Cisco Next-Generation FW and Cisco Next Generation IPS Flashcards

1
Q

Difference between FirePOWER and firepower

A
  • FirePOWER is referring to CISCO ASA FirePower service module
  • Firepower is referring to Firepower Threat Defense (FTD) unified image and newer software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Is unified software that includes Cisco ASA features, legacy FirePOWER Services and new features. Can be deployed to Cisco Firepower 1000 Series, 2100 Series, 4100 Series and 9000 Series.

A

Cisco Firepower Threat Defense (FTD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cisco Firepower 1000 Series Model (Designed for small business and small offices)

A
  • Cisco Firepower 1010: A desktop firewall with eight 1 Gigabit Ethernet ports, and scales up to 650 Mbps of NGFW througput
  • Cisco Firepower 1120: A rack-mount firewall with eight 1 Gigabit Ethernet ports and four SFP ports. The firepower 1120 scales up to 1.5 Gbps of throughput
  • Cisco Firepower 1140: A rack-mount firewall with eight 1 Gigabit Ethernet ports and four SFP ports. The firepower 1120 scales up to 2.2 Gbps of throughput
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cisco Firepower 2100 Series Four Models

-Use for Internet Edge and Data Centre

A
  • Cisco Firepower 2110: (1 RU, with 12 1Gbps Ports and 4 SPF Ports, 2Gbps NGFW througput)
  • Cisco Firepower 2120 (1 RU, with 12 1Gbps Ports and 4 SPF Ports, 3Gbps NGFW througput)
  • Cisco Firepower 2130 (1 RU, with 24 1Gbps Ports or 12 1Gbps and 12 10Gbps Ports, 5Gbps NGFW througput)
  • Cisco Firepower 2140 (1 RU, with 24 1Gbps Ports or 12 1Gbps and 12 10Gbps Ports, 8.5Gbps NGFW througput)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cisco Firepower 4100 Series

A
  • Cisco Firepower 4110 (1RU, with 1,10 or 40 Gbps interfaces with 35Gbps firewall throughput and 11Gbps threat inspection)
  • Cisco Firepower 4120 (1RU, with 1,10 or 40 Gbps interfaces with 60Gbps firewall throughput and 19Gbps threat inspection)
  • Cisco Firepower 4140 (1RU, with 1,10 or 40 Gbps interfaces with 70Gbps firewall throughput and 27Gbps threat inspection)
  • Cisco Firepower 4150 (1RU, with 1,10 or 40 Gbps interfaces with 75Gbps firewall throughput and 39Gbps threat inspection)
  • Cisco Firepower 4115 (1RU, with 1,10 or 40 Gbps interfaces with 80Gbps firewall throughput and 26Gbps threat inspection)
  • Cisco Firepower 4125 (1RU, with 1,10 or 40 Gbps interfaces with 80Gbps firewall throughput and 35Gbps threat inspection)
  • Cisco Firepower 4145 (1RU, with 1,10 or 40 Gbps interfaces with 80Gbps firewall throughput and 45Gbps threat inspection)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Designed for very large enterprises or service providers. Can scaled beyond 1.2Tbps and are designed in a modular way.

A

Cisco Firepower 9300 Series

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Characteristics of Legacy IPS

A
  • They are deployed behind a firewall when providing IPS Functionality (Inline). Often an IPS is also placed in the network without a firewall in front of it.
  • They often look for attempts to exploit a vulnerability and not for the existence of a vulnerability
  • Generates large amounts of event
  • focus on individual indicators/events without focusing on contextual info to take action.
  • legacy IPS require manual tuning for better efficacy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Legacy IPS shortcomings

A
  • they often need to be operated in conjuciton with other products or tools (firewall, analytics and correlation tools)
  • sometimes not very effective and may be ignored
  • operations cost and operating resource is high
  • can leave infrastructures imperfectly covered against attackers.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

NextGeneration IPS capabilities

A
  • Application awareness and control: provide visibility into layer 7 application and can protect against layer 7 threats.
  • content awareness of the information traversing the infrastructure
  • contextual awareness
  • host and user awareness
  • automated tuning and recommendations
  • impact and vulnerability assessment of the events taking place
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Most important capabilities of Cisco NGIPS

A
  • threat containment and remediation
  • application visibility
  • identity management
  • security automation
  • logging and traceability management
  • high availability and stacking
  • network behavioral analysis
  • access control and segmentation
  • real-time contextual awareness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is needed when adding a device to CIsco Firepower Management Center

A

IP Address

NAT ID and registration key if you dont know the iP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Is used to configure small Cisco FTD deployments

A

Cisco Firepower Device Manager (FDM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Is a solution that allows you to manage your firewalls from the cloud. You can write a policy once and enforce it consistently across multiple Cisco ASA and Cisco FTD devices.

