Network Security Ch. 9

¡Supera tus tareas y exámenes ahora con Quizwiz!

An administrator creates three zones (A,B, and C) in an ASA that filters traffic. Traffic originating from Zone A going to Zone C is denied, and traddic originating from Zone B going to Zone C is denied. What is a possible scenario for Zones, A, B, and C? (Exhibit)

A-DMZ, B-Outside, C-Inside

An administrator has configured an ASA 5505 as indicated but is still unable to ping the inside interface from an inside host. What is the cause of this problem (exhibit)

The no shutdown command should be entered on interface Ethernet 0/1

Which type of NAT would be used on an ASA where 10.0.1.0/24 inside addresses are to be translated only if traffic form these addresses is destined for the 198.133.219.0/24 network?

policy NAT

What is a characteristic of ASA security levels?

An ACL needs to be configured to explicitly permit traffic from an interface with a lower security level to an interface with a higher security level

A network administrator has configured NAT on an ASA device. What type of NAT is used? (exhibit)

Inside NAT

A network administrator is working on the implementation of the Cisco Modular Policy Framework on an ASA device. The administrator issues a clear service-policy command. What is the effect after this command is entered?

All service policy statistics data are removed

According to the command output, which three statements are true about the DHCP options entered on the ASA 5505? (exhibit)(three)

- The dhcpd address [start-of-pool]-[end-of-pool] inside command was issued to enable the DHCP server -The dhcpd auto-config outside command was issued to enable the DHCP client -The dhcpd enable inside command was issued to enable the DHCP server

What are two factory default configurations on an ASA 5505? (two)

-PAT is configured to allow internal hosts to access remote networks through an Ethernet interface -VLAN 1 is assigned a security level of 100

What are three characteristics of the ASA routed mode? (three)

-The interfaces of the ASA separate Layer 3 networks and require different IP addresses in different subnets -it is the traditional firewall deployment mode -NAT can be implemented between connected networks

Which two statements are true about ASA standard ACLs (two)

-They are typically only used for OSPF routes -They identify only the destination IP addresses

When dynamic NAT on an ASA is being configured, what two parameters must be specified by network objects? (two)

-a range of private addresses that will be translated -the pool of public global addresses

What must be configured on a Cisco ASA device to support local authentication?

AAA

What is needed to allow specific traffic that is sourced on the outside network of an ASA firewall to reach an internal network

ACL

What is a difference between ASA IPv4 ACLs and IOS IPv4 ACLs?

ASA ACLs use the subnet mask in defining a network, whereas IOS ACLs use the wildcard mask

Which statement describes a feature of AAA in an ASA device?

Accounting can be used alone

What command defines a DHCP pool that uses the maximum number of DHCP client addresses available on an ASA 5505 that is using the Base license?

CCNAS-ASA(config)# dhcpd address 192.168.1.25-192.168.1.56 inside

A network administrator is configuring the security level for the ASA. What is a best practice for assigning the security level on the three interfaces? (exhibit)

Outside 0, Inside 100, DMZ 50

A network administrator is configuring the security level for the ASA. Which statement describes the default result if the administrator tries to assign the inside interface with the same security level as the DMZ interface? (exhibit)

The ASA will not allow traffic in either direction between the inside interface and the DMZ

Two types of VLAN interfaces were configured on an ASA 5505 with a Base licence. The administrator wants to configure a third VLAN interface with limited functionality. Which action should be taken by the administrator to configure the third interface? (exhibit)

The administrator must enter the no forward interface vlan command before the nameif command on the third interface

Which statement describes a difference between the Cisco ASA IOS CLI feature and the router IOS CLI feature?

To use a show command in a general configuration mode, ASA can use the command directly whereas a router will need to enter the do command before issuing the show command

Based on the security levels of the interfaces on ASA1, what traffic will be allows on the interfaces? (exhibit)

Traffic from the LAN and DMZ can access the internet

What function is performed by the class maps configuration object in the Cisco modular policy framework?

identifying interesting traffic

What is one of the drawbacks to using transparent mode operation on an ASA device?

no support for QoS

What will be displayed in the output of the show running-config object command after the exhibited configuration commands are entered on an ASA 5505? (Exhibit)

range 192.168.1.10 192.168.1.20

A network administrator is configuring an object group on an ASA device. Which configuration keyword should be used after the object group name SERVICE1? (exhibit)

tcp

What is the purpose of the webtype ACLs in an ASA?

to filter traffic for clientless SSL VPN users


Conjuntos de estudio relacionados

Normal postpartum part2-70번부터새버전

View Set

Abeka 9th Grade Algebra 1 Test 1

View Set

Art Nouveau II: Scotland, Austria, and Germany.

View Set

Mastering Biology: A Tour of the Cell

View Set

Chapter 41: Management of Patients With Musculoskeletal Disorders 5

View Set