Network Security 1.

0 Modules Exams
Module 1

1 A security service company is conducting an audit in several risk areas within a major corporation. What
statement describes the risk of access to cloud storage devices?
the retrieval of confidential or personal information from a lost or stolen device that was not configured to
use encryption software
the unauthorized transfer of data containing valuable corporate information to a USB drive
sensitive data lost through access to the cloud that has been compromised due to weak security settings
intercepted emails that reveal confidential corporate or personal information

2 A security service company is conducting an audit in several risk areas within a major corporation. What
statement describes the risk of using social networking?
sensitive data lost through access to the cloud that has been compromised due to weak security settings
gaining illegal access to corporate data by stealing passwords or cracking weak passwords
data loss through access to personal or corporate instant messaging and social media sites
the retrieval of confidential or personal information from a lost or stolen device that was not configured to
use encryption software

3 A security service company is conducting an audit in several risk areas within a major corporation. What
statement describes an attack vector?
the potential of causing great damage because of direct access to the building and its infrastructure devices
the unauthorized transfer of data containing valuable corporate information to a USB drive
the path by which a threat actor can gain access to a server, host, or network
the retrieval of confidential or personal information from a lost or stolen device that was not configured to
use encryption software

4 A security service company is conducting an audit in several risk areas within a major corporation. What
statement describes the risk of access to removable media?
the potential of causing great damage because of direct access to the building and its infrastructure devices
intercepted emails that reveal confidential corporate or personal information
the unauthorized transfer of data containing valuable corporate information to a USB drive
data loss through access to personal or corporate instant messaging and social media sites

5 A security service company is conducting an audit in several risk areas within a major corporation. What
statement describes the risk of access to cloud storage devices?
intercepted emails that reveal confidential corporate or personal information
the retrieval of confidential or personal information from a lost or stolen device that was not configured to
use encryption software
sensitive data lost through access to the cloud that has been compromised due to weak security settings
the potential of causing great damage because of direct access to the building and its infrastructure devices
6 A security service company is conducting an audit in several risk areas within a major corporation. What
statement describes the risk of access to cloud storage devices?
gaining valuable information through the retrieval of discarded unshredded reports
the retrieval of confidential or personal information from a lost or stolen device that was not configured to
use encryption software
sensitive data lost through access to the cloud that has been compromised due to weak security settings
gaining illegal access to corporate data by stealing passwords or cracking weak passwords

7 A security service company is conducting an audit in several risk areas within a major corporation. What
statement describes an attack vector?
gaining valuable information through the retrieval of discarded unshredded reports
the unauthorized transfer of data containing valuable corporate information to a USB drive
the path by which a threat actor can gain access to a server, host, or network
the potential of causing great damage because of direct access to the building and its infrastructure devices

8 A security service company is conducting an audit in several risk areas within a major corporation. What
statement describes the risk of access to removable media?
sensitive data lost through access to the cloud that has been compromised due to weak security settings
the potential of causing great damage because of direct access to the building and its infrastructure devices
the unauthorized transfer of data containing valuable corporate information to a USB drive
data loss through access to personal or corporate instant messaging and social media sites

9 A security service company is conducting an audit in several risk areas within a major corporation. What
statement describes an internal threat?
the path by which a threat actor can gain access to a server, host, or network
intercepted emails that reveal confidential corporate or personal information
the potential of causing great damage because of direct access to the building and its infrastructure devices
gaining valuable information through the retrieval of discarded unshredded reports

10 A security service company is conducting an audit in several risk areas within a major corporation.
What statement describes the risk of access to cloud storage devices?
the unauthorized transfer of data containing valuable corporate information to a USB drive
the potential of causing great damage because of direct access to the building and its infrastructure devices
sensitive data lost through access to the cloud that has been compromised due to weak security settings
the path by which a threat actor can gain access to a server, host, or network

11 A security service company is conducting an audit in several risk areas within a major corporation.
What statement describes an attack vector?
data loss through access to personal or corporate instant messaging and social media sites
the unauthorized transfer of data containing valuable corporate information to a USB drive
the path by which a threat actor can gain access to a server, host, or network
intercepted emails that reveal confidential corporate or personal information

