Term
|
Definition
| Cisco's firewall appliances |
|
|
Term
| Connection objects are maintained in what table? |
|
Definition
| stateful session flow table |
|
|
Term
| tcp seq numbers are tracked as part of a connection object? T/F |
|
Definition
|
|
Term
OSFP routing
IDS
VPNs
Failover
VLANs
NAT
SNMP
Cut-thru proxy auth
Packet filtering
EIGRP routing |
|
Definition
| funcitons performed by cisco security appliance |
|
|
Term
| to enforce access control policies between networks |
|
Definition
| Primary purpose of a firewall |
|
|
Term
| Has a lower security level than another interface |
|
Definition
|
|
Term
| The mode that permits one to change config |
|
Definition
|
|
Term
| Has a higher security level than another interface |
|
Definition
|
|
Term
| Maintains security perimiters between networks |
|
Definition
| Adaptive Security Algorithm |
|
|
Term
| Mode that enables one to update an image or perform password recovery |
|
Definition
|
|
Term
| Proprietray OS of a cisco security appliance |
|
Definition
|
|
Term
| Mode accessed by entering the enable password, and uses # prompt |
|
Definition
|
|
Term
| Mode that is obtained by accessing the device and uses > prompt |
|
Definition
|
|
Term
| An interface name that has no automatically assigned securiyt level |
|
Definition
|
|
Term
Interface name that is typically assigned to e0 or fa0
Interface name automatically assigned a security level of 0 |
|
Definition
|
|
Term
Interface name automatically assigned a security level of 100
Int name that is typically assigned to e1 or fa1 |
|
Definition
|
|
Term
| A request initiated by an interface with a security level of 90 to an int with a sec level of 40 |
|
Definition
|
|
Term
| A response to a request from an interface with a security level of 90 to an interface with a security level of 40. (Assume the request was permitted.) |
|
Definition
|
|
Term
| A request initiated by an interface with a security level of 50 to an interface with a security level of 60. |
|
Definition
|
|
Term
| A response to a request from an interface with a security level of 40 to an interface with a security level of 90. (Assume the request was permitted.) |
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| creates name for an interface |
|
|
Term
|
Definition
| sets a security level for an int |
|
|
Term
|
Definition
|
|
Term
|
Definition
| sets which local addresses may use NAT and from which interfaces |
|
|
Term
|
Definition
| sets which global addresses will be used for NAT and on which interfaces |
|
|
Term
|
Definition
| Sets a specific local to global address translation for a dev |
|
|
Term
|
Definition
| sets a specific static IP route |
|
|
Term
|
Definition
|
|
Term
|
Definition
| save running config to startup config |
|
|
Term
| A single response is permitted within a specific timeframe |
|
Definition
| how is a udp request handled as a connection object in a CSA |
|
|
Term
What will happen based on the following NAT statements?
nat-control
global (outside) 1 150.12.16.4 netmask 255.255.255.0
global (dmz) 2 147.16.5.14-147.16.5.20 netmask 255.255.255.0
nat (inside) 1 10.0.0.0 255.255.255.0 |
|
Definition
| The LAN computers can access the Internet, but not the devices on the dmz. |
|
|
Term
| nat (inside) 0 200.100.50.10 255.255.255.0 |
|
Definition
| most correct method to config a server to use same inside and outside address |
|
|
Term
What is the global address for this device after the following command is configured?
static (inside, outside) 200.100.50.10 199.47.41.10 netmask 255.255.255.0 |
|
Definition
|
|
Term
Which of the below best describes what will happen if the following statement is entered on a Cisco security appliance?
route inside 188.31.10.0 255.255.0.0 188.31.10.55 1 |
|
Definition
| Traffic to the 188.31.10.0/24 subnet will be sent to the fa1 interface and addressed to 188.31.10.55. |
|
|
Term
TCP
ICMP
IP broadcast
IP unicast
UDP
IP multicast |
|
Definition
| supported protocols on CSA |
|
|
Term
| Authenticating users prior to permitting their packets to be sent to any other dev's on the internal networks |
|
Definition
| Cut-thru proxy authentication |
|
|
Term
| an advantage to using CSACS and AAA over other authentication servers is? |
|
Definition
| It is the only server that can download ACLs on a per-user or per-group basis |
|
|
Term
| whatis the primary purpose of ACLs on a CSA |
|
Definition
| To override the default security appliance security level policies on any interface |
|
|
Term
|
Definition
| compiled and stored ACL in machine language code to make it faster to use, must be over 19 lines in length |
|
|
Term
| A separate server that tells the firewall whether or not to permit an action based on a URL |
|
Definition
| What is a URL filtering server? |
|
|
Term
| The firewall looks at the application level command to be issued inside the packet payload and decides wheterh or not to permit the packet |
|
Definition
|
|
Term
| Denying which type of ICMP traffic could impact IPSec VPNs? |
|
Definition
|
|
