QUESTION 85 In the network above, which two methods enables a PC on the parinernet to connect to a server on DMZ1 and deny the Parinerent PC access to DMZ2 and the inside network?

(Choose two.)

A. Apply a static command and ACL to the partner net interface.

B. Apply a static command and ACL to the DMZ1 interface.

C. Apply a static command and ACL to the DMZ2 interface.

D. Raise the security level of the partner net interface to 70.

E. Raise the security level of the partner net interface to 55. Answer: Pending

QUESTION 86 Which statements about ACLs are true? Choose two.

A. By default, all access in an ACL is permitted.

B. Using the access-group command creates ACL entries.

C. For traffic moving form a lower security level interface to a higher security level interface, the destination host must have a statically mapped address.

D. For traffic moving from a higher security level interface to a lower security level interface, the source address argument of the ACL command is the translated address of the host or network.

E. For traffic moving from a lower security level interface to a higher security level interface, the source address argument of the ACL command is the translated address of the host or network.

F. For traffic moving form a lower security level interface to a higher security level interface, the destination address argument of the ACL command is the global IP address assigned in the static command. Answer: E, F

QUESTION 87 Which statements about SSH and the PIX Firewall are true? Choose three.

A. The PIX Firewall supports the SSH remote functionality as provided in SSH version.1.

B. You must upgrade you DES activation key to 3DES.

C. The PIX Firewall allows up to 5 SSH clients to simultaneously access its console.

D. You must generate an RSA key-pair for the PIX Firewall before SSH clients can connect to the PIX Firewall console.

E. You can use either an SSH version 1 or 2 client because the two versions are essentially the same and are entirely compatible.

F. The PIX Firewall does not support SSH remote functionality as provided in SSH version 1. Answer: A, C, D PIX FW Advanced, Cisco Press, p.594

QUESTION 88 What username and password establish an SSH connection to your PIX Firewall?

A. username pixfirewall, password aaapass

B. username pix, current enable password

C. username pixfirewall, password attack D. username pix, current Telnet password Answer: D PIX FW Advanced, Cisco Press, p. 596

QUESTION 89 Why are turbo ACLs most appropriate for high-end PIX Firewall models such as the PIX Firewall 525 and 535?

A. The are not supported in any of the low-end models, such as the 506.

B. Turbo ACLs require significant amounts of memory.

C. Turbo ACLs are processor-intensive.

D. Although turbo ACLs can improve ACL search time with any PIX Firewall model, they are complicate and rather difficult to configure. It is unlikely that environments using low-end models have personnel property trained to configure turbo ACLs. Answer: B PIX FW Advanced, Cisco Press, p. 251

QUESTION 90 Which statements about the PIX Firewall's DHCP capabilities are true? Choose two.

A. It can be a DHCP server.

B. It cannot be a DHCP client.

C. You must remove a configured domain name.

D. It can be a DHCP server and client simultaneously.

E. It cannot pass configuration parameters it receives from another DHCP server to its own DHCP clients.

F. The PIX Firewall's DHCP server can be configured to distribute the IP addresses of up to four DNS servers to its clients. Answer: A, D

Top of page	09 of 23

Search and Find Anything Here

Web	www.ciscohighway.com