1. What is one benefit of using a next-generation firewall rather than a stateful firewall?
- reactive protection against Internet threats
- support of TCP-based packet filtering
- support of logging
- integrated use of an intrusion prevention system (IPS)
2. Which three layers of the OSI model include information that is commonly inspected by a stateful firewall? (Choose three.)
- Layer 1
- Layer 7
- Layer 3
- Layer 4
- Layer 5
- Layer 2
3. Which statement is a characteristic of a packet filtering firewall?
- They filter fragmented packets.
- They have a high impact on network performance.
- They are susceptible to IP spoofing.
- They examine each packet in the context of the state of a connection.
4. Which type of firewall is supported by most routers and is the easiest to implement?
- packet filtering firewall
- next generation firewall
- stateful firewall
- application gateway firewall
5. Which type of traffic is usually blocked when implementing a demilitarized zone?
- traffic that is returning from the public network and traveling to the DMZ network
- traffic originating from the private network and traveling to the DMZ network
- traffic originating from the DMZ network and traveling to the private network
- traffic that is returning from the DMZ network and traveling to the private network
6. What are two characteristics of an application gateway firewall? (Choose two.)
- Provides an integrated intrusion prevention and detection feature.
- Performs most filtering and firewall control in software.
- Uses a simple policy table look-up to filter traffic based on Layer 3 and Layer 4 information.
- Analyzes traffic at Layers 3, 4, 5 and 7 of the OSI model.
- Uses connection information maintained in a state table and analyzes traffic at OSI Layers 3, 4, and 5.
7. Which type of firewall generally has a low impact on network performance?
- next generation firewall
- application gateway firewall
- stateful firewall
- stateless firewall
8. Which type of firewall is commonly part of a router firewall and allows or blocks traffic based on Layer 3 or 4 information?
- next generation firewall
- stateful firewall
- packet filtering firewall
- proxy firewall
9. How does a firewall handle traffic that is originating from the DMZ network and traveling to a private network?
- Traffic is usually blocked when it is originating from the DMZ network and traveling to a private network.
- Traffic is usually not filtered using firewall rules when it is originating from the DMZ network and traveling to a private network.
- Traffic is usually allowed when it is originating from the DMZ network and traveling to a private network.
- Traffic is allowed when it is originating from the private network, but the response traffic from the DMZ network will be blocked.
10. Which two protocols are stateless and do not generate connection information needed to build a state table? (Choose two.)
- TCP
- HTTP
- UDP
- FTP
- ICMP
11. What are two benefits of implementing a firewall in a network? (Choose two.)
- A firewall will inspect network traffic and forward traffic based solely on the Layer 2 Ethernet MAC address.
- A firewall will sanitize protocol flow.
- A firewall will prevent unauthorized traffic from being tunneled or hidden as legitimate traffic through an enteprise network.
- A firewall will provide accessibility of applications and sensitive resources to external untrusted users.
- A firewall will reduce security management complexity.
12. When implementing a ZPF, which statement describes a zone?
- A zone is a group of hardened computers known as bastion hosts.
- A zone is a group of one or more devices that provide backup and disaster recovery mechanisms.
- A zone is a group of administrative devices that protect against rogue access point installations.
- A zone is a group of one or more interfaces that have similar functions or features.