You have configured a firewall f

第1题：

第2题：

Two routers configured to run BGP have been connected to a firewall， one on the inside interface and one on the outside interface. BGP has been configured so the two routers should peer， including the correct BGP session endpoint addresses and the correct BGP session hop-count limit （EBGP multihop）. What is a good first test to see if BGP will work across the firewall？（）

• A、Attempt to TELNET from the router connected to the inside of the firewall to the router connected to the outside of the firewall. If telnet works， BGP will work， since telnet and BGP both use TCP to transport data.
• B、Ping from the router connected to the inside interface of the firewall to the router connected to the outside interface of the firewall. If you can ping between them， BGP should work， since BGP uses IP to transport packets.
• C、There is no way to make BGP work across a firewall without special configuration， so there is no simple test that will show you if BGP will work or not， other than trying to start the peering session.
• D、There is no way to make BGP work across a firewall.

第3题：

第4题：

You have a server that runs windows server 2008. You need to prevent the server from establishing communication sessions to other computers by using TCP port 25. What should you do?（）

• A、From windows firewall, add an exception.
• B、From windows firewall enable the block all incoming connections option.
• C、From the windows firewall with advanced security snap-in, create an inbound rule.
• D、From the windows firewall with advanced security snap-in, create an outbound rule.

第5题：

You have a firewall filter applied in an inbound direction on a customer interface. You would like this filter to protect your network from a spoofed denial of service attack. Which action should be configured to accomplish your goal?（）

• A、then reject
• B、then discard
• C、then next filter
• D、then silent-drop

第6题：

You have a firewall filter containing two terms applied in an inbound direction on a customer interface.You would like this filter to protect your network from a spoofed denial of service attack. Which match criterion should be configured ito identify unwanted packets?（）

• A、from source-port
• B、from source-address
• C、from destination-address
• D、from destination-port

第7题：

You work as a network engineer for the company， you want to configure two BGP speakers to form an EBGP session across a firewall. On the engineer’s network， the firewall always permits TCP sessions that are initiated from the inside network （the network attached to the inside interface of the firewall）. What prerequisite is there for enabling BGP to run on this network？（）

• A、EBGP multihop will need to be configured for this to work.
• B、This should work with normal BGP peering， with no additional configuration on the BGP speakers or the firewall.
• C、The BGP protocol port must be opened on the firewall
• D、There is no way to make BGP work across a firewall.

第8题：

第9题：

You have a server that runs Windows Server 2008. You need to prevent the server from establishing communication sessions to other computers by using TCP port 25. What should you do（）

• A、 From Windows Firewall， add an exception
• B、 From windows Firewall enable the block all incoming connections option
• C、 From the Windows Firewall with Advanced Security snap-in， create an inbound rule
• D、 From the Windows Firewall with Advanced Security snap-in， create an outbound rule.

第10题：

Your company has a server that runs Windows Server 2008 R2. The server is configured as a remoteaccess server. The external firewall has TCP port 80 and TCP port 443 open for remoteconnections. You have a home computer that runs Windows 7. You need to establish secure remote accessconnection from the home computer to the remote access server.  Which type of connection should you configure? （）

• A、IPSEC
• B、L2TP
• C、PPTP
• D、SSTP