Network Security 2 (Version 2.

0)
Module 8
1
Which is the only way to remove a security context on a PIX Security Appliance?
**Edit the system configuration.
Disconnect all failover devices.
Rename the security context on the active device.
Disable multiple mode.

2
Which security context can an administrator log into to access system execution space and all other contexts?
**admin
system
privileged
management

3
Which statement is true regarding storage of the system configuration when a Cisco PIX Security Appliance is configured
with multiple contexts?
**The system configuration is stored in Flash memory.
The system configuration is stored in NVRAM.
The system configuration cannot be stored in the same location as context configurations.
The system configuration, as well as all context configurations, can be stored in Flash memory and in a TFTP server.

4
A configuration change has been made on a Cisco PIX Security Appliance to prevent ARP spoofing of the DNS and mail
servers. Which two commands will help determine if the configuration change is working correctly? (Choose two.)
debug mac-table
**debug arp-inspection
debug arp static
debug arp all
**debug mac-address-table

5
Which command can be used to determine whether a Cisco PIX Security Appliance is in routed mode or in transparent
mode?
pixfirewall(config)# show xlate
pixfirewall(config)# firewall transparent
pixfirewall(config)# no firewall transparent
**pixfirewall(config)# show firewall

6
A user initiates a Telnet connection to a Cisco PIX Security Appliance. What is the default time that
a session can be idle before being disconnected?
1 minute
**5 minutes
15 minutes
The connection remains open until the user logs off.

7
A network administrator has entered the no service password-recovery command on the Cisco Adaptive Security
Appliance. What password recovery steps must be completed if the password is lost or forgotten?
**Load a new image and a backup configuration file.
Change the configuration register to 0x41 and reset the passwords.
Load the password recovery image and a backup configuration file.
Change the configuration register to 0x1 and reset the passwords.

8
When converting a Cisco PIX Security Appliance from multiple mode back to single mode, which file must be copied to
the current startup configuration?
**old_running.cfg
old_startup.cfg
admin.cfg
admin_single.cfg

9
Which remote management technique provides the highest degree of security when managing the Cisco PIX Security
Appliance?
Dial in to the serial console port on the PIX Security Appliance.
Telnet to the PIX Security Appliance from the inside trusted network.
Telnet to the PIX Security Appliance using an IPSec connection.
**Secure Shell (SSH) to the PIX Security Appliance.

10
Refer to the tests shown in the graphic. When using failover with a Cisco PIX Security Appliance, a
series of tests will run to determine which security appliance has failed. If a failure occurs in the
active PIX Security Appliance, and it is not because of a loss of power in the standby PIX Security
Appliance, in which order will the tests be performed?

A, B, C, D
B, A, D, C
**C, D, A, B
D, C, B, A

11
The SecureISP company has two Cisco PIX Security Appliances that are used for fault tolerance.
Unit A is configured as active and Unit B as standby. Which command can be used on Unit B to
force Unit B to become the active firewall?

pixfirewall# failover reset

**pixfirewall# failover active
pixfirewall# no failover standby
pixfirewall# enable failover active

12
What is the procedure to upgrade a Cisco PIX Security Appliance from a restricted to an
unrestricted license after verifying the hardware meets the minimum requirement?

Copy the acckey.bin file into Flash from a TFTP server.

Back up the contents of Flash, replace the restricted Flash card with an unrestricted Flashcard, and restore the contents.
**Type the new activation key in hexadecimal into the CLI.
A PIX Security Appliance must be rebooted once to activate a new image and change the activation key.

13
What is the default privilege level when entering enable mode without specifying a privilege level on a Cisco PIX Security
Appliance?
0
1
7
**15
16
14
Which command displays the current list of IP addresses authorized to access a Cisco PIX Security Appliance, and also
displays the number of minutes that a telnet session can remain idle before being closed by the PIX?

pixfirewall# who
pixfirewall# show telnet
pixfirewall# show names
**pixfirewall# show running-config telnet

15
Which command is used to enable the multiple security context mode in the PIX Security Appliance?
**pixfirewall# mode multiple
pixfirewall# enable multiple
pixfirewall# context multiple
pixfirewall# security-context multiple

16
How are special hello packets sent from one Cisco PIX Security Appliance to another?
through the failover cable only
through the inside interface only
**through all interfaces and the failover cable
through the inside interface and the failover cable

17
When configuring a pair of Cisco PIX Security Appliances for active/standby failover using a serial cable, what is the last
step in the process?

Connect the failover cable between the primary PIX Security Appliance and the secondary PIX Security Appliance.
Configure the failover command on the primary PIX Security Appliance.
**Power on the secondary PIX Security Appliance.
Save the configuration to flash memory and reload the primary PIX Security Appliance.

18
Which command is used to create a directory called backup in the flash memory of a Cisco PIX Security Appliance?

pixfirewall# cd flash:backup
**pixfirewall# mkdir flash:backup
pixfirewall# mkdir flash\backup
pixfirewall# cd flash\backup

19
What is the maximum number of interfaces that can be used for each security context, on a Cisco PIX Security
Appliance?
**two
three
four
unlimited

20
In addition to the normal failover requirements, what else is required for an active/active failover configuration?
**the use of contexts
a UR license on both PIX Security Appliances
an additional dedicated LAN port on both PIX Security Appliances
a dedicated switch, hub, or VLAN dedicated to failover