CCNA SEC Exam 4 Part 2

Ace your homework & exams now with Quizwiz!

Consider the following access list.access-list 100 permit ip host 192.168.10.1 anyaccess-list 100 deny icmp 192.168.10.0 0.0.0.255 any echoaccess-list 100 permit ip any anyWhich two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that has the IP address 192.168.10.254 assigned? (Choose two.)

-Devices on the 192.168.10.0/24 network are not allowed to ping other devices on the 192.168.11.0 network -A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this access list assigned

Which two rules about interfaces are valid when implementing a Zone-Based Policy Firewall? (Choose two.)

-If neither interface is a zone member, then the action is to pass traffic -If both interfaces are members of the same zone, all traffic will be passed

Refer to the exhibit. The ACL statement is the only one explicitly configured on the router. Based on this information, which two conclusions can be drawn regarding remote access network connections?

-Telnet connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are blocked -SSH connections from the 192.168.1.0/24 network to the 192.168.2.0/24 network are allowed

When a Cisco IOS Zone-Based Policy Firewall is being configured via CLI, which step must be taken after zones have been created?

Establish policies between zones

A network administrator is implementing a Classic Firewall and a Zone-Based Firewall concurrently on a router. Which statement best describes this implementation?

The two models cannot be implemented on a single interface

What is the function of the pass action on a Cisco IOS Zone-Based Policy Firewall?

forwarding traffic from one zone to another

If the provided ACEs are in the same ACL, which ACE should be listed first in the ACL according to best practice?

permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap

Which command will verify a Zone-Based Policy Firewall configuration?

show running-config

Which security tool monitors network traffic as it flows into and out of the organization and determines whether packets belong to an existing connection or are from an unauthorized source?

stateful firewall

A company is deploying a new network design in which the border router has three interfaces. Interface Serial0/0/0 connects to the ISP, GigabitEthernet0/0 connects to the DMZ, and GigabitEthernet/01 connects to the internal private network. Which type of traffic would receive the least amount of inspection (have the most freedom of travel)?

traffic that is going from the private network to the DMZ


Related study sets

Chapter 21: The Musculoskeletal System Practice Questions

View Set

Intelligence and Homeland Security Final Study

View Set

Genetics Exam 5/ Comprehensive Final

View Set

Chapter 14: Balancing Agriculture and Conservation

View Set