| Question 1 | What is the maximum number of interfaces the PIX 506E can support? |
| A1: | Answer A is correct. The PIX 506E can support two interfaces: the inside and the outside interfaces. Only the PIX 515 and above can support more than two interfaces. Therefore, answers B, C, and D are incorrect. |
| Question 2 | Which two licenses are supported on the PIX 515E model? -
A. Unlimited -
B. Restricted -
C. Limited -
D. Unrestricted |
| A2: | Answers B and D are correct. The PIX 515E can support three types of licenses: restricted, unrestricted, and failover. There is no such license called limited or unlimited. Therefore, answers A and C are incorrect. |
| Question 3 | Which of the following is true about the PIX 515E? -
Supports 130,000 simultaneous connections -
Supports 160,000 simultaneous connections -
64MB RAM -
128MB RAM -
Supports 6 interfaces -
Supports 8 interfaces -
Supports 10 interfaces -
Supports failover -
Does not support failover -
A. A, C, E, H -
B. B, D, E, H -
C. B, C, F, I -
D. A, C, F, H |
| A3: | Answer A is correct. The PIX 515E supports 64MB of RAM; 130,000 concurrent connections; failover; and up to 6 interfaces with the appropriate licenses. Therefore, answers B, C, and D are incorrect. |
| Question 4 | By default, how much flash and RAM memory does the PIX 506E have? -
A. 6MB of flash, 16MB of RAM -
B. 8MB of flash, 16MB of RAM -
C. 8MB of flash, 32MB of RAM -
D. 16MB of flash, 32MB of RAM |
| A4: | Answer C is correct. The PIX 506E supports 8MB of flash and 32MB of RAM. Therefore, answers A, B, and D are incorrect. |
| Question 5 | Which is the primary filtering method that the Cisco PIX firewall uses? |
| A5: | Answer B is correct. The PIX firewall uses the stateful packet filtering method of inspecting inbound and outbound traffic. Packet filters use ACLs only to control traffic; no session information is recorded, so answer A is incorrect. Proxy servers run on general-purpose operating systems and make session connections between themselves and the client and the destinations they desire , so answer C is incorrect. |
| Question 6 | If you install a new interface card in a PIX 515E, what else might you need to do? -
A. Simply configure the card. -
B. Obtain the appropriate license to enable the card. -
C. Add more RAM to support the card. -
D. Install the correct version of software to support card. |
| A6: | Answer B is correct. If you install a new interface card in a PIX 515E without an unrestricted license, you must obtain the activation key to enable the new card. More RAM or new software are not needed; therefore, answers A, C, and D are incorrect. |
| Question 7 | What is the default security level of the inside interface for a PIX 506E? |
| A7: | Answer C is correct. The default security levels on a PIX 506E are 100 for the inside interface and 0 for the outside interface. Therefore, answers A, B, and D are incorrect. |
| Question 8 | Which of the following statements is true about traffic passing from the DMZ interface to the inside interface? -
A. Traffic passes by default. -
B. Traffic is blocked by default. -
C. Traffic passes if ACLs are set up between the outside and the DMZ. -
D. Traffic passes if the inside security level is higher than the DMZ interface's level. |
| A8: | Answer B is correct. By default, most inside interfaces are set with a security level of 100 and the DMZ is set to something lower. The ASA allows traffic only from the higher security levels to pass to interfaces with lower security levels. This means that traffic passing from the DMZ to the inside interface is blocked by default. This functionality can be manually overridden. Therefore, answers A, C, and D are incorrect. |
| Question 9 | Which of the following statements is true about stateful packet filtering? -
A. They are based on ACLs. -
B. They request connections between client and destination computers. -
C. They inspect inbound and outbound packets. -
D. They process packets at layers 4 “7. |
| A9: | Answer C is correct. Stateful packet filters inspect inbound and outbound packets for valid translations and connection entries. Standard packet filters use ACL, so answer A is incorrect. Proxy servers create two sessions: one between the client and itself and a second between itself and the destination. Therefore, answers B and D are incorrect. |
| Question 10 | What does the ASA do with TCP sequence numbers ? |
| A10: | Answer B is correct. To provide an extra level of security, the ASA can randomize the TCP sequence numbers of outgoing packets. This helps prevent hackers from predicting what the TCP sequence numbers will be. Therefore, answers A, C, and D are incorrect. |
