| Question 1 | Why does passive mode FTP work with clients on the inside of the PIX firewall without the aid of the fixup protocol? -
A. ACLs have been manually created. -
B. The client initiates the command and data connections. -
C. The outside server initiates the command and data connections. -
D. The client initiates the command, and the server initiates the data. |
| A1: | Answer B is correct. When in passive FTP mode, the client initiates both the command and data connections, so the ASA allows traffic to pass as normal. Answer A is incorrect because ACLs do not need to be configured if fixup FTP is set. Answer C is incorrect because the server does not initiate connections in passive mode. Answer D is incorrect because the client initiates connections. |
| Question 2 | Which method does the PIX use to allow secure connections for multimedia applications such as CUseeME? -
A. It statically opens UDP ports. -
B. It dynamically opens and closes UDP ports. -
C. It creates ACL entries. -
D. It opens and closes static UDP ports. |
| A2: | Answer B is correct. Multimedia applications can be supported by using fixup functions. These fixups dynamically open and close the UDP ports needed for the application to work and provide the best possible secure connections. Answer A is incorrect because fixups open and close ports dynamically and not statically. Answer C is incorrect because ACLs are not needed. Answer D is incorrect because static ports are not needed. |
| Question 3 | What does the PIX firewall use WebSense for? -
A. To filter outside traffic coming into the PIX -
B. To control and monitor email traffic -
C. To monitor Internet traffic -
D. To control and monitor Internet traffic |
| A3: | Answer D is correct. WebSense, when integrated with the PIX firewall, allows you to control and monitor Internet traffic. Answer A is incorrect because WebSense is not intended for outside traffic coming in. Answer B is incorrect because its primary function is for Web sites and not email. Answer C is an incomplete answer because WebSense can monitor but it can also control traffic. So answer D is more correct. |
| Question 4 | Which command enables URL filtering? -
A. filter url -
B. filter-url -
C. enable filter-url -
D. enable url-filter |
| A4: | Answer A is correct. The command to enable URL filtering is filter url . Answers B, C, and D are incorrect because they are not valid commands. |
| Question 5 | Which command allows you to view URL filtering statistics? (Select all that apply.) -
A. show www -
B. show url-cache stats -
C. show perfmon -
D. show filter-url |
| A5: | Answers B and C are correct. The show url-cache stats command displays URL statistics, and the show perfmon command displays general statistics about the PIX firewall, including information about WebSense statistics. Answer A is incorrect because show www does not exist. Answer D is incorrect because the command is invalid. |
| Question 6 | The command fixup protocol rtsp is supported when using PAT. |
| A6: | Answer B is correct. RTSP is not supported using PAT, and only some RTSP applications are supported using NAT. Therefore, answer A is incorrect. |
| Question 7 | What is the maximum number of default routes allowed on the PIX firewall? |
| A7: | Answer A is correct. The PIX supports only a single default gateway. Therefore, answers B, C, and D are incorrect. |
| Question 8 | What does the fixup protocol command do? -
A. It is used to change a PIX firewall application protocol feature. -
B. It displays all the fixup protocol settings. -
C. It maps ports to interfaces. -
D. It identifies active fixup protocols. |
| A8: | Answer A is correct. The fixup protocol command enables, disables fixup protocols. These commands enable the PIX to work with certain protocols by dynamically opening ports or looking inside packets above layer 4. Answer B is incorrect because the show fixup command displays fixup protocol settings. Answer C is incorrect because no command maps a port to an interface. Answer D is incorrect because the show fixup command performs this function. |
| Question 9 | Which command will disable the default RTSP fixup protocol? |
| A9: | Answer B is correct. The no fixup protocol command disables fixup protocols. Several fixup protocols are enabled by default but can be turned off if they are causing problems. Answers A, C, and D are all invalid commands and are therefore incorrect. |
| Question 10 | How do you specify a WebSense server? |
| A10: | Answer D is correct. The command to configure a WebSense server is url-server <IP_address> . Answer A is incorrect because it renames the PIX prompt to 192.168.8.31. Answers B and C are not valid commands and are therefore incorrect. |
| Question 11 | Which statement is true about the PIX firewall? (Select all that apply.) -
A. The PIX can be a DHCP client. -
B. The PIX cannot be a DHCP client. -
C. The PIX can be a DHCP server. -
D. The PIX cannot be a DHCP server. -
E. The PIX cannot be a DHCP server and client at the same time. -
F. The PIX can be a DHCP server and DHCP client at the same time. -
G. The PIX DHCP server hands out a maximum of two DNS server addresses. -
H. The PIX DHCP server hands out a maximum of one DNS server address. |
| A11: | Answers A, C, F, and G are correct. The PIX firewall can be a DHCP server and client, and it can be both at the same time. The PIX dhcpd dns command supports two DNS addresses. Therefore, answers B, D, E, and H are incorrect. |
| Question 12 | Why is H.323 more complicated to track than other protocols? -
A. It does not use port numbers . -
B. It is complicated to configure. -
C. It uses more than one TCP port. -
D. The bandwidth is too high. |
| A12: | Answer C is correct. The H.323 protocol requires several ports to function correctly, whereas other protocols need only a single port. Answer A is incorrect because H.323 does use port numbers. Answer B is incorrect because, on the PIX, you only need to enable the fixup protocol h323 command for H.323 to function correctly. Answer D is incorrect because the H.323 might need a lot of bandwidth at times but doesn't cause tracking problems. Therefore, answers A, B, and D are incorrect. |
| Question 13 | Which command helps to configure PPPoE on the PIX? (Select three.) -
A. vpdn group -
B. ip address pppoe -
C. vpdn pppoe group -
D. vpdn pppoe -
E. vpdn username -
F. pppoe interface |
| A13: | Answers A, B, and E are correct. To configure the PIX as a PPPoE client, the vpdn group , ip address pppoe , and vpdn username commands are needed. Answers C, D, and F are invalid commands and are therefore incorrect. |
| Question 14 | Which VoIP protocol does the PIX support? (Select four.) -
A. SCCP -
B. FastVoIP -
C. H.323 -
D. VoIPv2 -
E. Skinny -
F. SIP |
| A14: | Answers A, C, E, and F are correct. The PIX supports Skinny Client Control Protocol (SCCP), H.323, Skinny, and SIP. Answers B and D do not exist as VoIP protocols and are therefore incorrect. |
| Question 15 | Which statement is true about the PIX firewall and multimedia applications? (Select two.) -
A. Multimedia is supported on PAT and NAT. -
B. Multimedia is supported only on PAT. -
C. Multimedia is supported only on NAT. -
D. It dynamically opens and closes ports. -
E. You need to statically open ports. |
| A15: | Answers A and D are correct. The PIX firewall dynamically opens and closes ports to provide secure traffic control. The PIX also can support both PAT and NAT for most multimedia applications. Therefore, answers B, C, and E are incorrect. |
