CCNA Security Practice Exam: 10 Questions On The IOS Firewall Set

Earning your CCNA Security certification is a tremendous boost to your career and your career prospects! To help you prepare for total success on exam day, here are 10 complimentary questions on the IOS Firewall set. Answers are at the end of the article. Enjoy!

1. Define the term “DMZ” as it pertains to network security, and name three different common network devices that are typically found there.

2. Identify the true statements.

A. Stateless packet filtering considers the TCP connection state.

B. Stateful packet filtering considers the TCP connection state.

C. Neither stateless nor stateful packet filtering monitor the TCP connection state.

D. Both stateless and stateful packet filtering monitor the TCP connection state, and keep a state table containing that information.

3. Does the Cisco IOS Firewall feature set act as a stateful or stateless packet filter?

4. Which of the following are considered parts of the IOS Firewall feature set?

A. IOS Firewall

B. Intrusion Prevention System

C. RADIUS

D. Authentication Proxy

E. Password Encryption

5. Identify the true statements regarding the Authentication Proxy.

A. It’s part of the IOS Firewall Feature Set.

B. It allows creation of per-user security profiles, rather than more general profiles.

C. It allows creation of general security profiles, but not per-user profiles.

D. Profiles can be stored locally, but not remotely.

https://bollyflixin.com/
https://thabet.sh/
https://www.homifax.com/
https://aeliyamarine.net/
https://lappypro.com/
https://ku19.sh/
https://sunwin8.pro/
https://videocontent.es/
https://www.globalsynturf.com/

E. Profiles can be stored on a RADIUS server.

F. Profiles can be stored on a TACACS+ server.

6. Configuring ACLs is an important part of working with the IOS Firewall. What wildcard masks are replaced in ACLs by the words host and any?

7. What does the dollar sign in the following ACL line indicate?

R1(config)#$ 150 deny ip 172.50.50.0 0.0.0.255 172.50.100.0 0.0.0.255

8. Basically, how does an IOS Firewall prevent a TCP SYN attack?

9. What does the term “punch a hole in the firewall” refer to? (Logically, that is, not physically.)

10. What exactly does the router-traffic option in the following configuration do?

R4(config)#ip inspect name PASSCCNASECURITY tcp router-traffic

R4(config)#ip inspect name PASSCCNASECURITY udp router-traffic

R4(config)#ip inspect name PASSCCNASECURITY icmp router-traffic