Author: Bill Buchanan. Work Schedule Author: Bill Buchanan

  • View
    220

  • Download
    1

Embed Size (px)

Text of Author: Bill Buchanan. Work Schedule Author: Bill Buchanan

  • Slide 1
  • Author: Bill Buchanan
  • Slide 2
  • Work Schedule
  • Slide 3
  • Author: Bill Buchanan
  • Slide 4
  • PIX Certification Questions
  • Slide 5
  • Author: Bill Buchanan The Cisco Secure PIX Firewall Advanced exam (CSPFA 642-521) is one of the exams associated with the Cisco Certified Security Professional and the Cisco Firewall Specialist certifications. Candidates can prepare for this exam by taking the CSPFA v3.2 course. This exam includes simulations and tests a candidate's knowledge and ability to describe, configure, verify and manage the PIX Firewall product family. CCNA or CCDA recertification candidates who pass the 642-521 CSPFA exam will be considered recertified at the CCNA or CCDA level.
  • Slide 6
  • Author: Bill Buchanan 1. What is CA? A. Configured applications B. Cisco authentication C. Certificate authority D. Command approval 1. What is CA? A. Configured applications B. Cisco authentication C. Certificate authority D. Command approval
  • Slide 7
  • Author: Bill Buchanan 2. How many interfaces does the PIX 506 support? A. 4 B. 2 C. 6 D. 3 2. How many interfaces does the PIX 506 support? A. 4 B. 2 C. 6 D. 3
  • Slide 8
  • Author: Bill Buchanan 3. How do you change the activation key on the PIX? A. Reset the PIX B. With the checksum command C. Copy a PIX image to the flash D. The activation key cannot be changed 3. How do you change the activation key on the PIX? A. Reset the PIX B. With the checksum command C. Copy a PIX image to the flash D. The activation key cannot be changed
  • Slide 9
  • Author: Bill Buchanan 4. When configuring ACL to identify traffic that requires encryption, two entries are needed. One for inbound traffic and one for outbound traffic. A. True B. False 4. When configuring ACL to identify traffic that requires encryption, two entries are needed. One for inbound traffic and one for outbound traffic. A. True B. False
  • Slide 10
  • Author: Bill Buchanan 5. What is the different about the PIX privileged access mode as opposed to the privileged access mode of a Cisco IOS router? A. The "?" command does not work on the PIX B. No difference C. Each configuration command is automatically saved to flash D. The ability to view the running configuration from the configuration mode 5. What is the different about the PIX privileged access mode as opposed to the privileged access mode of a Cisco IOS router? A. The "?" command does not work on the PIX B. No difference C. Each configuration command is automatically saved to flash D. The ability to view the running configuration from the configuration mode
  • Slide 11
  • Author: Bill Buchanan 7. What are some application layer protocols that CBAC can inspect? (choose all that apply) A. TFTP B. TCP C. SMTP D. UDP E. HTTP F. FTP 7. What are some application layer protocols that CBAC can inspect? (choose all that apply) A. TFTP B. TCP C. SMTP D. UDP E. HTTP F. FTP
  • Slide 12
  • Author: Bill Buchanan 8. What two commands are needed for inbound access? (choose two) A. Static B. Access-list C. PAT D. NAT 8. What two commands are needed for inbound access? (choose two) A. Static B. Access-list C. PAT D. NAT
  • Slide 13
  • Author: Bill Buchanan 9. In CBAC, what is a state table? A. A table containing access-list information B. A table containing information about the state of CBAC C. A table containing information about the state of the packet's connection D. A table containing routing information 9. In CBAC, what is a state table? A. A table containing access-list information B. A table containing information about the state of CBAC C. A table containing information about the state of the packet's connection D. A table containing routing information
  • Slide 14
  • Author: Bill Buchanan 10. What is required for stateful failover on the PIX 515? (choose all that apply) A. Unrestricted software license B. Cisco failover cable C. Cisco IOS failover feature set D. 2 Ethernet interfaces interconnected 10. What is required for stateful failover on the PIX 515? (choose all that apply) A. Unrestricted software license B. Cisco failover cable C. Cisco IOS failover feature set D. 2 Ethernet interfaces interconnected
  • Slide 15
  • Author: Bill Buchanan 11. What is the purpose of a syslog server? A. To host websites B. To collect system messages C. To maintain current backup configurations D. To maintain URL filtering information 11. What is the purpose of a syslog server? A. To host websites B. To collect system messages C. To maintain current backup configurations D. To maintain URL filtering information
