Exam- CCSA Test Questions with Complete Solutions
Security Management Server Correct-Manages g/w's, pushes policies to g/w's, monitors
security events, logs, correlates, & provides info to admins. Stores packages/licences in
repositories.
AS Correct-Anti-Spoofing
Anti-spoofing Correct-Technique used by g/w's that verifies source IP of packet is in the
topology of the destination interface.
EX: Packets from internal network are validated to make sure they are for internal network
interface.
Stealth Rule Correct-Prevents users from connecting to g/w directly.
Should be placed above all rules UNLESS connections need to be made directly to g/w's for
functionality.
Cleanup Rule Correct-Recommended to determine how to handle connections not
matched by rules above.
Logs connections that would otherwise be dropped without logging by default.
, Exam- CCSA Test Questions with Complete Solutions
Necessary for traffic logging.
Last explicit rule in rule base order.
Explicit Rules Correct-Manually created rules by admin.
Located between 1st rule and before last rule in rule base order.
Implied Rules Correct-Cannot be modified. Generated in rule base as part of Global
Properties. Applied before all other rules in rule base order.
Control Connection Types Correct-Defined by Implied Rules
1. G/W specific traffic
2. IKE & RDP for communication & encryption
3. Communication with various types of servers:
RADIUS, CVP, UFP, TACACS, LDAP
How many types of implied rules are enforced by SMS Correct-2
, Exam- CCSA Test Questions with Complete Solutions
Before Last Implied Rule Correct-More specific implied rules enforced before last rule in
rule base order.
Last Explicit Rule Correct-a.k.a clean up rule. Last rule written by admins in rule base order.
Last Implied Rule Correct-Applied after all other explicit & implied rules in rule base order.
Except for the Implicit cleanup rule.
Implicit Cleanup Rule Correct-Rule applied by default if no other rule is matched.
Setting that is defined in the global properties for all policies
What happens if clean up rule is the last explicit rule? Correct-The last implied rule and the
implied cleanup rule are not applied.
3 mechanisms for controlling network traffic Correct-1. Packet Filtering
2. Stateful Inspection
3. Application Layer F/W's
, Exam- CCSA Test Questions with Complete Solutions
Security Policy Correct-Collection of objects, settings, & rules that:
1. Control network traffic
2. Enforce org. guidelines for data protection
3. Access to resources w/ packet inspection
State Tables Correct-Key component of
Inspection Technology.
Maintains info needed to inspect packets.
EX. New packet contents is compared to _____ ______ which will determine if traffic is
permitted or denied.
Inspect Engine Correct-Installed on g/w.
Extracts state related info. from packets & stores in state tables.
Packet Filtering Correct-Most basic form of F/W.
Pros:App independent
Security Management Server Correct-Manages g/w's, pushes policies to g/w's, monitors
security events, logs, correlates, & provides info to admins. Stores packages/licences in
repositories.
AS Correct-Anti-Spoofing
Anti-spoofing Correct-Technique used by g/w's that verifies source IP of packet is in the
topology of the destination interface.
EX: Packets from internal network are validated to make sure they are for internal network
interface.
Stealth Rule Correct-Prevents users from connecting to g/w directly.
Should be placed above all rules UNLESS connections need to be made directly to g/w's for
functionality.
Cleanup Rule Correct-Recommended to determine how to handle connections not
matched by rules above.
Logs connections that would otherwise be dropped without logging by default.
, Exam- CCSA Test Questions with Complete Solutions
Necessary for traffic logging.
Last explicit rule in rule base order.
Explicit Rules Correct-Manually created rules by admin.
Located between 1st rule and before last rule in rule base order.
Implied Rules Correct-Cannot be modified. Generated in rule base as part of Global
Properties. Applied before all other rules in rule base order.
Control Connection Types Correct-Defined by Implied Rules
1. G/W specific traffic
2. IKE & RDP for communication & encryption
3. Communication with various types of servers:
RADIUS, CVP, UFP, TACACS, LDAP
How many types of implied rules are enforced by SMS Correct-2
, Exam- CCSA Test Questions with Complete Solutions
Before Last Implied Rule Correct-More specific implied rules enforced before last rule in
rule base order.
Last Explicit Rule Correct-a.k.a clean up rule. Last rule written by admins in rule base order.
Last Implied Rule Correct-Applied after all other explicit & implied rules in rule base order.
Except for the Implicit cleanup rule.
Implicit Cleanup Rule Correct-Rule applied by default if no other rule is matched.
Setting that is defined in the global properties for all policies
What happens if clean up rule is the last explicit rule? Correct-The last implied rule and the
implied cleanup rule are not applied.
3 mechanisms for controlling network traffic Correct-1. Packet Filtering
2. Stateful Inspection
3. Application Layer F/W's
, Exam- CCSA Test Questions with Complete Solutions
Security Policy Correct-Collection of objects, settings, & rules that:
1. Control network traffic
2. Enforce org. guidelines for data protection
3. Access to resources w/ packet inspection
State Tables Correct-Key component of
Inspection Technology.
Maintains info needed to inspect packets.
EX. New packet contents is compared to _____ ______ which will determine if traffic is
permitted or denied.
Inspect Engine Correct-Installed on g/w.
Extracts state related info. from packets & stores in state tables.
Packet Filtering Correct-Most basic form of F/W.
Pros:App independent
