Important Info — Cisco 642-503 new study guide are designed to help you pass the exam in a short time.Everything you need can be found in the new version Cisco 642-503 exam dumps.Visit Flydumps.com to get more valid information.

QUESTION 72
Which of the following represents the behavior of the CBAC aggressive mode in a Cisco IOS firewall?
A. Delete all half-open session
B. Re-initiate half open session
C. Complete all half open sessions, make the full open session
D. Delete half-open session as needed to accommodate new connection requests
E. All of the above, based on configuration

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: A TCP SYN attack occurs when an attacking source host generates TCP SYN packets with random source addresses and sends them in rapid succession to a victim host. The victim destination host sends a SYN ACK back to the random source address and adds an entry to the connection queue. Since the SYN ACK is destined for an incorrect or nonexistent host, the acknowledgment is never completed and the entry remains in the connection queue until a timer expires. The connection queue fills up and legitimate users cannot use TCP services. However, with CBAC, TCP packets flow from the outside only in response to traffic sent from the inside. The attacking host can’t get its packets through, and the attack does not succeed. In addition, by inspecting inbound on the external interface (interface serial 0 in the example above), CBAC can account for half-open connections through the firewall and begin closing those half-open connections in an aggressive mode. The firewall will calm down once the number of half-open connections settles down to a user-defined value.
QUESTION 73
What OSI layers can CBAC filter on? Select all that apply.
A. Layer 4
B. Layer 3
C. Layer 2
D. Layer 7
E. Layer 5

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
Explanation:
Access lists can filter traffic based on layer 3 and layer 4 information, while CBAC can filter traffic based on
layer 3, 4, and 7 (application layer) information.

QUESTION 74
Router CK1 has been upgraded with the Cisco firewall IOS. Which of the following cannot be configured on a router unless the IOS Firewall feature set is installed? (Select all that apply)
A. PAM
B. Authentication Proxy
C. IDS
D. CBAC

Correct Answer: ABCD Section: (none) Explanation Explanation/Reference:
Explanation:
CBAC, PAM, IDS, Authentication Proxy are the four main components of the Cisco IOS Firewall and
cannot be configured until the IOS Firewall feature set is installed on the router. The following table
describes these features in more detail:

Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/ products_configuration_guide_chapter09186a00800 c
QUESTION 75
Router CK1 is being used to prevent Denial of Service attacks on the Certkiller network. Which three thresholds does CBAC on the Cisco IOS Firewall provide against DoS attacks? (Choose three)
A. The number of half-open sessions based upon time
B. The total number of half-open TCP or UDP sessions
C. The number of fully open sessions based upon time
D. The number of half-open TCP-only sessions per host
E. The total number of fully open TCP or UDP sessions
F. The number of fully open TCP-only sessions per host

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
Explanation: Enhanced denial-of-service detection and prevention defends networks against popular attack modes, such as SYN (synchronize/start) flooding, port scans, and packet injection, by inspecting packet sequence numbers in TCP connections. If numbers are not within expected ranges, the router drops suspicious packets. When the router detects unusually high rates of new connections, it issues an alert message, and subsequently drops half-open TCP connection state tables. This prevents system resource depletion. When the Cisco IOS Firewall detects a possible attack, it tracks user access by source or destination address and port pairs. It also details the transaction, creating an audit trail. The CBAC process can be configured to monitor these half opened sessions based on the total number within a given time frame, the total number at any given point, or the total number per any individual host. When the number of existing half-open sessions exceeds the max-incomplete high number, CBAC deletes half-open sessions as required to accommodate new connection requests. The software continues to delete half-open requests until the number of existing half-open sessions drops below max-incomplete low number.
Reference: http://www.cisco.com/en/US/products/sw/secursw/ps1018/prod_bulletin09186a008010e040.html
QUESTION 76
The Certkiller network is concerned about SPAM and wants to use IOS tools to prevent SPAM attacks. By default, how many message recipients must an email have for the IOS Firewall to consider it a spam attack?
A. 250
B. 500
C. 100
D. 25
E. 5000
F. 50000
G. None of the above

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: By default, the Cisco IOS Firewall will fire an alarm for a spam attack if an email contains 250 or more recipients. To specify the number of recipients in a mail message over which a spam attack is suspected, use the “ip audit smtp” global configuration command. To set the number of recipients to the default setting, use the no form of this command. ip audit smtp spam number-of-recipients Syntax Description

Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/ products_command_reference_chapter09186a00800 c
QUESTION 77
The security administrator at Certkiller is seeing a large number of half opened TCP sessions. What are half open TCP sessions?
A. Sessions that were denied.
B. Sessions that have not reached the established state.
C. Sessions where the three-way handshake has been completed.
D. Sessions where the firewall detected return traffic.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: An unusually high number of half-open sessions (either absolute or measured as the arrival rate) could indicate that a denial-of-service attack is occurring. For TCP, “half-open” means that the session has not
reached the established state. For UDP, “half-open” means that the firewall has detected traffic from one
direction only.
Reference:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/
products_command_reference_chapter09186a00800 d

QUESTION 78
What command configures the amount of time CBAC will wait for a TCP session to become established before dropping the connection in the state table?
A. ip inspect global syn-establish (seconds)
B. ip inspect tcp global syn-time (seconds)
C. ip inspect global tcp syn (seconds)
D. ip inspect tcp synwait-time (seconds)
E. None of the above

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Use the IOS Firewall global configuration mode command ip inspect tcp synwait-time (seconds) command
to set the CBAC timeout value for TCP session establishment. The default is 30 seconds.

QUESTION 79
You have been tasked with setting up a new router with CBAC. How do you configure the CBAC global UDP idle session timeout?
A. ip inspect udp-session-timeout (seconds)
B. ip inspect udp-idle (seconds)
C. ip inspect udp-timeout (seconds)
D. ip inspect udp idle-time (seconds)

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Determine the global UDP idle session state table timeout value with the ip inspect udp idle-time (seconds)
command. This global value (along with the global tcp idle timeout) can be overridden on a per-protocol
basis.

QUESTION 80
You have been tasked with setting up a new Certkiller router with CBAC. How do you set the threshold of half-open sessions CBAC will allow per minute before deleting them?
A. ip inspect one-minute incomplete (number)
B. ip inspect one-minute (number)
C. ip inspect one-minute high (number)
D. ip inspect one-minute high incomplete (number)
E. ip inspect max-incomplete minute high (number)

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The “ip inspect one-minute high (number)” command will set the number of new, half-open connections per minute CBAC will allow before deleting them. The default is 500 per minute.
QUESTION 81
You are setting up a new Certkiller router with CBAC. Which of the following commands will alter the CBAC DNS timeout timer to 10 seconds?
A. ip inspect dns-server-timeout 10
B. ip inspect dns-server-timer 10
C. ip inspect dns-timeout 10
D. ip inspect dns-timer 10

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
To configure the time CBAC will keep a DNS session open in the state table, use the global configuration
command ip inspect dns-timeout (seconds). The default is five seconds.

QUESTION 82
You are setting up a new Certkiller router with CBAC. If CBAC is configured to inspect telnet traffic on an interface, how should outbound telnet traffic be configured in any ACL’s?
A. Outbound telnet should be permitted in any acl’s
B. Outbound telnet should be denied in any acl’s
C. Telnet should not be referenced at all in the acl
D. Outbound telnet should be denied only if inbound telnet is allowed

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
With CBAC, the ACL’s need to allow the initial outbound traffic. If the traffic is not allowed outbound
access, CBAC will not have a chance to monitor and restrict the return session traffic.

QUESTION 83
CBAC has been configured on router CK1 to increase the security of the Certkiller network. CBAC intelligently filters TCP and UDP packets based on which protocol-session information?
A. Network layer
B. Transport layer
C. Data-link
D. Application layer
E. Presentation layer
F. Session layer
G. Physical layer

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: Context-based Access Control (CBAC) in Cisco IOS Firewall is an advanced traffic filtering technology that intelligently filters transmission control protocol (TCP) and user datagram protocol (UDP) packets to determine whether they contain malicious viruses or worms. CBAC can be configured to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network to be protected. Without CBAC, traffic filtering is limited to access list implementations that examine packets at the network layer or at the transport layer. CBAC examines not only these but also the application-layer protocol information to learn about the state of a TCP or UDP session.
QUESTION 84
John and Kathy are working on configuring the IOS firewall together. They are figuring out what CBAC uses for inspection rules to configure on a per-application protocol basis. Which one of these is the correct one?
A. ODBC filtering
B. Tunnel, transport models, or both
C. Alerts and audit trails
D. Stateful failover
E. None of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
CBAC also generates real-time alerts and audit trails. Enhanced audit trail features use SYSLOG to track
all network transactions. Real-time alerts send SYSLOG error messages to central management consoles
upon detecting suspicious activity. Using CBAC inspection rules, you can configure alerts and audit trail
information on a per-application protocol basis.
Reference:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/
products_configuration_guide_chapter09186a00800 c

