网友您好, 请在下方输入框内输入要搜索的题目:
题目内容
(请给出正确答案)
Which three statements accurately describe IOS Firewall configurations?()
- A、The IP inspection rule can be applied in the inbound direction on the secured interface
- B、The IP inspection rule can be applied in the outbound direction on the unsecured interface
- C、The ACL applied in the inbound direction on the unsecured interface should be an extendedACL.
- D、For temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for thereturning traffic must be a standard ACL
参考答案
更多 “Which three statements accurately describe IOS Firewall configurations?()A、The IP inspection rule can be applied in the inbound direction on the secured interfaceB、The IP inspection rule can be applied in the outbound direction on the unsecured interfaceC、The ACL applied in the inbound direction on the unsecured interface should be an extendedACL.D、For temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for thereturning traffic must be a standard ACL” 相关考题
考题
You have a firewall filter applied in an inbound direction on a customer interface. You would like this filter to protect your network from a spoofed denial of service attack. Which action should be configured to accomplish your goal?()A. then rejectB. then discardC. then next filterD. then silent-drop
考题
A firewall filter is applied as an input filter on a transit interface. What three types of traffic will this affect? ()
A. inbound traffic transiting the routerB. outbound traffic transiting the routerC. traffic destined to the Routing EngineD. traffic destined to the interface address on which the filter is applied
考题
With which three tasks does the IPS Policies Wizard help you? ()A、Selecting the interface to which the IPS rule will be appliedB、Selecting the Signature Definition File (SDF) that the router will useC、Selecting the direction of traffic that will be inspectedD、Selecting the inspection policy that will be applied to the interface
考题
Which statement about access lists that are applied to an interface is true?()A、you can apply multiple access lists with the same protocol or in different direction.B、you can config one access list,per direction,per layer 3 protocolC、you can place as many access lists as you want on any interfaceD、you can apply only one access list on any interface
考题
Which of the following is not an essential prerequisite for AutoQoS to be correctly applied to aninterface? (Choose all that apply.)()A、The interface must be configured as a Multilink PPP interfaceB、The correct bandwidth should be configured on the interfaceC、A QoS policy must not be currently attached to the interfaceD、CEF must be enabledE、AutoQoS must be enabled globally before it can be enabled on the interfaceF、An IP address must be configured on the interface if its speed is equal to or less than 768 kbps
考题
Which of these statements accurately identifies how Unicast Reverse Path Forwarding can be employed to prevent the use of malformed or forged IP sources addresses?()A、It is applied only on the input interface of a router.B、It is applied only on the output interface of a router.C、It can be configured either on the input or output interface of a router.D、It cannot be configured on a router interface.E、It is configured under any routing protocol process.
考题
By default, which two statements are true about export routing policies?()A、Export policies can evaluate only active routesB、Export policies can evaluate all routesC、Export policies can be applied to the forwarding tableD、Export policies can be applied directly to interfaces
考题
Which statement best describes configuring access control lists to control Telnet traffic destined to therouter itself?()A、The ACL applied to the vty lines has no in or out option like ACL being applied to an interface.B、The ACL is applied to the Telnet port with the ip access-group command.C、The ACL must be applied to each vty line individually.D、The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting to an unsecured port.
考题
Which three statements about IOS Firewall configurations are true?()A、The IP inspection rule can be applied in the inbound direction on the secured interface.B、The IP inspection rule can be applied in the outbound direction on the unsecured interface.C、The ACL applied in the outbound direction on the unsecured interface should be an extended ACL.D、The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.E、For temporary openings to be created dynamically by Cisco IOS Firewall,the access-list for thereturning traffic must be a standard ACL.F、For temporary openings to be created dynamically by Cisco IOS Firewall,the IP inspection rule must be applied to the secured interface.
考题
Which of these is true regarding the configuration and application of port access control lists? ()A、PACLs can be applied in the inbound or outbound direction of a Layer 2 physical interface. B、At Layer 2, a MAC address PACL will take precedence over any existing Layer 3 PACL.C、When you apply a port ACL to a trunk port, the ACL filters traffic on all VLANs present on the trunk port.D、PACLs are not supported on EtherChannel interfaces.
考题
Which of these is mandatory when configuring Cisco IOS Firewall? ()A、Cisco IOS IPS enabled on the untrusted interfaceB、NBAR enabled to perform protocol discovery and deep packet inspectionC、a route map to define the trusted outgoing trafficD、a route map to define the application inspection rulesE、an inbound extended ACL applied to the untrusted interface
考题
Refer to Cisco IOS Zone-Based Policy Firewall, where will the inspection policy be applied?()A、to the zone-pairB、to the zoneC、to the interfaceD、to the global service policy
考题
Which three statements are true about Cisco IOS Firewall?()A、It can be configured to block Java traffic.B、It can be configured to detect and prevent SYN-flooding denial-of-service (DoS) network attacks.C、It can only examine network layer and transport layer information.D、It can only examine transport layer and application layer information.E、The inspection rules can be used to set timeout values for specified protocols.F、The ip inspect cbac-name command must be configured in global configuration mode.
