CCNA Security Ch 9 Exam Questions
And Answers | Verified A+ Pass Brand
New!!
ASA - Answer- Helps provide high performance connectivity and protection for critical
assets. ASA integrates:
Firewall technology. IPS. High performance VPNs with always on remote access.
Failover.
NGFW - Answer- Next generation firewalls. Deliver threat defence across the entire
attack continuum.
ASA Models - Answer- SOHO; 5505,5506,5512,5515.
Medium business; 5525,5555.
Data center; 5585.
ASA models - Answer- All models provide stateful firewall features, the difference
between models is the traffic throughput which can be handled.
ASA firewall features. - Answer- ASA virtualisation. High availability with failover.
Identity firewall.
ASA virtualisation - Answer- Can be partitioned into multiple virtual devices. Each virtual
device known as security context. Each context is an independent device, it has its own
security policy, interfaces and administrator.
High availability with failover. - Answer- Identical ASAs can be paired into an active
failover cofiguration for device redundancy.
Identity firewall - Answer- Provides granular access control based on an association of
IP addresses to active directory.
Threat control and containment services - Answer- Supports IPS features. Advanced
IPS can only be used by integrating special hardware modules with the asa
architecture. Use advanced inspection and prevention modules. Antimalware
capabilities integrated using the content security and control.
Outside network - Answer- Network or zone that is outside the protection of the firewall.
ASA treats a defined outside network as Untrusted.
Inside network - Answer- Network or zone that is protected and behind the firewall.
Firewalls protect inside networks from unauthorised access. Also protect users from
, each other. Can keep users separate from one another. ASA treats inside interfaces as
a trusted network.
DMZ - Answer- Demilitarized zone allows both inside and outside users access to
protected network resources.
Interfaces - Answer- Interfaces have security levels. These enables ASA to implement
Security policies. Resources that may be needed by outside users such as a web or
FTP server. can be located in a DMZ. Firewalls alllow limited access to the DMZ while
protecting the inside network.
Firewall modes - Answer- Two types of firewall modes: Routed Mode, Transport mode.
Routed mode - Answer- Two or more interfaces on separate networks. Routed mode
supports multiple interfaces. Each interface is on a different subnet and requires an IP
address on that subnet. ASA considered a router Hop
Transport mode - Answer- ASA not considered as a router hop. ASA assigned an IP on
local network for management. Simplifies network configuration.No support for dynamic
routing protocols, VPNs, QoS or DHCP.
License - Answer- Specifies the options that are enabled on an ASA. Upgrading
licences supports higher connection capacity.
Security Levels - Answer- Used to distinguish between inside and outside networks.
Security levels define trustworthiness of interface. The higher the level the more trusted
the the interface. 0 = Untrustworthy. 100 = Very trustworthy.
Lavel 100 - Answer- Assigned to most secure network, the inside interface.
Level 0 - Answer- Assigned to an outside interface.
Level 0 - 100 - Answer- Assigned to a network DMZ.
Security level rules - Answer- Traffic moving from an interface with high security level to
a interface with a lower security level is outbound traffic. Traffic moving from an
interface with lower security level to an interface with a higher security level is
considered inbound traffic.
Network access - Answer- Implicit permit from a high security level to a low security
level. Hosts on high security level can access hosts on a low security interface. Can
have multiple interfaces with the same level. If communication enabled for interfaces
with the same security level, Implicit permit for traffic between the interfaces.
Inspection engines - Answer- Application inspection engines are dependant on security
levels. Interfaces with the same level as the ASA inspects traffic in either direction.
And Answers | Verified A+ Pass Brand
New!!
ASA - Answer- Helps provide high performance connectivity and protection for critical
assets. ASA integrates:
Firewall technology. IPS. High performance VPNs with always on remote access.
Failover.
NGFW - Answer- Next generation firewalls. Deliver threat defence across the entire
attack continuum.
ASA Models - Answer- SOHO; 5505,5506,5512,5515.
Medium business; 5525,5555.
Data center; 5585.
ASA models - Answer- All models provide stateful firewall features, the difference
between models is the traffic throughput which can be handled.
ASA firewall features. - Answer- ASA virtualisation. High availability with failover.
Identity firewall.
ASA virtualisation - Answer- Can be partitioned into multiple virtual devices. Each virtual
device known as security context. Each context is an independent device, it has its own
security policy, interfaces and administrator.
High availability with failover. - Answer- Identical ASAs can be paired into an active
failover cofiguration for device redundancy.
Identity firewall - Answer- Provides granular access control based on an association of
IP addresses to active directory.
Threat control and containment services - Answer- Supports IPS features. Advanced
IPS can only be used by integrating special hardware modules with the asa
architecture. Use advanced inspection and prevention modules. Antimalware
capabilities integrated using the content security and control.
Outside network - Answer- Network or zone that is outside the protection of the firewall.
ASA treats a defined outside network as Untrusted.
Inside network - Answer- Network or zone that is protected and behind the firewall.
Firewalls protect inside networks from unauthorised access. Also protect users from
, each other. Can keep users separate from one another. ASA treats inside interfaces as
a trusted network.
DMZ - Answer- Demilitarized zone allows both inside and outside users access to
protected network resources.
Interfaces - Answer- Interfaces have security levels. These enables ASA to implement
Security policies. Resources that may be needed by outside users such as a web or
FTP server. can be located in a DMZ. Firewalls alllow limited access to the DMZ while
protecting the inside network.
Firewall modes - Answer- Two types of firewall modes: Routed Mode, Transport mode.
Routed mode - Answer- Two or more interfaces on separate networks. Routed mode
supports multiple interfaces. Each interface is on a different subnet and requires an IP
address on that subnet. ASA considered a router Hop
Transport mode - Answer- ASA not considered as a router hop. ASA assigned an IP on
local network for management. Simplifies network configuration.No support for dynamic
routing protocols, VPNs, QoS or DHCP.
License - Answer- Specifies the options that are enabled on an ASA. Upgrading
licences supports higher connection capacity.
Security Levels - Answer- Used to distinguish between inside and outside networks.
Security levels define trustworthiness of interface. The higher the level the more trusted
the the interface. 0 = Untrustworthy. 100 = Very trustworthy.
Lavel 100 - Answer- Assigned to most secure network, the inside interface.
Level 0 - Answer- Assigned to an outside interface.
Level 0 - 100 - Answer- Assigned to a network DMZ.
Security level rules - Answer- Traffic moving from an interface with high security level to
a interface with a lower security level is outbound traffic. Traffic moving from an
interface with lower security level to an interface with a higher security level is
considered inbound traffic.
Network access - Answer- Implicit permit from a high security level to a low security
level. Hosts on high security level can access hosts on a low security interface. Can
have multiple interfaces with the same level. If communication enabled for interfaces
with the same security level, Implicit permit for traffic between the interfaces.
Inspection engines - Answer- Application inspection engines are dependant on security
levels. Interfaces with the same level as the ASA inspects traffic in either direction.