12 A security service company is conducting an audit in several risk areas within a major corporation.
What statement describes an attack vector?
gaining illegal access to corporate data by stealing passwords or cracking weak passwords
gaining valuable information through the retrieval of discarded unshredded reports
the path by which a threat actor can gain access to a server, host, or network
data loss through access to personal or corporate instant messaging and social media sites

13 A security service company is conducting an audit in several risk areas within a major corporation.
What statement describes an internal threat?
data loss through access to personal or corporate instant messaging and social media sites
the unauthorized transfer of data containing valuable corporate information to a USB drive
the potential of causing great damage because of direct access to the building and its infrastructure devices
gaining illegal access to corporate data by stealing passwords or cracking weak passwords

14 A security service company is conducting an audit in several risk areas within a major corporation.
What statement describes an attack vector?
the potential of causing great damage because of direct access to the building and its infrastructure devices
sensitive data lost through access to the cloud that has been compromised due to weak security settings
the path by which a threat actor can gain access to a server, host, or network
gaining illegal access to corporate data by stealing passwords or cracking weak passwords

15 A security service company is conducting an audit in several risk areas within a major corporation.
What statement describes the risk of access to cloud storage devices?
intercepted emails that reveal confidential corporate or personal information
gaining illegal access to corporate data by stealing passwords or cracking weak passwords
sensitive data lost through access to the cloud that has been compromised due to weak security settings
the retrieval of confidential or personal information from a lost or stolen device that was not configured to
use encryption software

16 Which condition describes the potential threat created by Instant On in a data center?
when the primary IPS appliance is malfunctioning
when the primary firewall in the data center crashes
when a VM that may have outdated security policies is brought online after a long period of inactivity
when an attacker hijacks a VM hypervisor and then launches attacks against other devices in the data
center

17 Which security feature or device would more likely be used within a CAN than a SOHO or data center?
ESA/WSA
wireless router
exit sensors
security trap
virtual security gateway

18 A company has several sales offices distributed within a city. Each sales office has a SOHO network.
What are two security features that are commonly found in such a network configuration? (Choose two.)
Cisco ASA firewall
port security on user facing ports
WPA2
biometric verifications
Virtual Security Gateway within Cisco Nexus switches

19 What are two data protection functions provided by MDM? (Choose two.)
quarantine
inoculation
PIN locking
physical security
remote wiping

Module 2

20 What is the motivation of a white hat attacker?

taking advantage of any vulnerability for illegal personal gain
fine tuning network devices to improve their performance and efficiency
studying operating systems of various platforms to develop a new system
discovering weaknesses of networks and systems to improve the security level of these systems

21 skipped

22 Which attack involves threat actors positioning themselves between a source and destination with the
intent of transparently monitoring, capturing, and controlling the communication?
DoS attack
ICMP attack
SYN flood attack
man-in-the-middle attack

23 A user is curious about how someone might know a computer has been infected with malware. What
are two common malware behaviors? (Choose two.)
The computer beeps once during the boot process.
The computer emits a hissing sound every time the pencil sharpener is used.
The computer gets increasingly slower to respond.
No sound emits when an audio CD is played.
The computer freezes and requires reboots.
24 What is the purpose of a reconnaissance attack on a computer network?
to steal data from the network servers
to redirect data traffic so that it can be monitored
to prevent users from accessing network resources
to gather information about the target network and system

25 What are two evasion methods used by hackers? (Choose two.)

encryption
phishing
access attack
resource exhaustion
scanning

Module 3

26 What is the purpose of mobile device management (MDM) software?

It is used to create a security policy.
It is used by threat actors to penetrate the system.
It is used to identify potential mobile device vulnerabilities.
It is used to implement security policies, setting, and software configurations on mobile devices.

27 Which security measure is best used to limit the success of a reconnaissance attack from within a
campus area network?
Implement access lists on the border router.
Implement encryption for sensitive traffic.
Implement a firewall at the edge of the network.
Implement restrictions on the use of ICMP echo-reply messages.

