Midterm Chapter 4-6

68 Questions | Total Attempts: 988

SettingsSettingsSettings
Midterm Quizzes & Trivia

Midterm Chapter 4-6


Questions and Answers
  • 1. 
    What are the entries called that make up an ACL?
    • A. 

      ACL

    • B. 

      ABC

    • C. 

      ACE

    • D. 

      DMZ

  • 2. 
    True of False, an ACL can inspect a packet header for layer 5 information?
    • A. 

      True

    • B. 

      False

  • 3. 
    True or false, only the first packet of a flow is inspected by the ACL , after that all subsequent packets matching that connection are not checked.
    • A. 

      True

    • B. 

      False

  • 4. 
    True or false, if a packet flow comes in and the first line of the ACL matches the packet, no further ACE’s are checked.
    • A. 

      True

    • B. 

      False

  • 5. 
    Where are new ACE’s added to the ACL?
    • A. 

      Top of the list

    • B. 

      Bottom of the list

    • C. 

      Where they fit in with the layers of the OSI model

    • D. 

      Ascending order by port number

  • 6. 
    What is the message ID of an entry that shows a packet dropped due to the implicit deny at the end of an ACL?
    • A. 

      OU812

    • B. 

      106022

    • C. 

      90210

    • D. 

      106023

  • 7. 
    How many total ACL’s can I have applied to an interface if I only use standard and extended ACL’s?
    • A. 

      4

    • B. 

      5

    • C. 

      6

    • D. 

      3

    • E. 

      2

  • 8. 
    True of False, an extended ACL only filters by IP address?
    • A. 

      True

    • B. 

      False

  • 9. 
    True or False, Standard ACL’s only work in transparent mode.
    • A. 

      True

    • B. 

      False

  • 10. 
    If I have an ACL that says permit 192.168.10.0 0.0.0.255, which address will it block?
    • A. 

      192.168.10.1

    • B. 

      192.169.10.100

    • C. 

      192.168.10.10

    • D. 

      192.168.10.254

  • 11. 
    What kind of filtering do we apply to traffic that terminates on the security applicance?
    • A. 

      ASDM

    • B. 

      Thru-Traffic

    • C. 

      To-the-box

    • D. 

      IP6

  • 12. 
    What command will apply an ACL to an interface?
    • A. 

      Access-group

    • B. 

      Access-list

    • C. 

      Access-enable

    • D. 

      Access-apply

    • E. 

      Access-group interface

  • 13. 
    True or False, named ACL’s have to include the “standard” or “extended” parameter?
    • A. 

      True

    • B. 

      False

  • 14. 
    What does this ACL do - access-list 102 permit tcp any 192.168.100.200 0.0.0.0 eq 25
    • A. 

      Allows only a specific IP to port 25

    • B. 

      Allows traffic to the HTTP server

    • C. 

      Allows traffic to the FTP server

    • D. 

      Allows traffic to the Mail server

  • 15. 
    True or False, anytime I use the “IN” parameter when applying an ACL to an interface, it means to check the traffic coming inside my network?
    • A. 

      True

    • B. 

      False

  • 16. 
    True or False, IP6 ACL’s are only supported in version 6.2 of the ASDM or higher?
    • A. 

      True

    • B. 

      False

  • 17. 
    True or False, I can use the “access-group” command to create groups of similar items like protocols or internal servers?
    • A. 

      True

    • B. 

      False

  • 18. 
    Which one is NOT a type of object group?
    • A. 

      Network

    • B. 

      Protocol

    • C. 

      Service

    • D. 

      Internal

  • 19. 
    Which command will allow me to create a time-based ACL that will be enforced every Saturday?
    • A. 

      Periodic

    • B. 

      Recurring

    • C. 

      Absolute

    • D. 

      Internal

  • 20. 
    Which command will allow me to create a specfic time-based ACL start and stop time?
    • A. 

      Periodic

    • B. 

      Absolute

    • C. 

      Recurring

    • D. 

      Internal

  • 21. 
    If I have BOTH an Absolute and a Periodic parameter configured in the same timerange, which one would be evaluated first?
    • A. 

      Recurring

    • B. 

      Periodic

    • C. 

      Absolute

    • D. 

      Internal

  • 22. 
    What is the term for how many times a packet is matched against an ACE?
    • A. 

      Hit count

    • B. 

      Counters

    • C. 

      Conn

    • D. 

      Statistics

  • 23. 
    The ASA allows you to specify two difrent time restrictions. When setting the Absolute values it uses it uses the same start and date format as what other comand?
    • A. 

      Time-range

    • B. 

      Clock set

    • C. 

      Time-clock

    • D. 

      Clock mon

  • 24. 
    Which command will show me how many total packets are being dropped and what is causing the drop?
    • A. 

      Show Hit count

    • B. 

      Show conn

    • C. 

      Show asp drop

    • D. 

      Show statistics

  • 25. 
    What do I use when I want to statically map multiple inside servers to one global IP address?
    • A. 

      PAT

    • B. 

      SNAT

    • C. 

      Port Redirection

    • D. 

      Stat Map

Back to Top Back to top