CCNA Security HW 3 & 4 (also exam review)

Description

CCNA Security HW 3 & 4 (also exam review) Professor Shirong Du University of Akron
Anthony Schulmeister
Quiz by Anthony Schulmeister, updated more than 1 year ago
Anthony Schulmeister
Created by Anthony Schulmeister over 7 years ago
2200
0

Resource summary

Question 1

Question
Which statement describes a stateful firewall?
Answer
  • It can only filter packets based on limited Layer 3 and 4 information.
  • It can filter packets based on information at Layers 3, 4, 5 and 7 of the OSI reference model.
  • It can expand the number of IP addresses available and can hide network addressing design.
  • It can determine if the connection is in the initiation, data transfer, or termination phase.

Question 2

Question
What are two characteristics of ACLs? (Choose two.)
Answer
  • Extended ACLs can filter on destination TCP and UDP ports.
  • Standard ACLs can filter on source TCP and UDP ports.
  • Extended ACLs can filter on source and destination IP addresses.
  • Standard ACLs can filter on source and destination IP addresses.
  • Standard ACLs can filter on source and destination TCP and UDP ports.

Question 3

Question
In general which ICMP message type should be stopped inbound?
Answer
  • echo
  • echo-reply
  • unreachable
  • source quench

Question 4

Question
Which two types of addresses should be denied inbound on a router interface that attaches to the Internet? (Choose two.)
Answer
  • private IP addresses
  • public IP addresses
  • NAT translated IP addresses
  • any IP address that starts with the number 127
  • any IP address that starts with the number 1

Question 5

Question
Where is the firewall policy applied when using Classic Firewall?
Answer
  • security zones
  • self zone
  • multiple zones
  • interfaces

Question 6

Question
Consider the following access list command applied outbound on a router serial interface: access-list 100 deny icmp 192.168.10.0 0.0.0.255 any echo reply What is the effect of applying this access list command?
Answer
  • The only traffic denied is ICMP-based traffic. All other traffic is allowed.
  • The only traffic denied is echo-replies sourced from the 192.168.10.0/24 network. All other traffic is allowed.
  • Users on the 192.168.10.0/24 network are not allowed to transmit traffic to any other destination.
  • No traffic will be allowed outbound on the serial interface.

Question 7

Question
What is the result in the self zone if a router is the source or destination of traffic?
Answer
  • No traffic is permitted.
  • All traffic is permitted.
  • Only traffic that originates in the router is permitted.
  • Only traffic that is destined for the router is permitted.

Question 8

Question
Consider the configured access list. R1# show access-lists extended IP access list 100 deny tcp host 10.1.1.2 host 10.1.1.1 eq telnet deny tcp host 10.1.2.2 host 10.1.2.1 eq telnet permit ip any any (15 matches) What are two characteristics of this access list? (Choose two.)
Answer
  • The access list has been applied to an interface.
  • A network administrator would not be able to tell if the access list has been applied to an interface or not.
  • The 10.1.2.1 device is not allowed to telnet to the 10.1.2.2 device.
  • Any device on the 10.1.1.0/24 network (except the 10.1.1.2 device) can telnet to the router that has the IP address 10.1.1.1 assigned.
  • Only the 10.1.1.2 device can telnet to the router that has the 10.1.1.1 IP address assigned.
  • Any device can telnet to the 10.1.2.1 device.

Question 9

Question
Refer to the exhibit. If a hacker on the outside network sends an IP packet with source address 172.30.1.50, destination address 10.0.0.3, source port 23, and destination port 2447, what does the Cisco IOS firewall do with the packet?
Answer
  • The packet is forwarded, and an alert is generated.
  • The packet is forwarded, and no alert is generated.
  • The initial packet is dropped, but subsequent packets are forwarded.
  • The packet is dropped.

Question 10

Question
Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?
Answer
  • ipv6 access-class ENG_ACL in
  • ipv6 access-class ENG_ACL out
  • ipv6 traffic-filter ENG_ACL in
  • ipv6 traffic-filter ENG_ACL out

Question 11

Question
Refer to the exhibit. Which statement describes the function of the ACEs?
Answer
  • These ACEs allow for IPv6 neighbor discovery traffic.
  • These ACEs must be manually added to the end of every IPv6 ACL to allow IPv6 routing to occur.
  • These ACEs automatically appear at the end of every IPv6 ACL to allow IPv6 routing to occur.
  • These are optional ACEs that can be added to the end of an IPv6 ACL to allow ICMP messages that are defined in object groups named nd-na and nd-ns.

Question 12

Question
A router has been configured as a classic firewall and an inbound ACL applied to the external interface. Which action does the router take after inbound-to-outbound traffic is inspected and a new entry is created in the state table?
Answer
  • A dynamic ACL entry is added to the external interface in the inbound direction.
  • The internal interface ACL is reconfigured to allow the host IP address access to the Internet.
  • The entry remains in the state table after the session is terminated so that it can be reused by the host.
  • When traffic returns from its destination, it is reinspected, and a new entry is added to the state table.

Question 13

Question
If the provided statements are in the same ACL, which statement should be listed first in the ACL according to best practice?
Answer
  • permit ip any any
  • permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap
  • permit tcp 172.16.0.0 0.0.3.255 any established
  • permit udp any any range 10000 20000
  • deny udp any host 172.16.1.5 eq snmptrap
  • deny tcp any any eq telnet

Question 14

Question
Which command will verify a Zone-Based Policy Firewall configuration?
Answer
  • show interfaces
  • show protocols
  • show zones
  • show running-config

Question 15

Question
Refer to the exhibit. The network "A" contains multiple corporate servers that are accessed by hosts from the Internet for information about the corporation. What term is used to describe the network marked as "A"?
Answer
  • DMZ
  • internal network
  • perimeter security boundary
  • untrusted network

Question 16

Question
When a Cisco IOS Zone-Based Policy Firewall is being configured, which two options can be configured to a traffic class? (Choose two of the best.)
Answer
  • log
  • hold
  • drop
  • inspect
  • copy
  • forward
Show full summary Hide full summary

Similar

CCNA Security 210-260 IINS - Exam 3
Mike M
Hálózat 5
Cougar
Hálózat 10
Cougar
CCNA Security Chapter 4 Exam
d94829 d94829
CH 7 & 8 HW and Exam Review
Anthony Schulmeister
CCNA5 Chapter 3 Exam Practice
Matthew M
CCNA (200 - 301) Official Cert Guide Chapters 1 - 3 (2022)
Scott Jones
CCNA Security 210-260 IINS - Exam 1
Mike M
CCNA Security 210-260 IINS - Exam 2
Mike M
CCNA Part 1
Axiom42