28 What functional area of the Cisco Network Foundation Protection framework is responsible for device-
generated packets required for network operation, such as ARP message exchanges and routing
advertisements?
control plane
management plane
data plane
forwarding plane

29 Which security implementation will provide management plane protection for a network device?
routing protocol authentication
access control lists
role-based access control
antispoofing
Module 4

30 Which two practices are associated with securing the features and performance of router operating
systems? (Choose two.)
Install a UPS.
Keep a secure copy of router operating system images.
Disable default router services that are not necessary.
Reduce the number of ports that can be used to access the router.
Configure the router with the maximum amount of memory possible.

31 Passwords can be used to restrict access to all or parts of the Cisco IOS. Select the modes and
interfaces that can be protected with passwords. (Choose three.)
VTY interface
console interface
Ethernet interface
boot IOS mode
privileged EXEC mode
router configuration mode

32 On which two interfaces or ports can security be improved by configuring executive timeouts?
(Choose two.)
Fast Ethernet interfaces
console ports
serial interfaces
vty ports
loopback interfaces

33 A network administrator enters the service password-encryption command into the configuration
mode of a router. What does this command accomplish?
This command encrypts passwords as they are transmitted across serial WAN links.
This command prevents someone from viewing the running configuration passwords.
This command enables a strong encryption algorithm for the enable secret password command.
This command automatically encrypts passwords in configuration files that are currently stored in NVRAM.
This command provides an exclusive encrypted password for external service personnel who are required
to do router maintenance.

34 Which command will block login attempts on RouterA for a period of 30 seconds if there are 2 failed
login attempts within 10 seconds?
RouterA(config)# login block-for 10 attempts 2 within 30
RouterA(config)# login block-for 30 attempts 2 within 10
RouterA(config)# login block-for 2 attempts 30 within 10
RouterA(config)# login block-for 30 attempts 10 within 2
35 An administrator defined a local user account with a secret password on router R1 for use with SSH.
Which three additional steps are required to configure R1 to accept only encrypted SSH connections?
(Choose three.)
Configure the IP domain name on the router.
Enable inbound vty Telnet sessions.
Generate crypto keys.
Configure DNS on the router.
Configure a host name other than "Router".
Generate two-way pre-shared keys.

Module 5

1 What IOS privilege levels are available to assign for custom user-level privileges?
levels 1 through 15
levels 0, 1, and 15
levels 2 through 14
levels 0 and 1

2 Which privilege level is predefined for the privileged EXEC mode?

level 0
level 1
level 15
level 16

3 An administrator needs to create a user account with custom access to most privileged EXEC
commands. Which privilege command is used to create this custom account?
privilege exec level 0
privilege exec level 1
privilege exec level 2
privilege exec level 15

4 Which command will move the show access-lists command to privilege level 14?
router(config)# privilege level 14 command show access-lists
router(config)# privilege exec level 14 show access-lists
router(config)# show access-lists privilege level 14
router(config)# set privilege level 14 show access-lists

5
Refer to the exhibit. Based on the output of the show running-config command, which type of view is
SUPPORT?
secret view, with a level 5 encrypted
password
root view, with a level 5 encrypted secret
password
superview, containing SHOWVIEW and
VERIFYVIEW views
CLI view, containing SHOWVIEW and VERIFYVIEW commands

6 What are three characteristics of superviews in the Cisco role-based CLI access feature? (Choose three.)
Commands cannot be configured for a superview.
A single CLI view can be shared within multiple superviews.
Deleting a superview does not delete the associated CLI views.
A user uses a superview to configure commands inside associated CLI views.
A user uses the command enable view superview-name to enter a superview.
Level 15 privilege access is used to configure a new superview.

7 A student is learning role-based CLI access and CLI view configurations. The student opens Packet Tracer
and adds a router. Which command should be used first for creating a CLI view named TECH-View?
Router# enable view
Router(config)# aaa new-model
Router# enable view TECH-view
Router(config)# parser view TECH-view

8 A student is learning about role-based views and role-based view configurations. The student enters the
Router(config)# parser view TECH-view command. What is the purpose of this command?
to create a CLI view named TECH-view
to enter the CLI view named TECH-view
to enter the superview named TECH-view
to check the current setup of the CLI view named TECH-view

9 Refer to the exhibit. A student uses the show parser view all command to see a summary of all views
configured on router R1. What is indicated by the
symbol * next to JR-ADMIN?

