1 / 335

Work Schedule

Work Schedule. PIX Certification Questions.

galeno
Télécharger la présentation

Work Schedule

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Work Schedule

  2. PIX Certification Questions

  3. The Cisco Secure PIX Firewall Advanced exam (CSPFA 642-521) is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the CSPFA v3.2 course. This exam includes simulations and tests a candidate's knowledge and ability to describe, configure, verify and manage the PIX Firewall product family. CCNA or CCDA recertification candidates who pass the 642-521 CSPFA exam will be considered recertified at the CCNA or CCDA level.

  4. 1. What is CA? A. Configured applications B. Cisco authentication C. Certificate authority D. Command approval

  5. 2. How many interfaces does the PIX 506 support? A. 4 B. 2 C. 6 D. 3

  6. 3. How do you change the activation key on the PIX? A. Reset the PIX B. With the checksum command C. Copy a PIX image to the flash D. The activation key cannot be changed

  7. 4. When configuring ACL to identify traffic that requires encryption, two entries are needed. One for inbound traffic and one for outbound traffic. A. True B. False

  8. 5. What is the different about the PIX privileged access mode as opposed to the privileged access mode of a Cisco IOS router? A. The "?" command does not work on the PIX B. No difference C. Each configuration command is automatically saved to flash D. The ability to view the running configuration from the configuration mode

  9. 7. What are some application layer protocols that CBAC can inspect? (choose all that apply) A. TFTP B. TCP C. SMTP D. UDP E. HTTP F. FTP

  10. 8. What two commands are needed for inbound access? (choose two) A. Static B. Access-list C. PAT D. NAT

  11. 9. In CBAC, what is a state table? A. A table containing access-list information B. A table containing information about the state of CBAC C. A table containing information about the state of the packet's connection D. A table containing routing information

  12. 10. What is required for stateful failover on the PIX 515? (choose all that apply) A. Unrestricted software license B. Cisco failover cable C. Cisco IOS failover feature set D. 2 Ethernet interfaces interconnected

  13. 11. What is the purpose of a syslog server? A. To host websites B. To collect system messages C. To maintain current backup configurations D. To maintain URL filtering information

  14. 12. Default "fixup protocol" commands cannot be disabled. A. True B. False

  15. 13. What command deletes all authentication proxy entries? A. Clear ip authentication-proxy cache B. Clear ip authentication-proxy cache all C. Clear ip authentication-proxy cache D. Clear authentication-proxy all entries

  16. 14. At what frequency does the PIX send hello packets to the failover unit? A. 15 seconds B. 60 seconds C. 6 seconds D. 20 seconds

  17. 15. In AAA, what does the method keyword "local" mean? A. That the AAA server is local B. Deny if login request is local C. Use the local database for authentication D. Authenticate if login request is local

  18. 16. What three types of entries does the PAM table provide? (choose 3) A. User defined B. Internet specific C. Host specific D. System defined.

  19. 17. During IPSec security associations negotiation, if there are multiple transform sets, which one is used? A. Is does not matter B. The first common one C. The first one D. The last one

  20. 18. CBAC inspection can only be configured in one direction. A. False B. True

  21. 19. How do you identify a syslog server on the PIX? A. logging host 10.1.1.1 B. TFTP server 10.1.1.1 C. syslog-server 10.1.1.1 D. syslog server 10.1.1.1

  22. 20. In CBAC, where are dynamic access entries added? A. A new access-list is configured for each access entry B. At the beginning of the access-list C. A separate access-list is created for access entries D. At the end of the access-list

  23. 21. You establish an IPSec tunnel with a remote peer. You verify by viewing the security associations. You view the security associations two days later and find they are not there. What is the problem? A. This would not happen B. You have used an incorrect command to view the security associations C. Your PIX is not powered up. D. No traffic was identified to be encrypted.