QUESTION 85
You are the security administrator for Certkiller and you need to know what CBAC does on the Cisco IOS Firewall. Which one of these is the best answer?
A. Creates specific security policies for each user at Certkiller Inc.
B. Provides additional visibility at intranet, extranet, and Internet perimeters at Certkiller Inc.
C. Protects the network from internal attacks and threats at Certkiller Inc.
D. Provides secure, per-application access control across network perimeters at Certkiller Inc.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Context-based Access Control (CBAC) examines not only networklayer and transportlayer information, but
also examines the application-layer protocol information (such as FTP information) to learn about the state
of TCP and UDP connections. CBAC maintains connection state information for individual connections.
This state information is used to make intelligent decisions about whether packets should be permitted or
denied, and dynamically creates and deletes temporary openings in the firewall.
Reference:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/
products_configuration_guide_chapter09186a00800 d

QUESTION 86
By default, how many half-open sessions need to be in the state table before CBAC will begin to delete the half-open sessions?
A. 500
B. 250
C. 1000
D. 2000
E. 100
F. 50

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
By default, CBAC will begin to delete half-open sessions when there are 500 in the state table. It will keep
deleting half-open sessions until the minimum half-open sessions threshold is met (default is 400).

QUESTION 87
The authentication proxy feature has been configured on one of the Certkiller routers. What does authentication proxy on the Cisco IOS Firewall do?
A. Creates specific authorization policies for each user with Cisco Secure ACS, dynamic, per-user security and authorization
B. Provides additional visibility at intranet, extranet, and Internet perimeters
C. Creates specific security policies for each user with Cisco Secure ACS, dynamic, per-user authentication and authorization
D. Provides secure, per-application access control across network perimeters

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco IOS Firewall authentication proxy feature allows network administrators to apply specific security policies on a per-user basis. Previously, user identity and related authorized access was associated with a user’s IP address, or a single security policy had to be applied to an entire user group or sub network. Now, users can be identified and authorized on the basis of their per-user policy, and access privileges tailored on an individual basis are possible, as opposed to general policy applied across multiple users. With the authentication proxy feature, users can log in to the network or access the Internet via HTTP, and their specific access profiles are automatically retrieved and applied from a CiscoSecureACS, or other RADIUS, or TACACS+ authentication server. The user profiles are active only when there is active traffic from the authenticated users. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/ products_configuration_guide_chapter09186a00800 d
QUESTION 88
You have been tasked with configuring authentication proxy on one of the Certkiller routers. Which command is required to specify the authorization protocol for authentication proxy?
A. auth-proxy group tacacs+
B. aaa auth-proxy default group tacacs+
C. authorization auth-proxy default group tacacs+
D. aaa authorization auth-proxy default group tacacs+
E. aaa authorization auth-proxy group tacacs+
F. aaa authorization auth-proxy default group

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
To configure authentication proxy for accounting, begin by using the following commands in global
configuration mode:
Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/ products_feature_guide09186a0080080348.html
QUESTION 89
The Certkiller administrator is working on configuring the authentication proxy feature. Which of the following best describes the authentication proxy feature of the Cisco IOS?
A. Use a general policy applied across multiple Certkiller Inc. users
B. Use a single security policy that is applied to an entire user group or subnet at Certkiller Inc.
C. Apply specific security polices on a per-user basis at Certkiller Inc.
D. Keep the Certkiller Inc. user profiles active even where there is no active traffic from the authenticated users.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: The Cisco IOS Firewall authentication proxy feature allows network administrators to apply specific security policies on a per-user basis. Previously, user identity and related authorized access was associated with a user’s IP address, or a single security policy had to be applied to an entire user group or sub network. Now, users can be identified and authorized on the basis of their per-user policy, and access privileges tailored on an individual basis are possible, as opposed to general policy applied across multiple users. With the authentication proxy feature, users can log in to the network or access the Internet via HTTP, and their specific access profiles are automatically retrieved and applied from a CiscoSecureACS, or other RADIUS, or TACACS+ authentication server. The user profiles are active only when there is active traffic from the authenticated users. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/ products_configuration_guide_chapter09186a00800 d
Worried about Cisco 642-503 pass results? Adopt most reliable way of exam preparation that is Cisco 642-503 Questions & Answers with explanations to get reliable Cisco 642-503 pass result.Flydumps definitely guarantees it!

Previous post Cisco 350-080 Real Exam, Most Popular Cisco 350-080 Prep Guide With New Discount
Next post Cisco 642-457 Study Guide Book, The Most Effective Cisco 642-457 Brain Demos Is What You Need To Take