It is a root view.
It is a CLI view.
It is a superview.
It is a CLI view without a command configured.
Module 6

10 What is a requirement to use the Secure Copy Protocol feature?

The Telnet protocol has to be configured on the SCP server side.
A transfer can only originate from SCP clients that are routers.
At least one user with privilege level 1 has to be configured for local authentication.
A command must be issued to enable the SCP server side functionality.

11 What are two characteristics of the Cisco IOS Resilient Configuration feature? (Choose two.)
It is a universal feature that can be activated on all Cisco devices.
It minimizes the downtime of a device that has had the image and configuration deleted.
It sends a backup copy of the IOS image to a TFTP server.
It maintains a mirror image of the configuration file in RAM.
It saves a secure copy of the primary image and device configuration that cannot be removed by a user.

12 Which three items are prompted for a user response during interactive AutoSecure setup? (Choose
three.)
content of a security banner
interfaces to enable
enable secret password
enable password
IP addresses of interfaces
services to disable

13 A network engineer is implementing security on all company routers. Which two commands must be
issued to force authentication via the password 1A2b3C for all OSPF-enabled interfaces in the backbone
area of the company network? (Choose two.)
ip ospf message-digest-key 1 md5 1A2b3C
area 1 authentication message-digest
username OSPF password 1A2b3C
enable password 1A2b3C
area 0 authentication message-digest

14 Which syslog message type is accessible only to an administrator and only via the Cisco CLI?
errors
debugging
emergency
alerts

15 Refer to the exhibit. What information in the syslog message identifies the facility?
level 5
ADJCHG
OSPF
Loading Done

16 Refer to the exhibit. What two statements describe the NTP status of the router? (Choose two.)

The router is serving as an authoritative time source.

The router is serving as a time source for the device at 192.168.1.1.
The router is attached to a stratum 2 device.
The IP address of the time source for the router is 192.168.1.1.
The software clock for the router must be configured with the set clock command so that NTP will function
properly.

17 A network administrator is analyzing the features supported by the multiple versions of SNMP. What
are two features that are supported by SNMPv3 but not by SNMPv1 or SNMPv2c? (Choose two.)
bulk retrieval of MIB information
message source validation
community-based security
message encryption
SNMP trap mechanism

Module 7

18 Because of implemented security controls, a user can only access a server with FTP. Which AAA
component accomplishes this?
accessibility
accounting
auditing
authentication
authorization

19 Which AAA component can be established using token cards?

accounting
authorization
auditing
authentication
20 What is the biggest issue with local implementation of AAA?
Local implementation cannot provide secure authentication.
Local implementation supports only RADIUS servers.
Local implementation supports only TACACS+ servers.
Local implementation does not scale well.

21 What is the one major difference between local AAA authentication and using the login local
command when configuring device access authentication?
Local AAA authentication allows more than one user account to be configured, but login local does not.
The login local command uses local usernames and passwords stored on the router, but local AAA
authentication does not.
Local AAA authentication provides a way to configure backup methods of authentication, but login local
does not.
The login local command requires the administrator to manually configure the usernames and passwords,
but local AAA authentication does not.

22 Which authentication method stores usernames and passwords in the router and is ideal for small
networks?
local AAA
local AAA over RADIUS
local AAA over TACACS+
server-based AAA
server-based AAA over RADIUS
server-based AAA over TACACS+

23 A network administrator is configuring an AAA server to manage TACACS+ authentication. What are
two attributes of TACACS+ authentication? (Choose two.)
encryption for only the password of a user
encryption for all communication
separate processes for authentication and authorization
UDP port 1645
single process for authentication and authorization
TCP port 40

24 Which two UDP port numbers may be used for server-based AAA RADIUS authentication? (Choose
two.)
1645
1812
1646
1813
49
25 What are two characteristics of the RADIUS protocol? (Choose two.)
encryption of the entire body of the packet
the use of TCP port 49
the use of UDP ports for authentication and accounting
encryption of the password only
the separation of the authentication and authorization processes

26 Which task is necessary to encrypt the transfer of data between the ACS server and the AAA-enabled
router?
Specify the single-connection keyword.
Create a VPN tunnel between the server and the router.
Configure the key exactly the same way on the server and the router.
Use identical reserved ports on the server and the router.

