Lesson 5 Flashcards
(18 cards)
If there are no ACLs installed, outbound traffic is [permitted | denied] by default?
Permitted
If there are no ACLs installed, inbound traffic is [permitted | denied] by default?
Denied
Security Appliances use Subnet Masks or Wildcard Masks?
Subnet Masks
Cisco ISRs use Subnet Masks or Wildcard Masks?
Wildcard Masks
True or False: ACLs on Security Appliances apply to traffic destined TO the device?
No. Only through it. Unlike an ISR which goes through and to.
After an initial connection is established, what happens with the return packets?
They aren’t described.
What is the first step in ACL processing?
The device checks to see if the packet is a part of an initial connection
What is the second step in ACL processing?
If address translation is enabled, both addresses are compared against the ACL
What is the third step in ACL processing?
The packet filter occurs at this stage.
What is the fourth step in ACL processing?
Routing
What is the fifth step in ACL processing?
If address translation, outbound translation occurs
On ASAs, standard ACLs match packets based off of what?
Destination IP address
True or False: Standard ACLs can be applied to an internet for filtering traffic
False
What five things to Extended ACLs use to match traffic?
- Source & Destination addresses
- Layer 3 protocols
- Source & Destination TCP/UDP ports
- ICMP type for ICMP packets
- User Identity for AD group membership
True or False: ACLs are processed before or after NAT translation
Before
In ASA version 8.3+ you must specify the __________ IP address.
Translated
What hidden ACE do ACLs have at the end of every list?
Implicit deny
How do you disable (not delete) an ACE?
Append “inactive” to the end of the line