  • Slide 16
  • Author: Bill Buchanan 12. Default "fixup protocol" commands cannot be disabled. A. True B. False 12. Default "fixup protocol" commands cannot be disabled. A. True B. False
  • Slide 17
  • Author: Bill Buchanan 13. What command deletes all authentication proxy entries? A. Clear ip authentication-proxy cache B. Clear ip authentication-proxy cache all C. Clear ip authentication-proxy cache D. Clear authentication-proxy all entries 13. What command deletes all authentication proxy entries? A. Clear ip authentication-proxy cache B. Clear ip authentication-proxy cache all C. Clear ip authentication-proxy cache D. Clear authentication-proxy all entries
  • Slide 18
  • Author: Bill Buchanan 14. At what frequency does the PIX send hello packets to the failover unit? A. 15 seconds B. 60 seconds C. 6 seconds D. 20 seconds 14. At what frequency does the PIX send hello packets to the failover unit? A. 15 seconds B. 60 seconds C. 6 seconds D. 20 seconds
  • Slide 19
  • Author: Bill Buchanan 15. In AAA, what does the method keyword "local" mean? A. That the AAA server is local B. Deny if login request is local C. Use the local database for authentication D. Authenticate if login request is local 15. In AAA, what does the method keyword "local" mean? A. That the AAA server is local B. Deny if login request is local C. Use the local database for authentication D. Authenticate if login request is local
  • Slide 20
  • Author: Bill Buchanan 16. What three types of entries does the PAM table provide? (choose 3) A. User defined B. Internet specific C. Host specific D. System defined. 16. What three types of entries does the PAM table provide? (choose 3) A. User defined B. Internet specific C. Host specific D. System defined.
  • Slide 21
  • Author: Bill Buchanan 17. During IPSec security associations negotiation, if there are multiple transform sets, which one is used? A. Is does not matter B. The first common one C. The first one D. The last one 17. During IPSec security associations negotiation, if there are multiple transform sets, which one is used? A. Is does not matter B. The first common one C. The first one D. The last one
  • Slide 22
  • Author: Bill Buchanan 18. CBAC inspection can only be configured in one direction. A. False B. True 18. CBAC inspection can only be configured in one direction. A. False B. True
  • Slide 23
  • Author: Bill Buchanan 19. How do you identify a syslog server on the PIX? A. logging host 10.1.1.1 B. TFTP server 10.1.1.1 C. syslog-server 10.1.1.1 D. syslog server 10.1.1.1 19. How do you identify a syslog server on the PIX? A. logging host 10.1.1.1 B. TFTP server 10.1.1.1 C. syslog-server 10.1.1.1 D. syslog server 10.1.1.1
  • Slide 24
  • Author: Bill Buchanan 20. In CBAC, where are dynamic access entries added? A. A new access-list is configured for each access entry B. At the beginning of the access-list C. A separate access-list is created for access entries D. At the end of the access-list 20. In CBAC, where are dynamic access entries added? A. A new access-list is configured for each access entry B. At the beginning of the access-list C. A separate access-list is created for access entries D. At the end of the access-list
  • Slide 25
  • Author: Bill Buchanan 21. You establish an IPSec tunnel with a remote peer. You verify by viewing the security associations. You view the security associations two days later and find they are not there. What is the problem? A. This would not happen B. You have used an incorrect command to view the security associations C. Your PIX is not powered up. D. No traffic was identified to be encrypted. 21. You establish an IPSec tunnel with a remote peer. You verify by viewing the security associations. You view the security associations two days later and find they are not there. What is the problem? A. This would not happen B. You have used an incorrect command to view the security associations C. Your PIX is not powered up. D. No traffic was identified to be encrypted.
  • Slide 26
  • Author: Bill Buchanan 22. What is the purpose of the "route 0 0" command? A. To configure a static route B. To enable routing on the PIX C. To configure a default route D. To route between 2 interfaces 22. What is the purpose of the "route 0 0" command? A. To configure a static route B. To enable routing on the PIX C. To configure a default route D. To route between 2 interfaces
  • Slide 27
  • Author: Bill Buchanan 23. What does DDOS stand for? A. Distributed denial of service B. Dedicated Department of Security C. Dead, Denied, Out of Service D. Demand denial of service 23. What does DDOS stand for? A. Distributed denial of service B. Dedicated