27 What is the primary function of the aaa authorization command?

permit AAA server access to AAA client services
limit authenticated user access to AAA client services
permit authenticated user access to AAA client services
limit AAA server access to AAA client services

Module 8

1 What are two characteristics of ACLs? (Choose two.)

Extended ACLs can filter on destination TCP and UDP ports.
Standard ACLs can filter on source TCP and UDP ports.
Extended ACLs can filter on source and destination IP addresses.
Standard ACLs can filter on source and destination IP addresses.
Standard ACLs can filter on source and destination TCP and UDP ports.

2 Which three statements describe ACL processing of packets? (Choose three.)

An implicit deny any rejects any packet that does not match any ACE.
A packet can either be rejected or forwarded as directed by the ACE that is matched.
A packet that has been denied by one ACE can be permitted by a subsequent ACE.
A packet that does not match the conditions of any ACE will be forwarded by default.
Each statement is checked only until a match is detected or until the end of the ACE list.
Each packet is compared to the conditions of every ACE in the ACL before a forwarding decision is made.

3 A network administrator configures an ACL with the command R1(config)# access-list 1 permit
172.16.0.0 0.0.15.255 . Which two IP addresses will match this ACL statement? (Choose two.)
172.16.0.255
172.16.15.36
172.16.16.12
172.16.31.24
172.16.65.21

4 What single access list statement matches all of the following networks?
192.168.16.0
192.168.17.0
192.168.18.0
192.168.19.0
access-list 10 permit 192.168.16.0 0.0.3.255
access-list 10 permit 192.168.16.0 0.0.0.255
access-list 10 permit 192.168.16.0 0.0.15.255
access-list 10 permit 192.168.0.0 0.0.15.255

5 When creating an ACL, which keyword should be used to document and interpret the purpose of the
ACL statement on a Cisco device?
eq
established
remark
description

6 Which two characteristics are shared by both standard and extended ACLs? (Choose two.)
Both kinds of ACLs can filter based on protocol type.
Both can permit or deny specific services by port number.
Both include an implicit deny as a final statement.
Both filter packets for a specific destination host IP address.
Both can be created by using either a descriptive name or number.

7 Refer to the exhibit. What is the result of adding the established argument to the end of the ACE?

Any traffic is allowed to reach the 192.168.254.0 255.255.254.0 network.

Any IP traffic is allowed to reach the 192.168.254.0 255.255.254.0 network as long as it is in response to an
originated request.
192.168.254.0 /23 traffic is allowed to reach any network.
Any TCP traffic is allowed to reach the 192.168.254.0 255.255.254.0 network if it is in response to an
originated request.

8 Which two keywords can be used in an access control list to replace a wildcard mask or address and
wildcard mask pair? (Choose two.)
most
host
all
any
some
gt

9 Which two pieces of information are required when creating a standard access control list? (Choose
two.)
destination address and wildcard mask
source address and wildcard mask
subnet mask and wildcard mask
access list number between 100 and 199
access list number between 1 and 99

10 What two steps provide the quickest way to completely remove an ACL from a router? (Choose two.)
Use the no keyword and the sequence number of every ACE within the named ACL to be removed.
Use the no access-list command to remove the entire ACL.
Copy the ACL into a text editor, add no before each ACE, then copy the ACL back into the router.
Modify the number of the ACL so that it doesn't match the ACL associated with the interface.
Remove the inbound/outbound reference to the ACL from the interface.
Removal of the ACEs is the only step required.

