1. Home
  2. Networking
  3. CCSP Cisco Certified Security Professional Certification

Chapter Review

Chapter Review

This chapter looked at the basic commands and techniques for configuring a PIX Firewall device. These commands make up the six basic commands for initial PIX Firewall configuration.

  • The nameif command

  • The interface command

  • The ip address command

  • The nat command

  • The global command

Network Time Protocol (NTP) is an Internet standard protocol to synchronize network devices and computers, which is accurate to a millisecond. You learned about the Cisco NTP implementation that allows PIX Firewalls to synchronize with an established NTP time server, so events and processes can be coordinated and correlated when system logs are created and other time-specific events occur.

The PIX Firewall syslog message facility is a useful means to view and store troubleshooting messages and to watch for network events, such as attacks and service denials. The logging commands specify how system messaging will be handled and how to work with a Syslog server to provide reliable logging of PIX activities and processes.

You also learned how having the option to configure a firewall to act as a DHCP client can be useful in working with cable and DSL connections in small offices and SOHO implementations. The capability to act as a DHCP server providing critical network configuration information to host devices is another strong feature of the line, particularly the smaller platforms.

Questions

1.?

Which one of the following is not one of the six basic commands for initial PIX Firewall configuration?

  1. The ip address command

  2. The nat command

  3. The route command

  4. The conduit command

D. The conduit command. This is an old (v4. x ) command and would come after basic configuration to create exceptions

2.?

Which of the following commands would bring up (enable) a properly configured interface?

  1. no shutdown

  2. nameif ethernet2 dmz sec50

  3. interface e0 auto

  4. ip address outside 1.1.1.1 255.255.255.0

C. interface e0 auto

3.?

Which of the following firewall commands would allow a LAN host to successfully ping an Internet site?

  1. icmp permit any echo-reply outside

  2. icmp permit any echo-reply inside

  3. both would be required

  4. None of the above

D. None of the above. The firewall icmp commands only manage ICMP traffic directed at router interfaces, not traffic passing through the device.

4.?

Which command generated the following output?

1: Outbound ICMP echo request (len 32 id 7 seq 1004) 192.168.1.2 > 
172.16.1.78 > 172.16.4.50
2: Inbound ICMP echo reply (Len 32 id 26 seq 1004) 172.16.4.50 >
172.16.1.78 > 192.168.1.2

  1. show icmp

  2. show icmp traffic

  3. show icmp trace

  4. debug icmp trace

D. debug icmp trace

5.?

Which one of the following is not true about Network Time Protocol (NTP)?

  1. It’s an Internet standard protocol.

  2. It’s based on Coordinated Universal Time (UTC).

  3. Cisco Firewalls support all NTP service stratum.

  4. NTP devices are organized into associations.

C. Cisco Firewalls support all NTP service stratum. PIX Firewalls do not support stratum 1.

6.?

Which command enables NTP services on a PIX Firewall?

  1. ntp authentication-key 9146 md5 HopeThisWorks

  2. ntp authenticate

  3. ntp trusted-key 9146

  4. ntp server 192.168.4.2 key 9146 source inside prefer

B. ntp authenticate

7.?

Which command shows the NTP configuration?

  1. show ntp config

  2. show ntp status

  3. show ntp associations

  4. show ntp

D. show ntp

8.?

Which logging level would need to be set to capture the following output?

%PIX-5-304001: user 192.168.1.10 accessed URL 192.168.4.5/pr_sjones.gif

  1. 1

  2. 3

  3. 4

  4. 5

D. 5. The number after PIX indicates the level %PIX-5-304001:

9.?

Which of the following will stop UDP-based logging?

  1. The PIX Firewall is unable to reach the Syslog server.

  2. The Syslog server is misconfigured.

  3. The disk on the Syslog server is full.

  4. None of the above.

D. None of the above. Each situation will stop TCP-based logging.

10.?

Which PIX Firewall interface does the DHCP client default to?

  1. Inside

  2. Outside

  3. DMZ

  4. No default. It can be enabled anywhere.

B. Outside

11.?

Which of the following is not a PIX Firewall dhcp command?

  1. dhcpd address 192.168.1.6-192.168.1.254

  2. dhcpd dns 192.168.100.5 192.168.101.5

  3. dhcpd wins 192.168.100.5

  4. dhcpd ftp 192.168.100.5

  5. dhcpd enable

D. dhcpd ftp 192.168.100.5

12.?

Which command specifies a Syslog server for logging messages?

  1. logging trap

  2. logging history

  3. logging on

  4. logging host

D. logging host

13.?

For the command pix(config)#logging trap 4, what severity levels will be logged?

  1. Level 4

  2. Levels 4 through 7

  3. Levels 1 through 4

  4. Levels 0 through 4

D. Levels 0 through 4

14.?

What severity level must be trapped to get FTP commands and WWW URLs?

  1. 3

  2. 5

  3. 6

  4. 7

C. 6

15.?

Where does the dhcpd auto_config command get its source information?

  1. Firewall configuration

  2. CDP packets

  3. DHCP server service

  4. DHCP client service

D. DHCP client service

Answers

1.?

D. The conduit command. This is an old (v4.x) command and would come after basic configuration to create exceptions

2.?

C. interface e0 auto

3.?

D. None of the above. The firewall icmp commands only manage ICMP traffic directed at router interfaces, not traffic passing through the device.

4.?

D. debug icmp trace

5.?

C. Cisco Firewalls support all NTP service stratum. PIX Firewalls do not support stratum 1.

6.?

B. ntp authenticate

7.?

D. show ntp

8.?

D. 5. The number after PIX indicates the level %PIX-5-304001:

9.?

D. None of the above. Each situation will stop TCP-based logging.

10.?

B. Outside

11.?

D. dhcpd ftp 192.168.100.5

12.?

D. logging host

13.?

D. Levels 0 through 4

14.?

C. 6

15.?

D. DHCP client service



BackCover
CCSP - Cisco Certified Security Professional Certification All-in-One Exam Guide
Introduction
Part I: Introduction to Network Security
Part II: Securing the Network Perimeter
Part III: Virtual Private Networks (VPNs)
Part IV: PIX Firewalls
Chapter 17: CiscoSecure PIX Firewalls
Chapter 18: Getting Started with the Cisco PIX Firewall
Basic PIX Firewall Configuration
ICMP Traffic to the Firewall
Time Setting and NTP Support
Syslog Configuration
DHCP Server Configuration
Chapter Review
Chapter 19: Access Through the PIX Firewall
Chapter 20: Advanced PIX Firewall Features
Chapter 21: Firewalls and VPN Features
Chapter 22: Managing and Maintaining the PIX Firewall
Part V: Intrusion Detection Systems (IDS)
Part VI: Cisco SAFE Implementation
Appendix A: Access Control Lists
Appendix B: About the CD
List of Figures
List of Tables
List of Sidebars