Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cisco CCNA Security (640-554) > Chapter 12 - Firewall Fundamentals > Flashcards

Chapter 12 - Firewall Fundamentals Flashcards

1
Q

What is a transparent firewall?

A

Transparent firewalls are implemented at Layer 2 (Data Link).

Basically there are two interfaces in the same VLAN and all traffic is forced in one interface and out the other. Traffic can be inspected, but there is no IP addres or layer 3 hop.

Even though it operates at layer 2, it still sees all layer 3 packets and can enforce layer 3 firewall rules, including permitting traffic, building a stateful database, and application inspection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What information does a stateful database contain? (in reference to stateful packet filtering)

A

The stateful database is on a firewall and contains information about source IP address, destination IP address, and ports tha are in use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does the NAT Inside Local address refer to?

A

Inside Local is the REAL IP address configured on an inside host.

For example 192.168.1.100 on an PC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the NAT Inside Global address refer to?

A

This is the address that the outside world see a “LAN” host on the private IP space coming from.

It’s the mapped address that the router is swapping out on behalf of the inside host.

example: 208.57.148.250 (assigned by an ISP and routable through the Internet)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does the NAT Outside Local address refer to?

A

Only really used when performing “Outside” NAT. This is the mapped address of the outside device as it would appear to inside hosts.

For example, it could be something like 192.168.1.254 (which is mapped to an outside host at 24.12.9.10)

NOTE: if outside NAT is not used, the the device’s normal address is used to reach it - 24.12.9.10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does the NAT Outside Global address refer to?

A

This is the REAL IP configured on an outside host.

example: 24.5.35.10

The public IP address of a server, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How is Static NAT used?

A

This is a one-to-one mapping of a private IP address to a single public IP:

192.168.1.100 to 205.214.51.16

Very rarely used, as it consumes one public IP for every inside host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Dynamic NAT?

A

Dynamic NAT involves having a pool of addresses and only mapping those global addresses to inside devices when those inside devices need to go out to the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Dynamic PAT?

A

PAT with Overload is most common. Where a single outside IP address is used for all inside hosts. A database is used to keep track of hosts making requests (via arbitrary source port) to allow return traffic back into the correct host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Policy NAT / PAT?

A

This is NAT based on a set of rules. Rules can be setup so that only specific source IP’s which are destined for specific destinations (or ports) are translated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Cisco CCNA Security (640-554) (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions