1

When logging is enabled for an ACL entry, how does the router switch packets filtered by the ACL? topology-based switching autonomous switching process switching optimum switching 2Which two are characteristics of ACLs? (Choose two. !"tended ACLs can filter on destination #C$ and %&$ ports. 'tandard ACLs can filter on source #C$ and %&$ ports. !"tended ACLs can filter on source and destination ($ addresses. 'tandard ACLs can filter on source and destination ($ addresses. 'tandard ACLs can filter on source and destination #C$ and %&$ ports.

)efer to the e"hibit. #he ACL statement is the only one e"plicitly configured on the router. *ased on this information, which two conclusions can be drawn regarding remote access network connections? (Choose two. ''+ connections from the ,-..,/0.,.12.3 network to the ,-..,/0...12.3 network are allowed. #elnet connections from the ,-..,/0.,.12.3 network to the ,-..,/0...12.3 network are allowed. ''+ connections from the ,-..,/0...12.3 network to the ,-..,/0.,.12.3 network are allowed. #elnet connections from the ,-..,/0.,.12.3 network to the ,-..,/0...12.3 network are blocked. ''+ connections from the ,-..,/0.,.12.3 network to the ,-..,/0...12.3 network are blocked. #elnet connections from the ,-..,/0...12.3 network to the ,-..,/0.,.12.3 network are allowed. 4Which location is recommended for e"tended numbered or e"tended named ACLs? a location as close to the destination of traffic as possible a location as close to the source of traffic as possible a location centered between traffic destinations and sources to filter as much traffic as possible if using the established keyword, a location close to the destination to ensure that return traffic is allowed 5 Which statement describes the characteristics of packet-filtering and stateful firewalls as they relate to the 4'( model? *oth stateful and packet-filtering firewalls can filter at the application layer. A stateful firewall can filter application layer information, while a packet-filtering firewall cannot filter beyond the network layer. A packet-filtering firewall typically can filter up to the transport layer, while a stateful firewall can filter up to the session layer. A packet-filtering firewall uses session layer information to track the state of a connection, while a stateful firewall uses application layer information to track the state of a connection. 6Which statement correctly describes a type of filtering firewall? A transparent firewall is typically implemented on a $C or ser5er with firewall software running on it. A packet-filtering firewall e"pands the number of ($ addresses a5ailable and hides network addressing design. An application gateway firewall (pro"y firewall is typically implemented on a router to filter Layer 6 and Layer 3 information. A stateful firewall monitors the state of connections, whether the connection is in an initiation, data transfer, or termination state. 7 7or a stateful firewall, which information is stored in the stateful session flow table? #C$ control header and trailer information associated with a particular session #C$ '89 packets and the associated return AC: packets inside pri5ate ($ address and the translated inside global ($ address

outbound and inbound access rules (ACL entries source and destination ($ addresses, and port numbers and se;uencing information associated with a particular session 8A router has C*AC configured and an inbound ACL applied to the e"ternal interface. Which action does the router take after inbound-to-outbound traffic is inspected and a new entry is created in the state table? A dynamic ACL entry is added to the e"ternal interface in the inbound direction. #he internal interface ACL is reconfigured to allow the host ($ address access to the (nternet. #he entry remains in the state table after the session is terminated so that it can be reused by the host. When traffic returns from its destination, it is reinspected, and a new entry is added to the state table. 9 Which two parameters are tracked by C*AC for #C$ traffic but not for %&$ traffic? (Choose two. source port protocol (& se;uence number destination port '89 and AC: flags 10

)efer to the e"hibit. (f a hacker on the outside network sends an ($ packet with source address ,<..61.,.=1, destination address ,1.1.1.6, source port .6, and destination port .33<, what does the Cisco (4' firewall do with the packet? #he packet is forwarded, and an alert is generated. #he packet is forwarded, and no alert is generated. #he initial packet is dropped, but subse;uent packets are forwarded. #he packet is dropped. 11 Which statement accurately describes Cisco (4' >one-based policy firewall operation? #he pass action works in only one direction. A router interface can belong to multiple >ones. 'er5ice policies are applied in interface configuration mode. )outer management interfaces must be manually assigned to the self >one. 12When configuring a Cisco (4' >one-based policy firewall, which three actions can be applied to a traffic class? (Choose three. drop inspect pass reroute ;ueue

shape 13 Which >one-based policy firewall >one is system-defined and applies to traffic destined for the router or originating from the router? self >one system >one local >one inside >one outside >one 14Which three actions can a Cisco (4' >one-based policy firewall take if configured with Cisco '&?? (Choose three. inspect e5aluate drop analy>e pass forward 15

)efer to the e"hibit. *ased on the '&? screen shown, which statement describes the >one-based firewall component being configured? a class map that inspects all traffic that uses the +##$, (?, $.$, and email protocols a class map that prioriti>es traffic that uses +##$ first, followed by '?#$, and then &9' a class map that denies all traffic that uses the +##$, '?#$, and &9' protocols a class map that inspects all traffic that uses the +##$, '?#$, and &9' protocols a class map that inspects all traffic, e"cept traffic that uses the +##$, '?#$, and &9' protocols 16

)efer to the e"hibit. *ased on the '&? screen shown, which two statements describe the effect this >one-based policy firewall has on traffic? (Choose two. +##$ traffic from the in->one to the out->one is inspected. %nmatched traffic to the router from the out->one is permitted. (C?$ replies from the router to the out->one are denied. #raffic from the in->one to the out->one is denied if the source address is in the ,.<.1.1.120 range. #raffic from the in->one to the out->one is denied if the destination address is in the ,1.,.,.12.- range. 17Which type of packet is unable to be filtered by an outbound ACL? (C?$ packet broadcast packet multicast packet router-generated packet 18 Which type of packets e"iting the network of an organi>ation should be blocked by an ACL? packets that are not encrypted packets that are not translated with 9A# packets with source ($ addresses outside of the organi>ation@s network address space packets with destination ($ addresses outside of the organi>ation@s network address space 19When using Cisco (4' >one-based policy firewall, where is the inspection policy applied? a global ser5ice policy an interface a >one a >one pair 20

)efer to the e"hibit. (n a two-interface C*AC implementation, where should ACLs be applied? inside interface outside interface inside and outside interfaces no interfaces 21What is the first step in configuring a Cisco (4' >one-based policy firewall using the CL(? Create >ones. &efine traffic classes. &efine firewall policies. Assign policy maps to >one pairs. Assign router interfaces to >ones. 22

)efer to the e"hibit. What is represented by the area marked as AAB? &?C internal network perimeter security boundary trusted network

untrusted network 23(n addition to the criteria used by e"tended ACLs, what conditions are used by C*AC to filter traffic? #C$2($ protocol numbers ($ source and destination addresses application layer protocol session information #C$2%&$ source and destination port numbers