Chapter 16 685
21
Which has the stronger authentication mechanism--enable secret or enable password?
enable secret.
22
With CBAC, which feature is needed to prevent Denial of Service attacks?
TCP Interceptor.
23
Where should extended access lists be applied--closest to the source or the destination?
Extended access lists should be placed closest to the source.
24
What is a perimeter router?
The perimeter router is the router that is closest to the exit point of a customer's network--
usually the Internet.
25
What does ISAKMP stand for?
Internet Security Association Key Management Protocol.
26
What RFC is NAT?
RFC 1918.
27
Why is stateful filtering considered faster than application proxies?
Because the firewall only needs to look at Layer 4. As the firewall unwraps the packet, it
would be more work to have to unwrap more layers than necessary. Application proxies
work at the Application layer.
28
Without CBAC, can Cisco routers filter TCP and UDP ports?
Yes. Regular Cisco IOS can filter TCP or UDP ports, as well as source and destination IP
addresses and networks.
29
Name three network security weaknesses.
Policy, Configuration, Technology.
30
What IOS feature set is required for CBAC?
The Firewall feature set.
Chapter 16
1
What challenge does the CCDP face when merging voice onto a data network?
Data networks tolerate delay. Voice networks do not tolerate delay, and the packets must
be delivered in a real-time predictable order.
87200333.book Page 685 Wednesday, August 22, 2001 1:41 PM