| 1. | What is the difference between stateful and stateless ACLs? |
| Answer: | Stateful ACLs track transport state information, such as IP addresses, TCP/UDP ports, TCP sequence numbers, and TCP flags. Stateful ACLs do not track any transport information. |
| 2. | How do stateful ACLs track transport state information? |
| Answer: | Basic ACLs track transport state simply by checking to see if the ACK or RST TCP flags are set in the TCP header. IP session filters create temporary ACL entries for return traffic. CBAC and PIX firewalls store transport state information for each connection in a state table. The table includes IP addresses, TCP/UDP ports, TCP sequence numbers, and TCP flags. |
| 3. | How can you approximate UDP connections? |
| Answer: | You can approximate UDP connections by tracking packets with the same source and destination IP addresses and ports that transit the firewall over the same time frame. |
| |
| 4. | How can you achieve supervisor redundancy? |
| Answer: | Supervisor redundancy is achieved by installing two supervisors in a single chassis, or by using two chassis with a single supervisor installed in each. |
| 5. | How can you achieve switch fabric redundancy? |
| Answer: | For active backplanes, two chassis are required for redundancy. For passive backplanes (that is, SFMs or integrated switch fabrics), either two modules in a single chassis or two chassis with a single module each are required for redundancy. |
| 6. | What is one benefit of sandwiching public servers between two firewalls? |
| Answer: | Both single and dual firewall configurations secure internal resources from the public resources. However, server sandwiching enables firewalls of different vendors to secure internal resources. |
| 7. | What content networking solutions do remote branch users benefit from? |
| Answer: | Remote office users benefit from content edge delivery, distribution, and routing in order to place content closer to the client. |