考题
When configuring IOS firewall (CBAC) operations on Cisco routers, the "inspection rule" could be applied at which two locations? ()A、 at the untrusted interfacein the inbound directionB、 atthe untrusted interface in theoutbounddirectionC、 at thetrusted interface inthe inbound directionD、 at the trusted interface in the outbound directionE、 at the trusted and untrusted interfaces in the inbound directionF、 at the trusted and untrusted interfaces in the outbounddirection
考题
What is true about access control on bridged and routed VLAN traffic?()A、Router ACLs can be applied to the input and output directions of a VLAN interfaceB、Bridged ACLs can be applied to the input and output directions of a VLAN interfaceC、Only router ACLs can be applied to a VLAN interfaceD、VLAN maps and router ACLs can be used in combinationE、VLAN maps can be applied to a VLAN interfac
考题
You have a firewall filter applied in an inbound direction on a customer interface. You would like this filter to protect your network from a spoofed denial of service attack. Which action should be configured to accomplish your goal?()A、then rejectB、then discardC、then next filterD、then silent-drop
考题
You have a firewall filter containing two terms applied in an inbound direction on a customer interface. You would like this filter to protect your network from a spoofed denial of service attack. What match criterion should be used in the first term of the filter?()A、Source TCP portB、Source IP addressC、Destination TCP portD、Destination IP address
考题
By default, which two statements are true about export routing polices?()A、Export polices can evaluate only active routesB、Export polices can evaluate all routesC、Export polices can be applied to the forwarding tableD、Export polices can be applied to interfaces
考题
A firewall filter is applied as an input filter on a transit interface. What three types of traffic will this affect? ()A、inbound traffic transiting the routerB、outbound traffic transiting the routerC、traffic destined to the Routing EngineD、traffic destined to the interface address on which the filter is applied
考题
多选题Which three statements are true about Cisco IOS Firewall?()AIt can be configured to block Java traffic.BIt can be configured to detect and prevent SYN-flooding denial-of-service (DoS) network attacks.CIt can only examine network layer and transport layer information.DIt can only examine transport layer and application layer information.EThe inspection rules can be used to set timeout values for specified protocols.FThe ip inspect cbac-name command must be configured in global configuration mode.
考题
单选题Which of these statements accurately identifies how Unicast Reverse Path Forwarding can be employed to prevent the use of malformed or forged IP sources addresses?()A
It is applied only on the input interface of a router.B
It is applied only on the output interface of a router.C
It can be configured either on the input or output interface of a router.D
It cannot be configured on a router interface.E
It is configured under any routing protocol process.
考题
单选题Refer to Cisco IOS Zone-Based Policy Firewall, where will the inspection policy be applied?()A
to the zone-pairB
to the zoneC
to the interfaceD
to the global service policy
考题
单选题Which statement best describes configuring access control lists to control Telnet traffic destined to therouter itself?()A
The ACL applied to the vty lines has no in or out option like ACL being applied to an interface.B
The ACL is applied to the Telnet port with the ip access-group command.C
The ACL must be applied to each vty line individually.D
The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting to an unsecured port.
考题
多选题When configuring IOS firewall (CBAC) operations on Cisco routers, the "inspection rule" could be applied at which two locations? ()Aat the untrusted interfacein the inbound directionBatthe untrusted interface in theoutbounddirectionCat thetrusted interface inthe inbound directionDat the trusted interface in the outbound directionEat the trusted and untrusted interfaces in the inbound directionFat the trusted and untrusted interfaces in the outbounddirection
考题
单选题Which of these is mandatory when configuring Cisco IOS Firewall? ()A
Cisco IOS IPS enabled on the untrusted interfaceB
NBAR enabled to perform protocol discovery and deep packet inspectionC
a route map to define the trusted outgoing trafficD
a route map to define the application inspection rulesE
an inbound extended ACL applied to the untrusted interface
考题
多选题Which three statements accurately describe IOS Firewall configurations?()AThe IP inspection rule can be applied in the inbound direction on the secured interfaceBThe IP inspection rule can be applied in the outbound direction on the unsecured interfaceCThe ACL applied in the inbound direction on the unsecured interface should be an extendedACL.DFor temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for thereturning traffic must be a standard ACL
考题
多选题Which three statements about IOS Firewall configurations are true?()AThe IP inspection rule can be applied in the inbound direction on the secured interface.BThe IP inspection rule can be applied in the outbound direction on the unsecured interface.CThe ACL applied in the outbound direction on the unsecured interface should be an extended ACL.DThe ACL applied in the inbound direction on the unsecured interface should be an extended ACL.EFor temporary openings to be created dynamically by Cisco IOS Firewall,the access-list for thereturning traffic must be a standard ACL.FFor temporary openings to be created dynamically by Cisco IOS Firewall,the IP inspection rule must be applied to the secured interface.
热门标签
最新试卷
