Chapter Review

Chapter Review

This chapter looked at the Cisco PIX Device Manager (PDM) as a graphical interface tool to facilitate configuration and monitoring one or more PIX Firewalls. While particularly useful for those administrators who lack a solid knowledge of the PIX Firewall command-line interface (CLI), the PDM is an easy tool for any administrator to use to access most of the PIX functionality.

PDM monitoring features include real-time graphs and data, including connection, IDS, and throughput information for the selected PIX Firewall. You can view up to five days of historical data. The tabbed-page graphical interface with Windows Explorer-like controls on the left side makes it easy to check setting, configuration, or performance.

PDM v2.1, which runs on any PIX Firewall supporting the v6.2 operating system, added two wizards to greatly simplify the basic PIX Firewall setup, as well as both site-to-site and remote access VPN connections.

The failover features are available on the larger PIX devices to provide rapid and reliable redundancy. The two units that make up a failover pair must be physically identical. After configuring the primary unit, the standby will receive the configuration, making it identical to the primary right down to the IP and MAC addresses. Each time the primary boots up, the configuration is copied to the standby unit, or a write standby command can be used to accomplish the same thing.

Password recovery and OS upgrade procedures were also covered.

Questions

1.?

Which one of the following statements is false about Cisco PIX Device Manager (PDM)?

  1. It’s a Java applet that resides in the PIX Flash

  2. It supports Windows (except 3.1 and 95), Sun UNIX, and Red Hat Linux

  3. It’s a wizards-based application used exclusively for feature setup

  4. Version 2.1 requires PIX OS 6.2 or higher

 C. It s a wizards-based application used exclusively for feature setup. While it has two wizards, it can also be used for routine admin and monitoring

2.?

Which one of the following statements is false about PDM v2.1?

  1. The PIX unit must have an activation key for DES or 3DES

  2. It will run on any PIX Firewall

  3. If the PIX Firewall is running software version 6.2, then the PDM requirements to install v2.1 have already been met

  4. At least 8MB of Flash memory is required

 B. It will run on any PIX Firewall. It will run only on those supporting OS v6.2

3.?

Which one of the following statements is false about web browsers for PDM v2.1?

  1. It must be Java-enabled

  2. All versions of Netscape are supported on all three platforms

  3. It must support HTTPS (HTTP over SSL)

  4. Cisco recommends Internet Explorer on the Windows hosts for PDM

 B. All versions of Netscape are supported on all three platforms. Netscape 6. x or 7 aren t supported

4.?

Which one of the following commands will upgrade the PDM software?

  1. pixfirwall# copy tftp flash:pdm

  2. pixfirwall# copy tftp flash

  3. pixfirwall# copy tftp pdm-211.bin flash

  4. C:> copy pdm-211.bin \flash

 A.  pixfirwall# copy tftp flash:pdm

5.?

Which command would launch PDM?

  1. http://192.168.1.1

  2. http://192.168.1.1/pdm

  3. https://192.168.1.1

  4. http://192.168.1.1:pdm

 C.  https://192.168.1.1

6.?

If a write erase and reload command are issued on a PIX, what command will prompt for the minimum configuration required to run PDM?

  1. startup

  2. Wizards | Startup Wizard

  3. setup

  4. autoconfig

 C.  setup

7.?

Which one is not a PDM Wizard in v2.1?

  1. Site-to-site VPN

  2. AAA setup

  3. Startup

  4. Remote access VPN

 B. AAA setup

8.?

How many missed failover hellos trigger a PIX failover?

  1. 1

  2. 2

  3. 4

  4. It can be configured to any value

 B. 2

9.?

Which PIX platform can’t be used with the failover feature?

  1. 506/506e

  2. 515/515e

  3. 520s

  4. 535

 A. 506/506e

10.?

Which two pairs of software licenses can be used for a PIX failover pair?

  1. Unrestricted (UR)/Unrestricted (UR)

  2. Failover (FO)/Failover (FO)

  3. Unrestricted (UR)/Failover (FO)

  4. Unrestricted (UR)/Restricted (R)

 A. Unrestricted (UR)/Unrestricted (UR). and C. Unrestricted (UR)/Failover (FO)

11.?

Which failover method yields the least disruption of dataflows?

  1. Serial failover

  2. LAN failover

  3. Stateful failover

  4. Dynamic failover

 C. Stateful failover

12.?

Which is a PIX 500 Firewall password recovery lockout utility name?

  1. lu62.bin

  2. pix62.bin

  3. pix62.lu

  4. np62.bin

 D. np62.bin

13.?

Which one statement is true about PIX password recovery?

  1. V6.2 password recovery is the same as for routers

  2. V6.2 password recovery is the same on all PIX platforms

  3. Password recovery is dependent on the PIX platform and the current OS version

  4. Password recovery requires a floppy disk and the rawrite file

 C. Password recovery is dependent on the PIX platform and the current OS version

14.?

To use the copy tftp flash command for OS upgrades, what two conditions must be true?

  1. PIX Firewall unit is currently running an OS versions 5.1.1 or later

  2. PIX Firewall unit has a floppy disk drive

  3. PIX Firewall unit has a DES or 3DES activation key

  4. PIX Firewall unit doesn’t have a floppy disk drive

 D. and C. PIX Firewall unit is currently running an OS versions 5.1.1 or later, and PIX Firewall unit has a DES or 3DES activation key

15.?

Which is a PIX Firewall OS filename?

  1. pix622.bin

  2. bh622.bin

  3. pix622.exe

  4. np622.bin

 A. pix622.bin

Answers

1.?

C. It’s a wizards-based application used exclusively for feature setup. While it has two wizards, it can also be used for routine admin and monitoring

2.?

B. It will run on any PIX Firewall. It will run only on those supporting OS v6.2

3.?

B. All versions of Netscape are supported on all three platforms. Netscape 6.x or 7 aren’t supported

4.?

A. pixfirwall# copy tftp flash:pdm

5.?

C. https://192.168.1.1

6.?

C. setup

7.?

B. AAA setup

8.?

B. 2

9.?

A. 506/506e

10.?

A. Unrestricted (UR)/Unrestricted (UR). and C. Unrestricted (UR)/Failover (FO)

11.?

C. Stateful failover

12.?

D. np62.bin

13.?

C. Password recovery is dependent on the PIX platform and the current OS version

14.?

D. and C. PIX Firewall unit is currently running an OS versions 5.1.1 or later, and PIX Firewall unit has a DES or 3DES activation key

15.?

A. pix622.bin




Part III: Virtual Private Networks (VPNs)