to the 10.1.2.2 device.

  • A network administrator would not be able to tell if the access list has been applied to an interface or not.

  • The access list has been applied to an interface.

  • Any device on the 10.1.1.0/24 network (except the 10.1.1.2 device) can telnet to the router that has the IP address 10.1.1.1 assigned.

  • Only the 10.1.1.2 device can telnet to the router that has the 10.1.1.1 IP address assigned.

Explicação

Questão 15 de 16 Questão 9 de 16

1

Refer to the exhibit. If a hacker on the outside network sends an IP packet with source address 172.30.1.50, destination address 10.0.0.3, source port 23, and destination port 2447, what does the Cisco IOS firewall do with the packet?

Selecione uma das seguintes:

  • The initial packet is dropped, but subsequent packets are forwarded.

  • The packet is dropped.

  • The packet is forwarded, and an alert is generated.

  • The packet is forwarded, and no alert is generated.

Explicação

Questão 5 de 16 Questão 10 de 16

1

Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?

Selecione uma das seguintes:

  • ipv6 access-class ENG_ACL in

  • ipv6 traffic-filter ENG_ACL out

  • ipv6 access-class ENG_ACL out

  • ipv6 traffic-filter ENG_ACL in

Explicação

Questão 16 de 16 Questão 11 de 16

1

Refer to the exhibit. Which statement describes the function of the ACEs?

Selecione uma das seguintes:

  • These ACEs allow for IPv6 neighbor discovery traffic.

  • These ACEs must be manually added to the end of every IPv6 ACL to allow IPv6 routing to occur.

  • These ACEs automatically appear at the end of every IPv6 ACL to allow IPv6 routing to occur.

  • These are optional ACEs that can be added to the end of an IPv6 ACL to allow ICMP messages that are defined in object groups named nd-na and nd-ns.

Explicação

Questão 1 de 16 Questão 12 de 16

1

A router has been configured as a classic firewall and an inbound ACL applied to the external interface. Which action does the router take after inbound-to-outbound traffic is inspected and a new entry is created in the state table?

Selecione uma das seguintes:

  • The entry remains in the state table after the session is terminated so that it can be reused by the host.

  • A dynamic ACL entry is added to the external interface in the inbound direction.

  • When traffic returns from its destination, it is reinspected, and a new entry is added to the state table.

  • The internal interface ACL is reconfigured to allow the host IP address access to the Internet.

Explicação

Questão 4 de 16 Questão 13 de 16

1

If the provided statements are in the same ACL, which statement should be listed first in the ACL according to best practice?

Selecione uma das seguintes:

  • permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap

  • permit udp any any range 10000 20000

  • deny tcp any any eq telnet

  • permit tcp 172.16.0.0 0.0.3.255 any established

  • permit ip any any

  • deny udp any host 172.16.1.5 eq snmptrap

Explicação

Questão 12 de 16 Questão 14 de 16

1

Which command will verify a Zone-Based Policy Firewall configuration?

Selecione uma das seguintes:

  • show zones

  • show protocols

  • show running-config

  • show interfaces

Explicação

Questão 6 de 16 Questão 15 de 16

1

Refer to the exhibit. The network "A" contains multiple corporate servers that are accessed by hosts from the Internet for information about the corporation. What term is used to describe the network marked as "A"?

Selecione uma das seguintes:

  • internal network

  • perimeter security boundary

  • untrusted network

  • DMZ

Explicação

Questão 14 de 16 Questão 16 de 16

1

When a Cisco IOS Zone-Based Policy Firewall is being configured, which two options can be configured to a traffic class? (Choose two of the best.)

Selecione uma ou mais das seguintes:

  • forward

  • log

  • hold

  • drop

  • copy

  • inspect

Explicação

Anterior
Verificar resposta
Próximo