1. |
The correct answer is C. Answers A and B define types of firewalls. Answer D is incorrect. |
2. |
Answers A, B, and C are correct. Answer D is incorrect because no firewall can eliminate risk. Firewalls mitigate risk. |
3. |
False. Transparent firewalls mitigate the risk of attack by applying rich inspection services from layer 2 through 7 of the OSI model. They are “transparent” in the same way that a LAN switch is transparent to layer 3 devices. |
4. |
Answer A is correct. With version 12.3 of the Cisco IOS, you can insert and delete lines in numbered ACLs, both standard and extended. The other answers are made up and use a mix of existing and nonexistent commands to try to trick you. |
5. |
Answer B is correct. |
6. |
1—F; 2—C; 3—A; 4—D; 5—E; 6—B. |
7. |
The answer is E, All of the above. IP ACLs should also filter local addresses in the 127.0.0.0/8 range. |
8. |
True. Cisco recommends against ICMP echoes because this would be useful for network reconnaissance. ICMP redirects are recommended against because this might allow an attacker to hijack routing as part of a Man-in-the-Middle (MiM) attack. |
9. |
True. ZPF policy maps can take inspect, drop, or pass actions on traffic. The drop and pass actions are analogous to deny and permit actions on an ACL and are not stateful. |
10. |
Answer A is correct. Recall that one of the advantages of ZPF is that the firewall becomes a “deny all” firewall for all traffic that doesn’t have an explicit action that will permit it to pass. |