The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.

1. Which of the following technologies is not part of the Cisco IOS Firewall and Advanced Security feature set?

a. VPN service b. Firewall services c. Intrusion prevention d. Advanced routing support e. VoIP

f. None of the above

2. Which features are part of the Cisco IOS Firewall engine?

a. Event logging b. Audit trail c. Redundancy/failover d. Transparency e. Firewall management f. All of the above

3. DoS protection provides all of the following except what?

a. Protection from SYN attacks b. Extended logging features c. Packet injection protection d. Traffic blackholing e. None of the above

4. Real-time alerts sent via syslog include which of the following information?

a. Source b. Destination c. Bytes d. Session e. Source, destination, and session f. All of the above

5. Which of the following are types of PAM support provided by the Cisco IOS Firewall?

a. System-defined support b. Network-specific support c. User-defined support d. Host-specific support e. Unusual support f. All of the above

6 Which of the following ports is not a system-defined PAM entry?

a. H323

c. StreamWorks d. SQLNet e. SSH

f. NetShow

7 If you try to map multiple ports to a PAM service, what will happen?

a. System will generate an error.

b. Old entries for that service will be overwritten.

c. Multiple entries for a service will be allowed.

d. System will be rebooted.

e. Old entries for that service will be overwritten, and multiple entries will be allowed.

8. Mapping port 8080 to Telnet for one host and mapping 8080 to HTTP for another is called what?

a. Host-specific PAM

b. ID-specific PAM

c. Service-specific PAM

d. IP-specific PAM

e. None of the above

9. URL filtering in the Cisco IOS Firewall feature set supports which of the following methods?

a. Global b. User c. Category d. Customized e. Keyword f. All of the above

10. If you want to block all websites with the word illegal in the URL, which kind of filter must you use?












None of the above

The answers to the "Do I Know This Already?" quiz are found in the appendix. The suggested choices for your next step are as follows:

• 8 or less overall score Read the entire chapter. This includes the "Foundation Topics" and "Foundation Summary" sections and the "Q&A" section.

• 9 or 10 overall score If you want more review on these topics, skip to the "Foundation Summary" section and then go to the "Q&A" section. Otherwise, move on to Chapter 13, "Cisco IOS Intrusion Prevention System."


0 0

Post a comment