• Recent Posts

  • AmazonExam

  • Braindumps

    Easy Pass Exams!
  • Testking

    Easy Pass Exams!
  • ExamCollection

    Easy Pass Exams!
  •  

    HOT 70-410 Exam VCE Dumps >> Free Download

    HOT 70-411 Exam VCE Dumps >> Free Download

    HOT 70-412 Exam VCE Dumps >> Free Download

    HOT 70-413 Exam VCE Dumps >> Free Download

    HOT 70-414 Exam VCE Dumps >> Free Download

    HOT 70-415 Exam VCE Dumps >> Free Download

    HOT 70-416 Exam VCE Dumps >> Free Download

    HOT 70-417 Exam VCE Dumps >> Free Download

    NEW 70-432 Exam VCE Dumps >> Free Download

    NEW 70-448 Exam VCE Dumps >> Free Download

    NEW 70-457 Exam VCE Dumps >> Free Download

    NEW 70-458 Exam VCE Dumps >> Free Download

    NEW 70-459 Exam VCE Dumps >> Free Download

    HOT 70-460 Exam VCE Dumps >> Free Download

    HOT 70-461 Exam VCE Dumps >> Free Download

    HOT 70-462 Exam VCE Dumps >> Free Download

    HOT 70-463 Exam VCE Dumps >> Free Download

    HOT 70-464 Exam VCE Dumps >> Free Download

    HOT 70-465 Exam VCE Dumps >> Free Download

    HOT 70-466 Exam VCE Dumps >> Free Download

    HOT 70-467 Exam VCE Dumps >> Free Download

    HOT 70-469 Exam VCE Dumps >> Free Download

    NEW 70-470 Exam VCE Dumps >> Free Download

    NEW 70-480 Exam VCE Dumps >> Free Download

    NEW 70-481 Exam VCE Dumps >> Free Download

    NEW 70-482 Exam VCE Dumps >> Free Download

    HOT 70-483 Exam VCE Dumps >> Free Download

    NEW 70-484 Exam VCE Dumps >> Free Download

    NEW 70-485 Exam VCE Dumps >> Free Download

    NEW 70-486 Exam VCE Dumps >> Free Download

    NEW 70-487 Exam VCE Dumps >> Free Download

    HOT 70-488 Exam VCE Dumps >> Free Download

    NEW 70-489 Exam VCE Dumps >> Free Download

    NEW 70-490 Exam VCE Dumps >> Free Download

    NEW 70-491 Exam VCE Dumps >> Free Download

    NEW 70-492 Exam VCE Dumps >> Free Download

    NEW 70-494 Exam VCE Dumps >> Free Download

    NEW 70-496 Exam VCE Dumps >> Free Download

    NEW 70-497 Exam VCE Dumps >> Free Download

    NEW 70-498 Exam VCE Dumps >> Free Download

    NEW 70-499 Exam VCE Dumps >> Free Download

    NEW 70-511 Exam VCE Dumps >> Free Download

    NEW 70-513 Exam VCE Dumps >> Free Download

    NEW 70-515 Exam VCE Dumps >> Free Download

    NEW 70-516 Exam VCE Dumps >> Free Download

    NEW 70-517 Exam VCE Dumps >> Free Download

    HOT 70-532 Exam VCE Dumps >> Free Download

    HOT 70-533 Exam VCE Dumps >> Free Download

    HOT 70-534 Exam VCE Dumps >> Free Download

    NEW 70-573 Exam VCE Dumps >> Free Download

    NEW 70-576 Exam VCE Dumps >> Free Download

    NEW 70-640 Exam VCE Dumps >> Free Download

    NEW 70-642 Exam VCE Dumps >> Free Download

    NEW 70-646 Exam VCE Dumps >> Free Download

    NEW 70-659 Exam VCE Dumps >> Free Download

    NEW 70-662 Exam VCE Dumps >> Free Download

    NEW 70-663 Exam VCE Dumps >> Free Download

    NEW 70-667 Exam VCE Dumps >> Free Download

    NEW 70-668 Exam VCE Dumps >> Free Download

    NEW 70-673 Exam VCE Dumps >> Free Download

    HOT 70-680 Exam VCE Dumps >> Free Download

    NEW 70-685 Exam VCE Dumps >> Free Download

    NEW 70-686 Exam VCE Dumps >> Free Download

    NEW 70-687 Exam VCE Dumps >> Free Download

    HOT 70-688 Exam VCE Dumps >> Free Download

    NEW 70-689 Exam VCE Dumps >> Free Download

    NEW 70-692 Exam VCE Dumps >> Free Download

    NEW 70-694 Exam VCE Dumps >> Free Download

    NEW 70-695 Exam VCE Dumps >> Free Download

    NEW 70-696 Exam VCE Dumps >> Free Download

    NEW 70-697 Exam VCE Dumps >> Free Download

    NEW 70-980 Exam VCE Dumps >> Free Download

    NEW 70-981 Exam VCE Dumps >> Free Download

    NEW 74-335 Exam VCE Dumps >> Free Download

    NEW 74-338 Exam VCE Dumps >> Free Download

    NEW 74-343 Exam VCE Dumps >> Free Download

    NEW 74-344 Exam VCE Dumps >> Free Download

    HOT 74-409 Exam VCE Dumps >> Free Download

    NEW 74-674 Exam VCE Dumps >> Free Download

    NEW 74-678 Exam VCE Dumps >> Free Download

    HOT 74-697 Exam VCE Dumps >> Free Download

    NEW 77-427 Exam VCE Dumps >> Free Download

  • « | Main | »