11 If the provided ACEs are in the same ACL, which ACE should be listed first in the ACL according to best
practice?
permit ip any any
permit udp 172.16.0.0 0.0.255.255 host 172.16.1.5 eq snmptrap
permit tcp 172.16.0.0 0.0.3.255 any established
permit udp any any range 10000 20000
deny udp any host 172.16.1.5 eq snmptrap
deny tcp any any eq telnet

12 To facilitate the troubleshooting process, which inbound ICMP message should be permitted on an
outside interface?
echo request
echo reply
time-stamp request
time-stamp reply
router advertisement

13 Which two types of addresses should be denied inbound on a router interface that attaches to the
Internet? (Choose two.)
private IP addresses
public IP addresses
NAT translated IP addresses
any IP address that starts with the number 127
any IP address that starts with the number 1

14 In the creation of an IPv6 ACL, what is the purpose of the implicit final command entries, permit icmp
any any nd-na and permit icmp any any nd-ns ?
to allow IPv6 to MAC address resolution
to allow forwarding of IPv6 multicast packets
to allow automatic address configuration
to allow forwarding of ICMPv6 packets

15 What two statements describe characteristics of IPv6 access control lists? (Choose two.)
They can be named or numbered.
They are applied to an interface with the ip access-group command .
They use prefix lengths to indicate how much of an address to match.
They include two implicit permit statements by default.
They permit ICMPv6 router advertisements by default.

16 A security specialist designs an ACL to deny access to a web server from all sales staff. The sales staff
are assigned addressing from the IPv6 subnet 2001:db8:48:2c::/64. The web server is assigned the address
2001:db8:48:1c::50/64. Configuring the WebFilter ACL on the LAN interface for the sales staff will require
which three commands? (Choose three.)
permit tcp any host 2001:db8:48:1c::50 eq 80
deny tcp host 2001:db8:48:1c::50 any eq 80
deny tcp any host 2001:db8:48:1c::50 eq 80
permit ipv6 any any
deny ipv6 any any
ip access-group WebFilter in
ipv6 traffic-filter WebFilter in

17 The graphic displays the following text: R1# show running-config ipv6 access-list BLOCK-Remote-
Access Refer to the exhibit. A network administrator created an IPv6 ACL to block the Telnet traffic from
the 2001:DB8:CAFE:10::/64 network to the 2001:DB8:CAFE:30::/64 network. What is a command the
administrator could use to allow only a single host 2001:DB8:CAFE:10::A/64 to telnet to the
2001:DB8:CAFE:30::/64 network?
permit tcp 2001:DB8:CAFE:10::A/64 2001:DB8:CAFE:30::/64 eq 23
permit tcp 2001:DB8:CAFE:10::A/64 eq 23 2001:DB8:CAFE:30::/64
permit tcp host 2001:DB8:CAFE:10::A eq 23 2001:DB8:CAFE:30::/64
permit tcp host 2001:DB8:CAFE:10::A 2001:DB8:CAFE:30::/64 eq 23 sequence 5

Module 9

18 What is one benefit of using a stateful firewall instead of a proxy server?

prevention of Layer 7 attacks
better performance
ability to perform user authentication
ability to perform packet filtering

19 What is one limitation of a stateful firewall?

poor log information
weak user authentication
cannot filter unnecessary traffic
not as effective with UDP- or ICMP-based traffic

20 What are two characteristics of a stateful firewall? (Choose two.)

uses static packet filtering techniques
uses connection information maintained in a state table
analyzes traffic at Layers 3, 4 and 5 of the OSI model
uses complex ACLs which can be difficult to configure
prevents Layer 7 attacks

21 When implementing components into an enterprise network, what is the purpose of a firewall?
A firewall is a system that stores vast quantities of sensitive and business-critical information.
A firewall is a system that enforces an access control policy between internal corporate networks and
external networks.
A firewall is a system that inspects network traffic and makes forwarding decisions based solely on Layer 2
Ethernet MAC addresses.
A firewall is a system that is designed to secure, monitor, and manage mobile devices, including corporate-
owned devices and employee-owned devices.

