Home
Blog
Hobbies
Movies
Recipes
Dogs
Videos
CCNA Security
Engineering
Forum
Submit
CCNA Security
Home
Chapters
Search
Firewall Technologies Quiz
Implementing Firewall Technologies
Question 1 of 12
Standard ACLs on Cisco routers filter traffic based solely on:
Select the best answer:
Source and destination IP address and port number
Source IP address only
Destination IP address and port number
Protocol type and port number
Which number ranges are used for standard IP ACLs on Cisco IOS?
Select the best answer:
1–99 and 1300–1999
100–199 and 2000–2699
1000–1099
1–199 only
Best practice dictates that extended ACLs should be placed:
Select the best answer:
As close to the destination as possible
As close to the source as possible
Only on the WAN-facing interface of the edge router
Only on inbound interfaces, never outbound
Every Cisco ACL ends with an implicit rule that:
Select the best answer:
Permits all traffic not explicitly denied
Denies all traffic not matched by a permit statement
Applies only to inbound ACLs on Ethernet interfaces
Logs all unmatched packets to syslog
Context-Based Access Control (CBAC) is best described as:
Select the best answer:
A stateless packet filter that inspects only layer 3/4 headers
A Cisco IOS stateful inspection feature that dynamically opens return traffic
The Zone-Based Firewall model that superseded ACLs
An ACL that filters based on HTTP URLs and application content
In a Cisco Zone-Based Firewall (ZBF), traffic between two interfaces in the SAME zone is:
Select the best answer:
Always denied until a zone-pair policy permits it
Always permitted without requiring a policy
Inspected by the default global inspection policy
Forwarded but logged to syslog automatically
In network architecture, a DMZ (Demilitarized Zone) is:
Select the best answer:
A segment connecting two routers via encrypted GRE tunnels
A perimeter network hosting public-facing servers, separated from internal and external networks
A type of IPsec VPN encapsulation mode
An internal VLAN reserved for management traffic
Which Cisco command applies ACL 100 to an interface for inbound traffic?
Select the best answer:
ip access-group 100 out
ip access-group 100 in
ip access-list 100 in
access-class 100 in
A stateful firewall differs from a basic packet filter because it:
Select the best answer:
Inspects the full application-layer payload of every packet
Tracks connection state and automatically permits return traffic
Uses proxy servers to relay all traffic on behalf of clients
Requires explicit permit rules in both directions for every flow
In a Zone-Based Firewall, which special zone represents traffic originating FROM the router itself?
Select the best answer:
inside
dmz
self
outside
The wildcard mask 0.0.0.255 paired with 192.168.1.0 in an ACL matches:
Select the best answer:
Only the broadcast address 192.168.1.255
All hosts in the 192.168.1.0/24 subnet
Hosts from 192.168.0.0 through 192.168.0.255
Only the network address 192.168.1.0
Cisco IOS Zone-Based Firewall replaced which earlier Cisco IOS security technology?
Select the best answer:
Standard and extended ACLs entirely
CBAC (Context-Based Access Control)
The hardware-based PIX firewall platform
NAT (Network Address Translation)
Previous
Next
Submit Quiz