Question 1 | Which of the following channels does CBAC inspect and monitor? -
A. Application -
B. Communication -
C. Control -
D. Data -
E. Session |
A1: | Answer: C. Application can use a control channel and a data channel. CBAC only monitors the data channel. CBAC inspects and monitors the control channel. |
Question 2 | CBAC must approximate which of the following protocols and applications? -
A. SMTP -
B. TCP -
C. UDP -
D. DNS -
E. SIP |
A2: | Answer: C. UDP is a connectionless protocol that must be approximated by CBAC. Unlike TCP, UDP does not use flags or sequence numbers . |
Question 3 | What table does CBAC use to create the dynamic ACLs? |
A3: | Answer: D. The state table tracks information contained in the packets of a session. The only table that CBAC creates is the state table. |
Question 4 | By default, how long will CBAC manage an idle UDP session? -
A. 5 seconds -
B. 10 seconds -
C. 30 seconds -
D. 60 seconds -
E. 1 hour |
A4: | Answer: C. CBAC manages a session before deleting a state table entry after a specific length of inactivity. The default time for idle UDP session management is 30 seconds. |
Question 5 | How often does CBAC measure the rate of session establish when using the ip inspect one-minute command? -
A. More frequently than once per minute -
B. Less frequently than once per minute -
C. Every 30 seconds -
D. Once at the beginning of a 60 second cycle and once at the end of the cycle -
E. Every minute |
A5: | Answer: A. The router measures the ip inspect one-minute threshold more frequently than once per minute, contrary to the command's name . Therefore, all the other answers are incorrect because the measurement interval is more frequent than once per minute. |
Question 6 | What is the correct command to ensure that CBAC inspects HTTP traffic on port 8888 for the IP addresses specified by ACL 1? -
A. ip port-map protocol http port 8888 list 1 -
B. ip port map http 8888 list 1 -
C. ip port map list 1 http port 8888 -
D. ip port-map list 1 http 8888 -
E. ip port-map http port 8888 list 1 |
A6: | Answer: E. Instead of globally enabling nonstandard ports throughout your organization, you can use an ACL to select exactly which devices use nonstandard ports. All the other answers are invalid commands. |
Question 7 | By default, how long does CBAC manage an idle DNS session? -
A. 2 seconds -
B. 5 seconds -
C. 15 seconds -
D. 30 seconds -
E. 45 seconds |
A7: | Answer: B. The DNS idle timeout is valid for DNS name lookup sessions inspected by CBAC. The default time for DNS management is 5 seconds. |