    CCIE R&S 350-001 Q&As – Implement Network Security (NBAR, NAT, ACL) (1-5)

    By admin | June 18, 2014

    Tagged with:

    Section 10 – Implement Network Security (NBAR, NAT, ACL)

    QUESTION 1
    What is the purpose of an explicit “deny any” statement at the end of an ACL?
    A.    none, since it is implicit
    B.    to enable Cisco IOS IPS to work properly; however, it is the deny all traffic entry that is actually required
    C.    to enable Cisco IOS Firewall to work properly; however, it is the deny all traffic entry that is actually required
    D.    to allow the log option to be used to log any matches
    E.    to prevent sync flood attacks
    F.    to prevent half-opened TCP connections
    Answer: D

    Explanation:
    As we know, there is always a “deny all” line at the end of each access-list to drop all other traffic that doesn’t match any “permit”  lines.
    You can enter your own explicit deny with the “log” keyword to see what are actually blocked , like this:
    Router(config)# access-list 1 permit 192.168.30.0 0.0.0.255
    Router(config)# access-list 1 deny any log
    Note: The log keyword can be used to provide additional detail about source and destinations for a given protocol.
    Although this keyword provides valuable insight into the details of ACL hits, excessive hits to an ACL entry that uses the log keyword increase CPU utilization.
    The performance impact associated with logging varies by platform. Also, using the log keyword disables Cisco Express Forwarding (CEF) switching for packets that match the access-list statement.
    Those packets are fast switched instead.

    QUESTION 2
    Which of these is mandatory when configuring Cisco IOS Firewall?
    A.    Cisco IOS IPS enabled on the untrusted interface
    B.    NBAR enabled to perform protocol discovery and deep packet inspection
    C.    a route map to define the trusted outgoing traffic
    D.    a route map to define the application inspection rules
    E.    an inbound extended ACL applied to the untrusted interface
    Answer: E
    Explanation:
    The inbound IP access list at the external interface must be an extended access list. This inbound access list should deny traffic that you want to be inspected by CBAC. (CBAC will create temporary openings in this inbound access list as appropriate to permit only return traffic that is part of a valid, existing session.)

    QUESTION 3
    Refer to the exhibit. This exhibit shows the NAT configuration for Router A and the output for a ping issued from device 171.68.200.48 and destined to 172.16.47.142. Based on this information, what change must be made to Router A in order for the ping to work?
    A.    reload the router
    B.    clear the route cache
    C.    add a static route
    D.    configure IP as classless
    E.    load a newer IOS image
    Answer: D
    Explanation:
    The assumption with classful routing is that all of a classful address belongs to one organization. The idea of a component subnet would be any subnet of a classful network. When you look at the routing table it lists the subnets based on the classful networks like this:
    Network 192.168.1.0/27 is subnetted 2 subnets
    192.168.1.32 ….
    192.168.1.64 ….
    The 192.168.1.32 and 192.168.1.64 subnets would be the “component subnets” of the 192.168.1.0 network.
    So the point is that if you tried to route a packet to 192.168.1.151 it would be dropped even if there was a default route in the routing table. The reason fo this is that the router knows of subnets that belong to the major network (192.168.1.0 in this case), but does not have an entry for the specific subnet.

    QUESTION 4
    NBAR supports all of these with the exception of which one?
    A.    HTTP
    B.    IP multicast
    C.    TCP flows with dynamically assigned port numbers
    D.    non-UDP protocols
    Answer: B

    QUESTION 5
    Which of these statements accurately identifies how Unicast Reverse Path Forwarding can be employed to prevent the use of malformed or forged IP sources addresses?
    A.    It is applied only on the input interface of a router.
    B.    It is applied only on the output interface of a router.
    C.    It can be configured either on the input or output interface of a router.
    D.    It cannot be configured on a router interface.
    E.    It is configured under any routing protocol process.
    Answer: A
    Explanation:
    Unicast RPF can be used in any “single-homed” environment where there is essentially only one access point out of the network; that is, one upstream connection. Networks having one access point offer the best example of symmetric routing, which means that the interface where a packet enters the network is also the best return path to the source of the IP packet. Unicast RPF is best used at the network perimeter for Internet, intranet, or extranet environments, or in ISP environments for customer network terminations.

    184 Total Views 3 Views Today

    Topics: Cisco, Exam | Comments Off on CCIE R&S 350-001 Q&As – Implement Network Security (NBAR, NAT, ACL) (1-5)

    Tagged with:

    Comments are closed.