The Q & A questions are designed to help you assess your readiness for the topics covered on the CCIE Security written examination and those topics presented in this chapter. This format helps you assess your retention of the material. A strong understanding of the answers to these questions will help you on the CCIE Security written exam. You can also look over the questions at the beginning of the chapter again for review. As an additional study aid, use the CD-ROM provided with this book to take simulated exams, which draw from a database of over 300 multiple-choice questions—all different from those presented in the book.
Select the best answer. Answers to these questions can be found in Appendix A, "Answers to Quiz Questions."
1 What does the term DMZ refer to?
2 What is the perimeter router's function in a DMZ?
3 What two main transport layer protocols do extended access lists filter traffic through?
4 Which of the following is not a TCP service?
5 Name five UDP services that can be filtered with an extended access-list.
6 What RFC defines NAT?
7 In NAT, what is the inside local address used for?
8 What does the IOS command ip nat inside source list accomplish?
9 What are the four possible NAT translations on a Cisco IOS router?
10 How many connections can be translated with a PIX Firewall for the following RAM configurations: 16 MB, 32MB, or 128MB?
11 When the alias command is applied to a PIX, what does it accomplish?
12 What security features does the Cisco IOS Firewall feature set allow a network administrator to accomplish?
13 What does CBAC stand for?
14 Name the eight possible steps to take when configuring CBAC.
15 What is a virtual private network?
Was this article helpful?