Net Auth Study: Chapters 8-10
What two features must match between ASA devices to implement a failover configuration? (Choose two.)?
- RAM - device model
What are the two examples of minimum configurations that are required on an ASA 5505 before ASDM can be used? (Choose two.)
- a logical VLAN interface and an Ethernet port other than 0/0 - a dedicated Layer 3 management interface
What are the two major components of a security awareness program? (Choose two.)
- awareness campaign - training and education
Which three security features do ASA models 5505 and 5510 support by default? (Choose three.)
- intrusion prevention system - stateful firewall - VPN concentrator
What are the two methods that can be used to start the Cisco ASDM? (Choose two.)
- run Cisco ASDM as a local application - run Cisco ASDM as a Java Web Start application
What are three characteristics of ASA transparent mode? (Choose three.)
- this mode does not support VPNs, QoS, or DHCP Relay - this mode is referred to as a "bump in the wire." - in this mode the ASA is invisible to an attacker
What is the most trustworthy security level that can be configured on an ASA device interface?
100
Which IPsec framework protocol provides data integrity and data authentication, but does not provide data confidentiality?
AH
What is the default group policy name on an ASA 5505 device?
DfltGrpPolicy
Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?
GRE
Which are the five security associations to configure in ISAKMP policy configuration mode?
Hash, Authentication, Group, Lifetime, Encryption
During which part of establishing an IPsec VPN tunnel between two sites would NAT-T detection occur?
IKE Phase 1
What takes place during IKE Phase 2 when establishing an IPsec VPN?
IPsec security associations are exchanged
Which statement describes the operation of the IKE protocol?
It calculates shared keys based on the exchange of a series of data packets
What is one benefit of using ASDM to configure a Cisco ASA?
It is easier to use
Which Cisco secure access solution can be used to determine if hosts are compliant with security policies?
Network Admission Control Appliance
What protocol is used by SCP for secure transport?
SSH
Where is an IP address configured on an ASA 5505 device?
SVI interface
This mode is referred to as a "bump in the wire." In this mode the ASA is invisible to an attacker.
Startup Wizard
When testing the tunnel to verify a site-to-site VPN connection between an ISR and an ASA, why does an initial ping fail, but subsequent pings succeed?
The ASA�and ISR must negotiate the tunnel parameters
Which method is used to identify interesting traffic needed to create an IKE phase 1 tunnel?
a permit access list entry
Which statement is true about ASA CLI and IOS CLI commands?
both CLIs recognize the Tab key to complete a partial command
The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks?
confidentiality
What is the first step in establishing an IPsec VPN?
detection of interesting traffic
Where is the Cisco AnyConnect client image found on the Cisco ASA?
flash
Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit?
integrity
What is the purpose of configuring an IP address on an ASA device in transparent mode?
management
Which object or object group is required to implement NAT on an ASA 5505 device?
network object
Which solution allows workers to telecommute effectively and securely?
remote-access VPN
What is a benefit of having users or remote employees use a VPN to connect to the existing network rather than growing the network infrastructure?
scalability
By default, which type of certificate is used by an ASA 5505 for client authentication?
self-assigned
Which VPN implementation allows traffic that originates from a remote-access client to be separated into trusted VPN traffic and untrusted traffic destined for the public Internet?
split tunneling
When ASDM is used to configure the ASA for a site-to-site VPN, which address is entered in the Peer Device Identification window?
the IP address of the peer
What is defined by an ISAKMP policy?
the security associations that IPsec peers are willing to use
When the CLI is used to configure an ISR for a site-to-site VPN connection, what is the purpose of the�crypto map�command in interface configuration mode?
to bind the interface to the ISAKMP policy
