Exam Prep Questions
Question 1
What is the maximum number of interfaces the PIX 506E can support?
2
3
8
6
Answer A is correct. The PIX 506E can support two interfaces: the inside and the outside interfaces. Only the PIX 515 and above can support more than two interfaces. Therefore, answers B, C, and D are incorrect.
Question 2
Which two licenses are supported on the PIX 515E model?
Unlimited
Restricted
Limited
Unrestricted
Answers B and D are correct. The PIX 515E can support three types of licenses: restricted, unrestricted, and failover. There is no such license called limited or unlimited. Therefore, answers A and C are incorrect.
Question 3
Which of the following is true about the PIX 515E?
Supports 130,000 simultaneous connections
Supports 160,000 simultaneous connections
64MB RAM
128MB RAM
Supports 6 interfaces
Supports 8 interfaces
Supports 10 interfaces
Supports failover
Does not support failover
A, C, E, H
B, D, E, H
B, C, F, I
A, C, F, H
Answer A is correct. The PIX 515E supports 64MB of RAM; 130,000 concurrent connections; failover; and up to 6 interfaces with the appropriate licenses. Therefore, answers B, C, and D are incorrect.
Question 4
By default, how much flash and RAM memory does the PIX 506E have?
6MB of flash, 16MB of RAM
8MB of flash, 16MB of RAM
8MB of flash, 32MB of RAM
16MB of flash, 32MB of RAM
Answer C is correct. The PIX 506E supports 8MB of flash and 32MB of RAM. Therefore, answers A, B, and D are incorrect.
Question 5
Which is the primary filtering method that the Cisco PIX firewall uses?
Packet filtering
Stateful packet filtering
Proxy server
All of the above
Answer B is correct. The PIX firewall uses the stateful packet filtering method of inspecting inbound and outbound traffic. Packet filters use ACLs only to control traffic; no session information is recorded, so answer A is incorrect. Proxy servers run on general-purpose operating systems and make session connections between themselves and the client and the destinations they desire, so answer C is incorrect.
Question 6
If you install a new interface card in a PIX 515E, what else might you need to do?
Simply configure the card.
Obtain the appropriate license to enable the card.
Add more RAM to support the card.
Install the correct version of software to support card.
Answer B is correct. If you install a new interface card in a PIX 515E without an unrestricted license, you must obtain the activation key to enable the new card. More RAM or new software are not needed; therefore, answers A, C, and D are incorrect.
Question 7
What is the default security level of the inside interface for a PIX 506E?
50
0
100
110
Answer C is correct. The default security levels on a PIX 506E are 100 for the inside interface and 0 for the outside interface. Therefore, answers A, B, and D are incorrect.
Question 8
Which of the following statements is true about traffic passing from the DMZ interface to the inside interface?
Traffic passes by default.
Traffic is blocked by default.
Traffic passes if ACLs are set up between the outside and the DMZ.
Traffic passes if the inside security level is higher than the DMZ interface's level.
Answer B is correct. By default, most inside interfaces are set with a security level of 100 and the DMZ is set to something lower. The ASA allows traffic only from the higher security levels to pass to interfaces with lower security levels. This means that traffic passing from the DMZ to the inside interface is blocked by default. This functionality can be manually overridden. Therefore, answers A, C, and D are incorrect.
Question 9
Which of the following statements is true about stateful packet filtering?
They are based on ACLs.
They request connections between client and destination computers.
They inspect inbound and outbound packets.
They process packets at layers 47.
Answer C is correct. Stateful packet filters inspect inbound and outbound packets for valid translations and connection entries. Standard packet filters use ACL, so answer A is incorrect. Proxy servers create two sessions: one between the client and itself and a second between itself and the destination. Therefore, answers B and D are incorrect.
Question 10
What does the ASA do with TCP sequence numbers?
Nothing
Randomizes them
Adds 100 to each one of them
Converts them to characters
Answer B is correct. To provide an extra level of security, the ASA can randomize the TCP sequence numbers of outgoing packets. This helps prevent hackers from predicting what the TCP sequence numbers will be. Therefore, answers A, C, and D are incorrect.