Refer to Cisco IOS Zone-Based Policy Firewall， where will th

第1题：

If XYZ LTD needs to upgrade the Cisco IOS Software of a Cisco Router, Where is the best place to download the upgrade image file from?（）

• A、The best option is to download it from the Cisco TAC website
• B、The best option is to download it from the Cisco.Com Software support site
• C、The best option is to download it form the Cisco Advanced Services website
• D、The best option is to download it from the TFTP site on Cisco.com

第2题：

Which statement best describes Cisco IOS Zone-Based Policy Firewall？（）

• A、A router interface can belong to multiple zones.
• B、Policy maps are used to classify traffic into different traffic classes， and class maps are used to assignaction to the traffic classes.
• C、The pass action works in only one direction
• D、A zone-pair is bidirectional because it specifies traffic flowing among the interfaces within the zone-pair in both directions.

第3题：

第4题：

What are three features of the Cisco IOS Firewall feature set？（）

• A、network-based application recognition （NBAR）
• B、authentication proxy
• C、stateful packet filtering
• D、AAA services
• E、proxy server
• F、IPS

第5题：

What is a requirement to enable Cisco IOS IPS with 5.x signature？（）

• A、disable Zone-Based Firewall as the two features are not compatible
• B、disable Cisco Express Forwarding as the two features are not compatible
• C、generate a certificate and export on Cisco.com to receive a signature update
• D、import the public RSA key from the Cisco IPS team that allows the router to verify that a signatureupdate （which was signed by this key） comes from Cisco

第6题：

Examine the following items， which one offers a variety of security solutions， including firewall， IPS， VPN，antispyware， antivirus， and antiphishing features？（）

• A、Cisco IOS router
• B、Cisco PIX 500 series security appliance
• C、Cisco 4200 series IPS appliance
• D、Cisco ASA 5500 series security appliance

第7题：

Which Cisco product is a software component that blocks unwanted connections and provides other gateway security functions for small business?（）

• A、Cisco Firewall Services Module (FWSM)
• B、Cisco Secure Access Control Server (ACS)
• C、Cisco Private Internet Exchange (PIX) Firewall
• D、Cisco Internetwork Operating System (IOS) Firewall

第8题：

What is the purpose of an explicit "deny any" statement at the end of an ACL？（）

• A、none，since it is implicit
• B、to enable Cisco IOS IPS to work properly；however，it is the deny all traffic entry that is actually required
• C、to enable Cisco IOS Firewall to work properly；however，it is the deny all traffic entry that is actually required
• D、to allow the log option to be used to log any matches
• E、to prevent sync flood attacks
• F、to prevent half-opened TCP connections

第9题：

What are two security features of the Cisco Secure Router 500 Series？ （）

• A、Cisco Intrusion Prevention System
• B、Cisco IOS Software Firewall
• C、Cisco IOS Easy VPN
• D、Cisco Unified Wireless Networking
• E、Cisco ASA Hardware Firewall

第10题：

Which three statements about IOS Firewall configurations are true？（）

• A、The IP inspection rule can be applied in the inbound direction on the secured interface.
• B、The IP inspection rule can be applied in the outbound direction on the unsecured interface.
• C、The ACL applied in the outbound direction on the unsecured interface should be an extended ACL.
• D、The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.
• E、For temporary openings to be created dynamically by Cisco IOS Firewall，the access-list for thereturning traffic must be a standard ACL.
• F、For temporary openings to be created dynamically by Cisco IOS Firewall，the IP inspection rule must be applied to the secured interface.