A

Cisco Defense Orchestrator (CDO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Cisco FTD Devices, Cisco Firepower NGIPS and Cisco ASA FirePower modules can be managed by?

A

Firepower Management Centre (FMC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Is a stateful firewall used in Cisco IOS Devices. Is the successor of the legacy IOS Firewall or the context-based access control (CBAC) feature.

A

Cisco IOS Zone-Based Firewall (ZBFW)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Components of SD-WAN configuration,zone deployments

A
  • Source Zone
  • Destination Zone
  • Firewall Policy
  • Zone Pair
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Cisco ASA global commands that enables communications between the hosts on interfaces at the same security level

A

same-security-traffic permit interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Cisco ASA interface level of security

A

100 - safest (usually named inside interface)
0- unsafe ( usually outside interface
between 100-0 (DMZ)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Cisco ASA deployment mode

A

Routed or Transparent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Enable a physical firewall to be partitioned into multiple standalone firewalls. each standalone firewalls acts and behaves as an independent entity with its own configuration, interfaces,security policies, routing tables and administrators.

A

Security Contexts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

In this mode- Cisco ASA acts as a secured bridge that switches traffic from one interface to anothers

A

Single-Mode Transparent Firewall (SMTF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A virtual firewall supports this features that are available in a standalone firewall

A
  • IPS Functionality
  • Dynamic Routing
  • Packet Filtering
  • Network Address Translation (NAT)
  • Site-to-site VPN
  • IPv6 and device management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Cisco FTD Deployment modes

A
  • routed mode

- transparent mode

24
Q

Cisco FTD interface modes

A
  • routed
  • switched (BVI)
  • passive
  • passive (ERSPAN)
  • inline pair
  • inline pair with TAP
25
Q

As in legacy, Cisco NGFW and Cisco NGIPS can operate in two main modes

A

Inline and passive (monitoring) mode

26
Q

Inline modes offer two modes

A

Routed and switched mode

27
Q

Interface mode where you have two physical interfaces internally bridged

A

Inline pair with TAP

28
Q

Interface mode where Cisco NGFW and NGIPS device does not usually prevents attacks. The devices uses one interface to silently inspect traffic and identify malicious activity without interrupting traffic flow

A

Passive mode

29
Q

Interface mode that you can configure one physical interface operating as sniffer

A

Passive with ERSPAN Mode

30
Q

Additonal Cisco FTD deployment design considerations

A
  • Management
  • Standalone or resilient
  • Link speeds/types
  • routed or transparent mode
  • number of interfaces
  • traffic profile
  • application control
  • URL filtering
  • deep inspection
  • file and malware protection
31
Q

Types of information being exchange on Cisco ASA failover links

A
  • the firewall state (active or standby)
  • hello messages
  • network link status
  • mac address exchange
  • configuration replication and synchornization
32
Q

Requirements for Cisco ASA failover configuration

A
  • same mode (router or transparent)
  • same software versions
  • same domain or group on the cisco FMC
  • same NTP
  • DHCP or PPPoE must not be configured on any devices
33
Q

Lets you group multiple Cisco FTD units together as a single logical devices

A

Clustering

34
Q

Is a collection of security rules or policies that allow or denies packetts after looking at the packet headers and other attributes

A

ACL

35
Q

Each permit or deny statement is referred to as?

