Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cisco CCNA Security (640-554) > Chapter 14 - Cisco ASA > Flashcards

Chapter 14 - Cisco ASA Flashcards

1
Q

What is the default behavior for two interfaces that have the exact same security level?

A

Traffic is not allowed between those two interfaces.

For example:

F0/1 = security 50

F0/2 = security 50

Traffic will not go between these two.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is “hairpin routing”?

A

Hairpin routing is a situation where (for example on an ASA) where traffic comes in on a specific interface and is supposed to be routed right back out the same interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the default security levels for inside, dmz, and outside interfaces (respectively on an ASA)

A

inside = 100

dmz = 50

outside = 0

Remember, highest score = the most trusted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How does a transparent firewall function?

A

A pair of interfaces act as a bridge (for example on an ASA) and traffic is sent in one interface and right out the other.

As traffic traverses the two ports, it is subject to rules and inspection that is applied (ACL’s, packet filtering, etc)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How many DHCP clients are allowed on a ASA5505?

A

32

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do you add a static route in an ASA via command line?

A

(config)# route outside 0.0.0.0 0.0.0.0 24.2.51.2

“outside” indicates which interface the static route needs to use to reach that hop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the basic syntax for enabling dynamic PAT (NAT Tranlsation) on an ASA?

A

(config)# nat (inside,outside) 1 source dynamic inside_nets interface

inside_nets is an object group for all subnets routed through the inside interface on the ASA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the basic syntax to use packet tracer via the command line?

A

packet-tracer input inside tcp 192.168.1.100 1065 22.33.44.55 80

This would show results of a simulated host at 192.168.1.100 sending a packet to a web server via destination port 80 at the IP address 22.33.44.55

Note that most source port TCP requests will be an arbitrary port higher than 1023.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How are access-lists applied differently in an ASA as opposed to an IOS router?

A

They use the “access-group” command globally to apply an ACL to an interface. (in routers this is done via interface config mode).

ex:

(config)# access-group inside_access_in in interface inside

(applies the ACL called inside_access_in on the inside interface in the direction IN to the router).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Cisco CCNA Security (640-554) (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions