We have the option of using the word host to represent a wildcard mask of 0.0.0.0.
Consider a configuration where only packets from IP source 10.1.1.1 should be allowed and all other packets denied. The following ACLs both do that.
R3#conf t
R3(config)#access-list 6 permit 10.1.1.1 0.0.0.0
R3(config)#conf t
R3(config)#access-list 7 permit host 10.1.1.1
The keyword any can be used to represent a wildcard mask of 255.255.255.255. Both of the following lines permit all traffic.
R3(config)#access-list 15 permit any
R3(config)#access-list 15 permit 0.0.0.0 255.255.255.255
There’s no “right” or “wrong” decision to make when you’re configuring ACLs in the real world. For your exam, though, I’d be very familiar with the proper use of host and any.
A. It’s part of the IOS Firewall Feature Set.
B. It allows creation of per-user security profiles, rather than more general profiles.
C. It allows creation of general security profiles, but not per-user profiles. D. Profiles can be stored locally, but not remotely.
E. Profiles can be stored on a RADIUS server.
F. Profiles can be stored on a TACACS+ server.
Ans: (A, B, E, F. T he Authentication Proxy allows us to create security profiles that will be applied on a per-user basis, rather than a per-subnet or per-address basis. These profiles can be kept
on either of the following:
• RADIUS server
• TACACS+ server
Upon successful authentication, that particular user’s security policy is downloaded from the
RADIUS or TACACS+ server and applied by the IOS Firewall router.
A. IOS Firewall
B. Intrusion Prevention System
C. RADIUS
D. Authentication Proxy
E. Password Encryption
Ans:(A, B, D.) There are three major components to the IOS Firewall feature set - the IOS
Firewall, the Intrusion Prevention System (IPS), and the Authentication Proxy.
The Cisco IOS Firewall is a stateful filter.
A. Stateless packet filtering considers the TCP connection state. B. Stateful packet filtering considers the TCP connection state.
C. Neither stateless nor stateful packet filtering monitor the TCP connection state.
D. Both stateless and stateful packet filtering monitor the TCP connection state, and keep a state table containing that information.
Ans: (B.) Stateful packet filtering does monitor the connection state, and that’s particularly important when it comes to preventing TCP attacks. A stateful firewall will not only monitor the state of the TCP connection, but also the sequence numbers. Stateful firewalls accomplish this by keeping a session table, or state table.
Webmaster 20th of May 2012
Tell us what you feel about CCNA Security Interview Questions and Answers
All comments will be published after review. No login or registration is required to post a comment on CCNA Security Interview Questions and Answers We offer and invite you to submit your valuable comment now; Please be respectful of others when commenting. Insulting others, self-promotional comments, website promotional comments, marketing stuff, SEO Techniques, SMS-style content and off-topic comments will not be approved at this information portal.
So start sharing your thoughts regarding CCNA Security Interview Questions and Answers
Thank you.