A

Access control entry (ACE)

36
Q

ACL includes a five-tuple

A
  • source ip address
  • source port
  • destination ip address
  • destination port
  • protocol
37
Q

Cisco ASA supports 4 types of ACL

A
  • standard ACL
  • extended ACL
  • EtherTypes ACL
  • WebTypes ACL
38
Q

Provided by Cisco ASA to provide application security or perform QoS functions. It offers a consitent and flexible way to configure the Cisco ASA application inspection and other features in a manner similar to the used for the Cisco IOS software modular QOS CLI

A

Modular Policy Framework

39
Q

three main commands of Modular policy framework

A
  • class-map (classifies the traffic to be inspected)
  • policy-map (configures security or QoS policies)
  • service policy (active policy globally)
40
Q

Also known as a management access rules, applies to traffic that terminates on the Cisco ASA.

A

to-the-box traffic filtering

41
Q

Cisco ASA supports the following four methods of translation

A

Static NAT/PAT
Dynamic NAT/PAT
Policy NAT/PAT
Identity NAT

42
Q

Is helpful when you want to translate the source address of an object regardless of the destination address. In this mode you define an object and address translation policy within the object definition

A

Auto NAT

43
Q

Talos provided base policy

A
  • Connectivity over security
  • balanced security and connectivity
  • security over connectivity
  • no rules active
  • maximum detection
44
Q
  • Talos provided base policy
  • This policy is built for organizations where connectivity take precendece over network infrastructure security. Enable far fewer rules than those enabled in security over conectivity policy
A

-Connectivity over security

45
Q
  • Talos provided base policy

- This policy is designed to balance overall network performance with network infrastructure and security.

A

-Balanced security and connectivity

46
Q
  • -Talos provided base policy

- This policy is built for organizations where network infrastructure security takes precedence over user convenience.

A

-Security over connectivity

47
Q
  • -Talos provided base policy

- No rules active at this point

A

-No rules active

48
Q
  • -Talos provided base policy
  • This policy is built for organizations where network infrastructure security is give even more emphasis that is given by the security over connectivity policy, with potential for even greater operation impact
A

-Maximum Detection

49
Q

Two types of variables

A

-System default variables (preconfigured in the system, these include $AIM_SERVERS, $DNS_SERVERS, $EXTERNAL_NET, $FILE_DATA_PORTS, $GTP_PORTS, $HOME_NET, $HTTP_PORTS
-Policy variables (override default variables)
ex. [192.168.1.1, 10.1.1.1, 172.16.1.1] or [192.168.1.1, 10.1.1.1, 172.16.1.0/24]
ports range [25-121]
ports less than a number [-1024]
ports more than a number [1024-]
exclude ports [!25]
list ports [21, !25, 80-]

50
Q

Cisco Firepower can take advantage of this policies. These policies are shared set of parameters that define the aspects of a Cisco Firepower device that are likely to be similar to other managed devices.

A

Platform Settings Policy

51
Q

Preprocessors availabe in Cisco Firepower NGIPS

A
  • DCE/RPC
  • DNS
  • FTP and Telnet
  • HTTP
  • Sun RPC
  • SIP
  • GTP
  • IMAP and POP
  • SMTP
  • SSH
  • SSL
  • SCADA
  • Network
  • Threat Detection
52
Q

Enables you to detect and block malware , continiously analyze for malware and get retrospective alerts.

A

Cisco Advanced Malware Protection (AMP)

53
Q

Cisco AMP Features

A
  • File reputation
  • File Sandboxing
  • File retrospection
54
Q

Example of threat inteligence sources

A
  • Snort, ClamAV and Immunet AV open source communities
  • Talos
  • Threat Grid
55
Q

AMP clouds prevention framework is made up of seven core componets

A
  • Signatures
  • Ethos (fuzzy fingerprinting that uses static or passive heuristics)
  • Spero ( a machine learning technology that proactively identifies threats that were previously unknown
  • IOC (indicator of compromise)
  • Device flow correlation
  • Advance analytics
  • Dynamic analysis
56
Q

This means taking a look at what has already transpired, it involves tracking system behavior regardless of disposition, focusing on uncovering malicious acitivty.

A

Retrospection

57
Q

Cisco ASA Point to Point ASA Configuration

A
  1. Enable IKE on the interface

2.Create Connection profile

Specify VPN Peer
Specify local and remote protected networks
Configure IKE authentication and IKE policy
Configure IPSec proposal (transform set)

  1. (Situationally) configure NAT exemption
  2. (Situationally) configure VPN traffic with an ACL
  3. (Situationally) configure static routing