int fa 0/12
switchport mode access
switchport port-security
switchport port-security maximum 2
switchport port-security violation shutdown
end
wr
need to login into enable mode and type the following commands
# show port-security interface fa 0/12
switchport port-security maximum 2
switchport port-security violation shutdown
end
wr
need to login into enable mode and type the following commands
# show port-security interface fa 0/12
------------------------------------------
- 60 Q and 120 mins (pass limit was 804)
- drag&drop questions (10-12)
- ONE very easy LAB: you need to setup swithcport port-security. That's all.
- TWO simlets with few subquestions: both based on SDM
- drag&drop questions (10-12)
- ONE very easy LAB: you need to setup swithcport port-security. That's all.
- TWO simlets with few subquestions: both based on SDM
------------------------------------------
1) Firewall simulation (qn:59 of p4s 4.38) It is asked which two options correctly identify associated interface with correct security zone?
Answer given: Fa 0/1 associated with "out-zone" zone & Fa 0/0 associated with "in-zone" zone
Here from the given screenshots on that question we ar able to find out the ip add of the interface through which we ar configuring SDM ie 10.30.30.2 and that belongs to Fa 0/0 .we can assume that the interface through which we configure SDM should belong to the in-zone . Then we can conclude that Fa 0/0 is associated with in-zone. But SDM can be configured through any interface in-zone or out-zone, then how could this answer be correct ? or Is their any other way to find the interfaces associated with security zone?
2) Firewall simulation (qn:60 of p4s 4.38) it is asked which statement is correct regarding the "sdm-permit" policy map?
Answer given : Traffic matching "SDM_CA_SERVER" traffic class will be dropped.
The action tab shown against class-Map : SDM_CA_SERVER is "Permit Firewall " not drop then how could we conclude that "Traffic matching SDM_CA_SERVER traffic class will be dropped" ?
3) Firewall simulation (qn:63 of p4s 4.38) which policy is associated to "sdm-zp-in-out" security zone pair?
Answer given: sdm-permit
Zone pair's || Source zone || Destination zone || Policy Name
...............................................................................................................
sdm-zp-in-out || in- Zone || Out-Zone || sdm-inspect
sdm-zp-out-self || out-zone || self || sdm-permit
Then how could we say that sdm-zp-in-out security zone pair is associated with sdm-permit policy?
4) Firewall simulation (qn:68 of p4s 4.38) within the "sdm-inspect" policy map, what is the action assigned to the traffic class "sdm-invalid-src" , and which traffic is matched by the traffic class " sdm-invalid-src" ?
Answer: Traffic matched by ACL 105 & Traffic matched by the nested "sdm-cls-insp-traffic" class map
Traffic classification
.....................................................................................................................
ID | source | Destination | service | Action
sdm-inspect(in-zone to out-zone)
2 | any | any | sdm-cls-insp-traffic | Permit Firewall
Another screen shot : Additional Tasks >> Inspection
Inspect class Maps
...........................................
class Map Name | | Used By
sdm-invalid-src sdm-inspect
From the above two screen shot It is understood that the second ans given by p4s ie "Traffic matched by the nested sdm-cls-insp-traffic class map" is correct ,but how could we find the ACL matched to the traffic class sdm-invalid-src?
5) VPN simulation (qn:66 of p4s 4.38)
The Ipsec tunnel to the SAC remote campus terminates at which IP address,& what is the protected subnet behind the SAC remote campus router ?
Answer: 192.168.8.58 & 10.8.75.0/24
crypto maps in this ipsec policy
Name | seqNo | Peers | Transform Set | IPSecRule
..........................................................................................
SDM_CMAP_1 3 192.168.8.58 ESP-3DES-SHA2 177
Here if the peer indicate the terminating ip address (192.168.8.58) ,how could we find the protected subnet?
No comments:
Post a Comment