Professional Documents
Culture Documents
source and destination IP addresses, and port numbers and sequencing information associated with a particular session
Final del formulario
inspect
pass
reroute
queue
shape
Final del formulario
a class map that prioritizes traffic that uses HTTP first, followed by SMTP, and then DNS
a class map that denies all traffic that uses the HTTP, SMTP, and DNS protocols
a class map that inspects all traffic that uses the HTTP, SMTP, and DNS protocols
a class map that inspects all traffic, except traffic that uses the HTTP, SMTP, and DNS protocols
Final del formulario
Refer to the exhibit. Based on the SDM screen shown, which two statements describe the effect this zone-based policy firewall has
on traffic? (Choose two.)
HTTP traffic from the in-zone to the out-zone is inspected.
Traffic from the in-zone to the out-zone is denied if the source address is in the 127.0.0.0/8 range.
Traffic from the in-zone to the out-zone is denied if the destination address is in the 10.1.1.0/29 range.
Final del formulario
Refer to the exhibit. If a hacker on the outside network sends an IP packet with source address 172.30.1.50, destination address 10.0.0.3,
port 23, and destination port 2447, what does the Cisco IOS firewall do with the packet?
The packet is forwarded, and an alert is generated.
Refer to the exhibit. In a two-interface CBAC implementation, where should ACLs be applied?
inside interface
outside interface
no interfaces
Final del formulario
system zone
local zone
inside zone
outside zone
Final del formulario
a location centered between traffic destinations and sources to filter as much traffic as possible
if using the established keyword, a location close to the destination to ensure that return traffic is allowed
Final del formulario
packets with source IP addresses outside of the organization's network address space
packets with destination IP addresses outside of the organization's network address space
Final del formulario
A stateful firewall can filter application layer information, while a packet-filtering firewall cannot filter beyond the network layer.
A packet-filtering firewall typically can filter up to the transport layer, while a stateful firewall can filter up to the session layer.
A packet-filtering firewall uses session layer information to track the state of a connection, while a stateful firewall uses application
information to track the state of a connection.
Final del formulario
autonomous switching
process switching
optimum switching
Final del formulario
an interface
a zone
a zone pair
Final del formulario
broadcast packet
multicast packet
router-generated packet
Final del formulario
A packet-filtering firewall expands the number of IP addresses available and hides network addressing design.
An application gateway firewall (proxy firewall) is typically implemented on a router to filter Layer 3 and Layer 4 information.
A stateful firewall monitors the state of connections, whether the connection is in an initiation, data transfer, or termination state.
Final del formulario
evaluate
drop
analyze
pass
forward
Final del formulario
18 Principio del formulario
Which two are characteristics of ACLs? (Choose two.)
Extended ACLs can filter on destination TCP and UDP ports.
Standard ACLs can filter on source and destination TCP and UDP ports.
Final del formulario
Refer to the exhibit. The ACL statement is the only one explicitly configured on the router. Based on this information, which two conclusi
be drawn regarding remote access network connections? (Choose two.)
SSH connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are allowed.
Telnet connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are allowed.
SSH connections from the 192.168.2.0/24 network to the 192.168.1.0/24 network are allowed.
Telnet connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are blocked.
SSH connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are blocked.
Telnet connections from the 192.168.2.0/24 network to the 192.168.1.0/24 network are allowed.
Final del formulario
The internal interface ACL is reconfigured to allow the host IP address access to the Internet.
The entry remains in the state table after the session is terminated so that it can be reused by the host.
When traffic returns from its destination, it is reinspected, and a new entry is added to the state table.
Final del formulario
protocol ID
sequence number
destination port