From: Ibrahim, Mohammed (mibrahim@necunified.com)
Date: Tue Jul 25 2006 - 17:46:56 ART
Read the question twice to confirm. If they say dns client to server udp
53 is enough. They say allow communication to DNS server it can be both
for zone transfer (tcp 53) and udp 53
Regards,
Mohammed Ibrahim
CCIE # 16444 (Security)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Robert Yee
Sent: Thursday, July 20, 2006 10:19 PM
To: Nuno Ceitil; security@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: RE: Fine Print
If you need any clarification on a question during the lab, I think its
best to ask the proctor. However the question should not be open ended.
Tell him/her that, depending on how the question is read, you can
configure it A or B.
I had a few instances during my lab and the proctor was able to clarify
the reading of the question for me without any issues.
Also, I think sometimes candidates can read too much into a question.
Robert Yee, CCIE 11716
-----Original Message-----
From: Nuno Ceitil [mailto:nuno@sts.co.za]
Sent: Thursday, July 20, 2006 2:48 PM
To: security@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: Fine Print
Hi All,
FOR THE LAB AND ONLY THE LAB - General Feeling
ACL that needs to match DNS
only udp 53
or
udp and tcp 53
ACL to match PING
only icmp
or
icmp and udp/echo/echo-reply
ACL to match OSPF
only ospf host ip host ip
or
ospf host ip host ip + ospf host ip 224.0.0.x
Limit TCP intercept or CBAC sessions but only one set of high/low values
given - question implies setting global values
only set global values
or
set global values and one minute values
Thoughts and comments please.
Thanks
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART