This chapter looked at the basic commands and techniques for configuring a PIX Firewall device. These commands make up the six basic commands for initial PIX Firewall configuration.
The nameif command
The interface command
The ip address command
The nat command
The global command
Network Time Protocol (NTP) is an Internet standard protocol to synchronize network devices and computers, which is accurate to a millisecond. You learned about the Cisco NTP implementation that allows PIX Firewalls to synchronize with an established NTP time server, so events and processes can be coordinated and correlated when system logs are created and other time-specific events occur.
The PIX Firewall syslog message facility is a useful means to view and store troubleshooting messages and to watch for network events, such as attacks and service denials. The logging commands specify how system messaging will be handled and how to work with a Syslog server to provide reliable logging of PIX activities and processes.
You also learned how having the option to configure a firewall to act as a DHCP client can be useful in working with cable and DSL connections in small offices and SOHO implementations. The capability to act as a DHCP server providing critical network configuration information to host devices is another strong feature of the line, particularly the smaller platforms.
1.? |
Which one of the following is not one of the six basic commands for initial PIX Firewall configuration?
|
|
2.? |
Which of the following commands would bring up (enable) a properly configured interface?
|
|
3.? |
Which of the following firewall commands would allow a LAN host to successfully ping an Internet site?
|
|
4.? |
Which command generated the following output? 1: Outbound ICMP echo request (len 32 id 7 seq 1004) 192.168.1.2 > 172.16.1.78 > 172.16.4.50 2: Inbound ICMP echo reply (Len 32 id 26 seq 1004) 172.16.4.50 > 172.16.1.78 > 192.168.1.2
|
|
5.? |
Which one of the following is not true about Network Time Protocol (NTP)?
|
|
6.? |
Which command enables NTP services on a PIX Firewall?
|
|
7.? |
Which command shows the NTP configuration?
|
|
8.? |
Which logging level would need to be set to capture the following output? %PIX-5-304001: user 192.168.1.10 accessed URL 192.168.4.5/pr_sjones.gif
|
|
9.? |
Which of the following will stop UDP-based logging?
|
|
10.? |
Which PIX Firewall interface does the DHCP client default to?
|
|
11.? |
Which of the following is not a PIX Firewall dhcp command?
|
|
12.? |
Which command specifies a Syslog server for logging messages?
|
|
13.? |
For the command pix(config)#logging trap 4, what severity levels will be logged?
|
|
14.? |
What severity level must be trapped to get FTP commands and WWW URLs?
|
|
15.? |
Where does the dhcpd auto_config command get its source information?
|
|
Answers
1.? |
D. The conduit command. This is an old (v4.x) command and would come after basic configuration to create exceptions |
2.? |
C. interface e0 auto |
3.? |
D. None of the above. The firewall icmp commands only manage ICMP traffic directed at router interfaces, not traffic passing through the device. |
4.? |
D. debug icmp trace |
5.? |
C. Cisco Firewalls support all NTP service stratum. PIX Firewalls do not support stratum 1. |
6.? |
B. ntp authenticate |
7.? |
D. show ntp |
8.? |
D. 5. The number after PIX indicates the level %PIX-5-304001: |
9.? |
D. None of the above. Each situation will stop TCP-based logging. |
10.? |
B. Outside |
11.? |
D. dhcpd ftp 192.168.100.5 |
12.? |
D. logging host |
13.? |
D. Levels 0 through 4 |
14.? |
C. 6 |
15.? |
D. DHCP client service |