The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.

1 Which of the following is not true about CBAC?

a. CBAC provides secure per-application access control across network perimeters.

b. CBAC intelligently filters TCP and UDP packets based on application layer protocol session information.

c. The CBAC feature is only available on Cisco switches.

d. CBAC uses state information to create temporary openings in the firewall's ACL to allow return traffic.

2. What is the advantage of using CBAC versus ACLs?

a. CBAC examines and inspects packets at the network, transport, and application layer level, whereas ACLs do not inspect all three levels.

b. CBAC is less complicated to configure than ACLs.

c. CBAC works on hubs.

d. The CBAC memory requirement is less than ACL memory requirements.

3. How does CBAC handle UDP sessions?

a. CBAC cannot build a state table for UDP sessions because UDP is a connectionless protocol.

b. CBAC approximates UDP sessions by examining the information in the packet and determining whether the packet is similar to other UDP packets.

c. CBAC does not inspect UDP packets.

d. CBAC denies suspicious UDP packets randomly.

4. Approximately how much memory per connection does CBAC require?

0 0

Post a comment