  24. 22. What is the purpose of the "route 0 0" command? A. To configure a static route B. To enable routing on the PIX C. To configure a default route D. To route between 2 interfaces

  25. 23. What does DDOS stand for? A. Distributed denial of service B. Dedicated Department of Security C. Dead, Denied, Out of Service D. Demand denial of service

  26. 24. In CBAC, how are half-open sessions measured? A. Both TCP & UPD half-open sessions are calculated B. Only UDP half-open sessions are calculated C. CBAC does not calculate half-open sessions D. Only TCP half-open sessions are calculated

  27. 25. AAA stands for authentication, authorization, &______________. A. application B. accounting C. access control D. authenticity

  28. 26. A transform set is a combination of ________ _______ & ____________. (choose all that apply) A. access-list B. crypto maps C. security protocols D. algorithms

  29. 27. At what layer of the OSI model does IPSec provide security? A. 4 B. 7 C. 8 D. 3

  30. 28. What is the purpose of the "clear access-list" command? A. Remove an access-list from an interface B. To clear all access-list from the PIX C. To clear all access-list counters D. Invalid command

  31. 29. What are the two licenses supported on the PIX515? A. Unrestricted B. Limited C. Restricted D. Unlimited

  32. 30. How are transform sets selected in manually established security associations? A. Transform sets are not used in manually established security associations B. Manually established security associations only have one transform set C. The first transform set is always used D. The first common transform set is used

  33. 31. Access-list are supported with Radius authorization. A. True. B. False

  34. 32. How do you view active NAT translations? A. show nat-translations B. show ip-nat translations C. show xlate D. show translations

  35. 33. What does IKE Extended authentication provide? A. Authentication of multiple IPSec peers B. Auto-negotiation of IPSec security associations C. User authentication using Radius/TACACS+

  36. 34. What are two purposes of NAT? (choose 2) A. To build routing tables B. To expedite packet inspection C. To connect two separate interfaces D. To conserve non-RFC1918 addresses E. To hide internal servers and workstations real IP addresses from the Internet

  37. 35. Only one IPSec tunnel can exist between two peers. A. False B. True

  38. 36. How many hello packets must be missed before the failover unit will become active? A. 2 B. 3 C. 1 D. 5

  39. 37. What are the two transport layer protocols? (choose 2) A. TCP B. IP C. ICMP D. UDP

  40. 38. How do you configure a PAT address? A. Nat (Outside) 1 1.1.1.1 1.1.1.1 255.255.255.255 B. IP PAT (Outside) 1 1.1.1.1 255.255.255.255 C. PAT (Outside) 1 1.1.1.1 255.255.255.255 D. Global (Outside) 1 1.1.1.1 1.1.1.1 255.255.255.255

  41. 39. How many interfaces does the PIX 515R support? A. 3 B. 4 C. 2 D. 6

  42. 40. What are some advantages of using the PIX firewall over other firewalls such as Microsoft Proxy? (choose all that apply) A. No security problems from running on top of other operating systems B. PIX firewall is plug and play, no configuration required C. PIX inspects on lower layer protocols D. PIX does stateful packet inspections E. One box solution

  43. 41. You decide you need more interfaces for your PIX 515 and you already have the unrestricted license installed. The PIX firewall only shipped with 2 Ethernet interfaces. You install a new Ethernet interface that you ordered from Cisco. After you power the PIX on, you assign an IP address to the interface and configure a NAT & global statement for the new network. But users on the new network are unable to browse the Internet. What else do you need to do? A. Enable the new interface in the configuration B. Add the "conduit permit any any" statement to your configuration C. Nothing. The problem is probably with the clients workstations, not the PIX. D. Add the Cisco client proxy software to each workstation on the new network.

  44. 42. What two concepts are included in data authentication? (choose all that apply) A. Anti replay B. Data origin authentication C. Data integrity. D. Data confidentiality

  45. 43. What is the layer-4 difference between Radius and TACACS+? A. Radius uses TCP & TACACS+ uses UDP B. Radius uses UDP & TACACS+ uses TCP C. TACACS+ uses FTP & Radius uses TFTP D. There is no layer-4 difference between Radius & TACACS+

  46. 44. "Logging timestamp" specifies that syslog messages sent to the syslog server should have a time stamp value on each message. A. True B. False

  47. 45. What does the " crypto access-list" command accomplish? A. There are no such access list B. They block non-encrypted traffic C. They identify crypto map statements D. Identifies which traffic is to be encrypted

  48. 46. What is the purpose of the outbound access-list for a CBAC solution? A. To block all traffic, CBAC will then inspect the traffic and allow legitimate traffic out B. Packets you want inspected by CBAC C. The is no need for an outbound access-list in a CBAC solution D. To identify legitimate inbound traffic from the Internet

More Related