| Author |
CSPFA 3.0 Exam Resource
|
|
| doccheatem 2003-05-15, 3:27 am |
| Came across this posting on the Alt.Certification.Cisco newsgroup and I thought it may be of interest.
Regards,
----- Original Message -----
From: "Atif Sajid" <atif.sajid@verizon.net>
Newsgroups: alt.certification.cisco
Sent: Wednesday, May 14, 2003 12:14 PM
Subject: CSPFA 3.0 exam questions
Hello group,
I passed the subject exam today and want to share my experience in case if it helps anyone.
To my surprise, it contained questions on FWSM for 6500. So be ready ....
I want to make sure that the ONLY advantage of putting a "deny any any" at
the end of an access-list is to log the intrusion attempts. Isn't it ????
I made some very good notes for this exam because of no test book available.
If anyone needs it please email me at atif.sajid@verizon.net and I will be
happy to share.
Regards.
Atif | |
| tawrit 2003-05-27, 11:29 pm |
| Is it something to get the statistics in the show access-list command we use 'deny' statement in the access-list knowing that there is an implicit deny at the end of each access-list? Please put your comments.
Tawrit | |
| expat_iain 2003-05-30, 3:35 pm |
| Quite so. Adding 'deny any any log' at the end of an ACL is to be able to check failed connections. | |
| tawrit 2003-05-30, 4:32 pm |
| thanks for your comment. Do I need the log keyword at the end of the deny statement or show access-list will show it in any way regardless of the log keyword.
Tawrit | |
| expat_iain 2003-05-31, 4:12 pm |
| The log command will log to the buffer or syslog for you to check exceptions. If you place a 'log' at the end of any ACL entry, it will trigger a message. | |
| darthfeces 2003-06-01, 12:18 am |
| yes
as he said you have to place a log
keyword at the end of any access-list statement that you'd like to collect info about
you can also use
ip accounting access-violations
on an interface |
|
|
|