Review Questions

Review Questions

1.Which of the following commands would you use to change the maximum number of half-open TCP connections per host to 100?

A.ip inspect tcp synwait-time 100

B.ip inspect tcp idle-time 100

C.ip inspect max-incomplete high 100

D.ip inspect one-minute high 100

E.ip inspect tcp max-incomplete host 100

2.Which of the following best describes a half-open connection?

A.The TCP three-way handshake was completed.

B.The connection was denied.

C.The connection failed to reach an established state.

D.The connection timed out.

3.Which of the following commands would you use to change the maximum total number of halfopen TCP connections to 1000?

A.ip inspect tcp synwait-time 1000

B.ip inspect tcp idle-time 1000

C.ip inspect max-incomplete high 1000

D.ip inspect one-minute high 1000

E.ip inspect tcp max-incomplete host 1000

4.Which of the following commands disables all CBAC on the IOS Firewall?

A.Router(config)#no ip inspect

B.Router(config-if)#no ip inspect

C.Router(config)#no ip cbac

D.Router(config-if)#no ip cbac

5.What is the default time CBAC will wait before closing idle TCP connections?

A.10 seconds

B.30 seconds

C.60 seconds

D.600 seconds

E.3600 seconds

168 Chapter 5 Context-Based Access Control Configuration

6.Which of the following commands would you use to change the length of time CBAC will wait for half-open TCP connections to complete before dropping them to 60 seconds?

A.ip inspect tcp synwait-time 60

B.ip inspect tcp idle-time 60

C.ip inspect max-incomplete high 60

D.ip inspect one-minute high 60

E.ip inspect tcp max-incomplete host 60

7.What is the default number of half-open connections that causes CBAC to start deleting them?

A.100

B.400

C.500

D.600

E.3600

8.Once CBAC starts deleting half-open connections, how many must there be before it stops?

A.100

B.400

C.500

D.600

E.3600

9.What is the default number of half-open connections per minute that causes CBAC to start deleting them?

A.100

B.400

C.500

D.600

E.3600

10.Once CBAC starts deleting half-open connections, how many must there be per minute before it stops?

A.100

B.400

C.500

D.600

E.3600

11.Which of the following commands disables all auditing?

A.ip inspect audit-trail

B.no ip inspect audit-trail

C.ip inspect alert off

D.no ip inspect alert off

12.Which of the following are components of the IOS Firewall? (Choose all that apply.)

A.Context-Based Access Control (CBAC)

B.Contextless Access Control (CAC)

C.Authentication Proxy

D.Intrusion Detection System (IDS)

E.Stateful firewall

13.Which of the following commands are valid monitoring commands for CBAC? (Choose all that apply.)

A.ip inspect show

B.show ip inspect interfaces

C.show ip inspect config

D.display ip inspect config

E.inspect ip global-parameters

14.Suppose that you need to disable all CBAC functions on the router. Which of the following commands would you choose?

A.Router(config)#ip inspect none

B.Router(config-if)#no ip inspect

C.Router(config)#no ip inspect

D.Router(config-if)#no ip cbac

15.Which types of ACL can CBAC dynamically modify?

A.IP standard

B.IP extended

C.Any IP access list

D.Any access list

170 Chapter 5 Context-Based Access Control Configuration

16.You need to check and see which port(s) CBAC thinks HTTP is running on. Which of the following commands gives you this information? (Choose all that apply.)

A.show ip port-map

B.show ip port 80 port-map

C.show ip http port-map

D.show ip port-map port 80

E.show ip port-map http

17.When configuring inspection rules, which of the following best describes how protocols can be configured?

A.You can inspect TCP or UDP, but not both.

B.You can inspect TCP and UDP, but nothing else.

C.You can inspect application protocols or TCP.

D.You can inspect application protocols, generic TCP, and generic UDP all together.

E.None of the above.

18.Which of the following are properties of CBAC? (Choose all that apply.)

A.Stateful inspection

B.Static

C.Can be used to effectively respond to DoS attacks

D.Adapts to user requests and network conditions

E.Free with standard IOS

19.You need to enable alerts and audit trails. Which of the following must you have in order to do this?

A.CiscoSecure ACS

B.Windows 2000

C.Syslog server

D.TACACS server

E.RADIUS server

20.What are the six steps recommended by Cisco to configure CBAC (in order)?

1.Define inspection rules.

2.Test and verify CBAC.

3.Set global timeouts and thresholds.

4.Apply inspection rules and ACLs to interfaces.

5.Set audit trails and alerts.

6.Define Port-to-Application Mapping (PAM).

A.1, 2, 3, 4, 5, 6

B.3, 6, 5, 2, 1, 4

C.5, 3, 6, 1, 4, 2

D.2, 4, 3, 5, 6, 1

E.4, 6, 2, 3, 1, 5