Net Auth Study: Chapters 8-10

Ace your homework & exams now with Quizwiz!

What two features must match between ASA devices to implement a failover configuration? (Choose two.)?

- RAM - device model

What are the two examples of minimum configurations that are required on an ASA 5505 before ASDM can be used? (Choose two.)

- a logical VLAN interface and an Ethernet port other than 0/0 - a dedicated Layer 3 management interface

What are the two major components of a security awareness program? (Choose two.)

- awareness campaign - training and education

Which three security features do ASA models 5505 and 5510 support by default? (Choose three.)

- intrusion prevention system - stateful firewall - VPN concentrator

What are the two methods that can be used to start the Cisco ASDM? (Choose two.)

- run Cisco ASDM as a local application - run Cisco ASDM as a Java Web Start application

What are three characteristics of ASA transparent mode? (Choose three.)

- this mode does not support VPNs, QoS, or DHCP Relay - this mode is referred to as a "bump in the wire." - in this mode the ASA is invisible to an attacker

What is the most trustworthy security level that can be configured on an ASA device interface?

100

Which IPsec framework protocol provides data integrity and data authentication, but does not provide data confidentiality?

AH

What is the default group policy name on an ASA 5505 device?

DfltGrpPolicy

Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?

GRE

Which are the five security associations to configure in ISAKMP policy configuration mode?

Hash, Authentication, Group, Lifetime, Encryption

During which part of establishing an IPsec VPN tunnel between two sites would NAT-T detection occur?

IKE Phase 1

What takes place during IKE Phase 2 when establishing an IPsec VPN?

IPsec security associations are exchanged

Which statement describes the operation of the IKE protocol?

It calculates shared keys based on the exchange of a series of data packets

What is one benefit of using ASDM to configure a Cisco ASA?

It is easier to use

Which Cisco secure access solution can be used to determine if hosts are compliant with security policies?

Network Admission Control Appliance

What protocol is used by SCP for secure transport?

SSH

Where is an IP address configured on an ASA 5505 device?

SVI interface

This mode is referred to as a "bump in the wire." In this mode the ASA is invisible to an attacker.

Startup Wizard

When testing the tunnel to verify a site-to-site VPN connection between an ISR and an ASA, why does an initial ping fail, but subsequent pings succeed?

The ASA�and ISR must negotiate the tunnel parameters

Which method is used to identify interesting traffic needed to create an IKE phase 1 tunnel?

a permit access list entry

Which statement is true about ASA CLI and IOS CLI commands?

both CLIs recognize the Tab key to complete a partial command

The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks?

confidentiality

What is the first step in establishing an IPsec VPN?

detection of interesting traffic

Where is the Cisco AnyConnect client image found on the Cisco ASA?

flash

Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit?

integrity

What is the purpose of configuring an IP address on an ASA device in transparent mode?

management

Which object or object group is required to implement NAT on an ASA 5505 device?

network object

Which solution allows workers to telecommute effectively and securely?

remote-access VPN

What is a benefit of having users or remote employees use a VPN to connect to the existing network rather than growing the network infrastructure?

scalability

By default, which type of certificate is used by an ASA 5505 for client authentication?

self-assigned

Which VPN implementation allows traffic that originates from a remote-access client to be separated into trusted VPN traffic and untrusted traffic destined for the public Internet?

split tunneling

When ASDM is used to configure the ASA for a site-to-site VPN, which address is entered in the Peer Device Identification window?

the IP address of the peer

What is defined by an ISAKMP policy?

the security associations that IPsec peers are willing to use

When the CLI is used to configure an ISR for a site-to-site VPN connection, what is the purpose of the�crypto map�command in interface configuration mode?

to bind the interface to the ISAKMP policy


Related study sets

CH55 management of urinary disorders

View Set

The other wes moore- Final study Guide

View Set

9D: The impact on cities is plain to see

View Set