22 What are two possible limitations of using a firewall in a network? (Choose two.)
It cannot sanitize protocol flows.
A misconfigured firewall can create a single point of failure.
Network performance can slow down.
It provides accessibility of applications and sensitive resources to external untrusted users.
It increases security management complexity by requiring off-loading network access control to the device.
23 Which type of firewall makes use of a proxy server to connect to remote servers on behalf of clients?
stateful firewall
stateless firewall
packet filtering firewall
application gateway firewall

24 What are two differences between stateful and stateless firewalls? (Choose two.)
A stateless firewall is able to filter sessions that use dynamic port negotiations while a stateful firewall
cannot.
A stateless firewall will examine each packet individually while a stateful firewall observes the state of a
connection.
A stateless firewall will provide more logging information than a stateful firewall.
A stateful firewall will prevent spoofing by determining whether packets belong to an existing connection
while a stateless firewall follows pre-configured rule sets.
A stateless firewall provides more stringent control over security than a stateful firewall.

25 Which statement describes a typical security policy for a DMZ firewall configuration?
Traffic that originates from the outside interface is permitted to traverse the firewall to the inside interface
with few or no restrictions.
Traffic that originates from the DMZ interface is selectively permitted to the outside interface.
Traffic that originates from the inside interface is generally blocked entirely or very selectively permitted to
the outside interface.
Return traffic from the outside that is associated with traffic originating from the inside is permitted to
traverse from the outside interface to the DMZ interface.
Return traffic from the inside that is associated with traffic originating from the outside is permitted to
traverse from the inside interface to the outside interface.

26 How does a firewall handle traffic when it is originating from the public network and traveling to the
private network?
Traffic that is originating from the public network is not inspected when traveling to the private network.
Traffic that is originating from the public network is usually blocked when traveling to the private network.
Traffic that is originating from the public network is usually permitted with little or no restrictions when
traveling to the private network.
Traffic that is originating from the public network is selectively permitted when traveling to the private
network.

27 When implementing a ZPF, what is the default security setting when forwarding traffic between two
interfaces in the same zone?
Traffic between interfaces in the same zone is selectively forwarded based on Layer 3 information.
Traffic between interfaces in the same zone is not subject to any policy and passes freely.
Traffic between interfaces in the same zone is blocked.
Traffic between interfaces in the same zone is selectively forwarded based on the default policy
restrictions.

Module 10

28 Which two statements describe the two configuration models for Cisco IOS firewalls? (Choose two.)
The IOS Classic Firewall and ZPF cannot be combined on a single interface.
ZPF must be enabled in the router configuration before enabling an IOS Classic Firewall.
IOS Classic Firewalls must be enabled in the router configuration before enabling ZPF.
IOS Classic Firewalls and ZPF models can be enabled on a router concurrently.
Both IOS Classic Firewall and ZPF models require ACLs to define traffic filtering policies.

29 Designing a ZPF requires several steps. Which step involves dictating the number of devices between
most-secure and least-secure zones and determining redundant devices?
determine the zones
establish policies between zones
design the physical infrastructure
identify subsets within zones and merge traffic requirements

30 When a Cisco IOS zone-based policy firewall is being configured, which three actions can be applied to
a traffic class? (Choose three.)
drop
inspect
pass
reroute
queue
shape

31 What is the result in the self zone if a router is the source or destination of traffic?
No traffic is permitted.
All traffic is permitted.
Only traffic that originates in the router is permitted.
Only traffic that is destined for the router is permitted.

32 Which two rules about interfaces are valid when implementing a Zone-Based Policy Firewall? (Choose
two.)
If neither interface is a zone member, then the action is to pass traffic.
If one interface is a zone member, but the other is not, all traffic will be passed.
If both interfaces belong to the same zone-pair and a policy exists, all traffic will be passed.
If both interfaces are members of the same zone, all traffic will be passed.
If one interface is a zone member and a zone-pair exists, all traffic will be passed.

33 When using Cisco IOS zone-based policy firewall, where is the inspection policy applied?
to a global service policy
to an interface
to a zone
to a zone pair

34 What is the first step in configuring a Cisco IOS zone-based policy firewall via the CLI?
Create zones.
Define traffic classes.
Define firewall policies.
Assign policy maps to zone pairs.
Assign router interfaces to zones.

35 Which statement describes Cisco IOS Zone-Based Policy Firewall operation?

The pass action works in only one direction.
A router interface can belong to multiple zones.
Service policies are applied in interface configuration mode.
Router management interfaces must be manually assigned to the self zone.