Module 21

Question 1

What are examples of the ASA command line interface being similar to the router IOS?

Answer 1

-Command prompts are similar
-Supports abbreviation of commands and keywords
-Use of the Tab key to complete a partial command
-Use of the help key (?) after a command to view more syntax

Question 2

The ASA 5506-X with FIREPOWER Services ships with a default config that is sometimes sufficient for?

Answer 2

Basic SOHO deployment

Question 3

What are different ways config changes can be made with ASAs?

Answer 3

-Manually using CLI
-Interactively using CLI Setup Initialization wizard
-Using the Adaptive Security Device Manager (ASDM) setup wizard

Question 4

How can an ASA be restored to its factory default global config mode command?

Answer 4

By using the configure factory-default global config mode command

Question 5

What is the privileged EXEC password automatically configured with?

Answer 5

MD5

Question 6

What must happen in order for a stronger encryption using AES to be enabled?

Answer 6

A primary passphrase must e configured and AES encryption must be enabled

Question 7

What command is used to change the primary passphrase?

Answer 7

key config-key password-encryption

Question 8

What is the G1/1 interface frequently configured as on the ASA?

Answer 8

The outside interface to the ISP

Question 9

What are the basic configurations of interfaces on the ASA?

Answer 9

IP addressing, naming, and setting the security level

Question 10

What is a BVI (bridged virtual interfaces)?

Answer 10

Interfaces grouped together

Question 11

What can you do with a BVI?

Answer 11

You can configure it with a single name and IP address

Question 12

Do you still need to configure other settings on individual interfaces in a BVI?

Answer 12

Yes

Question 13

What are ways interfaces can be configured with addresses?

Answer 13

Manually, by DHCP, or over PPPoE

Question 14

What happens when an interface is configured with DHCP on an ASA?

Answer 14

A default route from an upstream device can automatically be configured

Question 15

When must a default route be manually configured on an ASA?

Answer 15

If DHCP is not configured

Question 16

What connections can ASA be configured to accept for remote management on an ASA?

Answer 16

Connections over Telnet or SSH

Question 17

What are objects?

Answer 17

reusable components for use in configuration

Question 18

How are objects used?

Answer 18

They make it easy to maintain configurations in the place of inline IP addresses, services, names, and so on

Question 19

How do objects make it easy to maintain configurations?

Answer 19

It can be modified in one place and the change will be reflected in all other places that are referencing it

Question 20

What are the two types of objects?

Answer 20

Network objects and service objects

Question 21

What do network objects include?

Answer 21

-Host addresses
-Subnets
-Ranges of addresses
-FQDNs (fully qualified domain name)

Question 22

What do service objects refer to?

Answer 22

Different network services and protocols

Question 23

What are object groups?

Answer 23

Collection of objects that are related

Question 24

Where can network objects groups be used?

Answer 24

In configurations including ACLs and NAT

Question 25

What are the five types of objects groups?

Answer 25

Network
User
Service
ICMP-Type
Security

Question 26

How many values can objects hold?

Answer 26

One

Question 27

How many values can object groups hold?

Answer 27

Multiple values, including in-line values as well as previously created objects

Question 28

How do ACLs control access in a network?

Answer 28

By preventing defined traffic from entering or exiting

Question 29

How do ASA ACLs different from IOS ACLs?

Answer 29

They use network masks rather than wildcard masks

Question 30

What are the five types of ACLs?

Answer 30

-Extended access list
-Standard access list
-EtherType access list
-Webtype access list
-IPv6 access list

Question 31

All ASA ACLs are named. (T/F)

Answer 31

True

Question 32

How can ASA ACLs be used with object groups?

Answer 32

They can be used to limit the number of ACEs that are required in a list

Question 33

What are the three types of deployment methods?

Answer 33

-Inside NAT
-Outside NAT
-Bidirectional NAT

Question 34

What is inside NAT used for?

Answer 34

For translating inside addresses on secure networks to outside addresses on less secure networks

Question 35

What is outside NAT?

Answer 35

traffic from a lower security network is translated for a higher security network

Question 36

What is outside NAT used for?

Answer 36

To make internal enterprise hosts available to outside users

Question 37

What is Bidirectional NAT?

Answer 37

Inside and outside NAT together

Question 38

What are the four types of NAT that ASA supports?

Answer 38

-Dynamic NAT with overload
-Static NAT
-Policy NAT
-Identity NAT

Question 39

What must be used to configure NAT?

Answer 39

Network objects

Question 40

What do ASA device not support without using AAA?

Answer 40

Local authentication

Question 41

Cisco ASAs can be configured to authenticate access using..?

Answer 41

Local user database or an external server for authentication or both

Question 42

What does Server-based AAA authentication use?

Answer 42

AN external database server by leveraging the Radius or TACACS+ protocols

Question 43

What does MPF configuration (Modular Policy Framework) do?

Answer 43

defines a set of rules for applying firewall features such as traffic inspection and QoS, to the traffic that traverses the ASA

Question 44

MPF allows..

Answer 44

detailed classification of traffic flows to apply different advanced policies to different flows

Question 45

What are class maps used for?

Answer 45

To identify traffic that will be processed by MPF

Question 46

What do Policy maps do?

Answer 46

They define what will be done to the identified traffic

Question 47

What do Service policies do?

Answer 47

They identify which interfaces the policy map should be applied to

Question 48

What layers does the ASA support

Answer 48

Layer 5 to Layer 7

Question 49

How might the ASA MPF feature be used?

Answer 49

To match HTTP URLs and request methods, prevent users from surfing to specific sites during specific times, or prevent users from downloading music and video files via HTTP/FTP or HTTPS/SFTP