Exam Prep Questions

Previous page
Table of content
Next page

Question 1

Which of the following channels does CBAC inspect and monitor?

  • A. Application

  • B. Communication

  • C. Control

  • D. Data

  • E. Session

A1:

Answer: C. Application can use a control channel and a data channel. CBAC only monitors the data channel. CBAC inspects and monitors the control channel.

Question 2

CBAC must approximate which of the following protocols and applications?

  • A. SMTP

  • B. TCP

  • C. UDP

  • D. DNS

  • E. SIP

A2:

Answer: C. UDP is a connectionless protocol that must be approximated by CBAC. Unlike TCP, UDP does not use flags or sequence numbers .

Question 3

What table does CBAC use to create the dynamic ACLs?

  • A. Inspection table

  • B. Intersession state table

  • C. Intra-state table

  • D. State table

  • E. Session state table

A3:

Answer: D. The state table tracks information contained in the packets of a session. The only table that CBAC creates is the state table.

Question 4

By default, how long will CBAC manage an idle UDP session?

  • A. 5 seconds

  • B. 10 seconds

  • C. 30 seconds

  • D. 60 seconds

  • E. 1 hour

A4:

Answer: C. CBAC manages a session before deleting a state table entry after a specific length of inactivity. The default time for idle UDP session management is 30 seconds.

Question 5

How often does CBAC measure the rate of session establish when using the ip inspect one-minute command?

  • A. More frequently than once per minute

  • B. Less frequently than once per minute

  • C. Every 30 seconds

  • D. Once at the beginning of a 60 second cycle and once at the end of the cycle

  • E. Every minute

A5:

Answer: A. The router measures the ip inspect one-minute threshold more frequently than once per minute, contrary to the command's name . Therefore, all the other answers are incorrect because the measurement interval is more frequent than once per minute.

Question 6

What is the correct command to ensure that CBAC inspects HTTP traffic on port 8888 for the IP addresses specified by ACL 1?

  • A. ip port-map protocol http port 8888 list 1

  • B. ip port map http 8888 list 1

  • C. ip port map list 1 http port 8888

  • D. ip port-map list 1 http 8888

  • E. ip port-map http port 8888 list 1

A6:

Answer: E. Instead of globally enabling nonstandard ports throughout your organization, you can use an ACL to select exactly which devices use nonstandard ports. All the other answers are invalid commands.

Question 7

By default, how long does CBAC manage an idle DNS session?

  • A. 2 seconds

  • B. 5 seconds

  • C. 15 seconds

  • D. 30 seconds

  • E. 45 seconds

A7:

Answer: B. The DNS idle timeout is valid for DNS name lookup sessions inspected by CBAC. The default time for DNS management is 5 seconds.



Previous page
Table of content
Next page
CCSP SECUR Exam Cram 2
CCSP SECUR Exam Cram 2 (642-501)
ISBN: B000MU86IQ
EAN: N/A
Year: 2003
Pages: 291
Authors: Raman Sud
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
The Complete Cisco VPN Configuration Guide
C++ How to Program (5th Edition)
Special Edition Using Crystal Reports 10
Sap Bw: a Step By Step Guide for Bw 2.0
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy