Section 8.0: Network Attacks (13 Points)

Question 8.1: Web server attack (3 points)

Question:	Can I use any technique other than MPF to complete this task?
Answer:	Yes. However, the question says not to use a network address translation (static) command where you could set the embryonic (half-open) connections limit. The only other option left on the firewall is to use the MPF feature on the ASA1/c1 context.
Question:	Can I configure multiple class-maps and/or policy-maps to complete this task?
Answer:	Yes. Because the question does not restrict this, you can configure any number of these as long as you fulfill the criteria.
Question:	What naming convention should I use for the class-map and policy-map configuration?
Answer:	Because the question does not restrict or mention anything about this, you can use any naming convention convenient to you.
Question:	Is the ACL allowed to match within the class-map?
Answer:	The question clearly says not to use an ACL in any fashion to complete this task. You need to use the match port command in the class-map to classify the HTTP (TCP/80) traffic.
Question:	What number should I use to set the maximum number of embryonic (half-open) connections?
Answer:	Because the question does not mention anything about this, you can set the embryonic (half-open) connections limit to any number. 100 is used in this example.

Question 8.2: Preventing unauthorized connections (3 points)

Question:	Is the ACL allowed to match in the class-map and be used in the service-policy?
Answer:	Yes. You can use the ACL to match virus traffic on TCP port 4444 from any source to any destination.
Question:	What naming convention should I use when configuring the route-map and ACL configuration?
Answer:	Because the question does not restrict or mention anything about this, you can use any naming convention convenient to you.
Question:	Do I need to apply the policy to global mode?
Answer:	No. The question clearly says to apply the solution to the R3 GigabitEthernet0/0 interface.