Chapter 5. Firewall Deployment in Transparent Mode Flashcards
1.Which of the following statements is true about a bridge group?
A. It represents a unique Layer 2 network.
B. A threat defense supports multiple bridge groups at the same time.
C. Hosts from different bridge groups cannot communicate with each other without a router.
D. All of these answers are correct.
D. All of these answers are correct.
2.Which of the following statements is true about deployment?
A. Transparent mode allows you to configure the connected interfaces as the default gateway for end users.
B. Switching between transparent mode and routed mode requires a restart.
C. You can use the management center to configure a threat defense from routed mode to transparent mode.
D. Changing a firewall from routed to transparent mode erases any existing configuration.
D. Changing a firewall to transparent deployment mode erases any existing configuration.
3.What is the supported way to enable transparent firewall mode on a threat defense?
A. Using the Devices > Device Management page of the management center GUI
B. Reimaging the threat defense software with the transparent parameter enabled
C. Issuing the configure firewall transparent command in the threat defense CLI
D. Running the configure transparent firewall command on the threat defense CLI, followed by a system reboot
C. Issuing theconfigure firewall transparentcommand in the threat defense CLI.
4.Which of the following statements is true about an IP address?
A. You should use the IP address of a BVI as the default gateway for the hosts in a bridged network.
B. The IP address of a BVI should be on a different subnet than any hosts in the bridge group.
C. The BVI’s IP address is used as the source IP address for packets that originate from a threat defense.
D. All physical interfaces on a threat defense require an IP address.
C. The BVI’s IP address is used as the source IP address for packets that originate from a threat defense.
5.Which of the following statements is true when you select the Access Control: Block All Traffic policy as the default action?
A. It overrides any “allow” access control rules deployed on a threat defense.
B. It blocks the traffic when the threat defense detects an intrusion attempt.
C. This policy is equivalent to the deny tcp any any access control rule.
D. It blocks the traffic as soon as malware is found in the network.
C. The Access Control: Block All Traffic policy is equivalent to the deny tcp any any access control rule.
6.Which of the following commands displays the access control rule entries?
A. show access-list
B. show access-control-rule
C. show access-control
D. show access-list-config
A. Theshow access-listcommand displays the access control rule entries.
7.Which of the following functionalities is supported in integrated routing and bridging (IRB)?
A. Switching between interfaces and subinterfaces.
B. Routing between bridge groups.
C. Routing between a bridge group and a routed interface.
D. All of these answers are correct.
D. All of these answers are correct. IRB enables switching between interfaces and subinterfaces. It also supports routing between bridge groups and between a bridge group and a routed interface.
