A system execution space (customer context) does not have any Layer 2 or Layer 3
interfaces or any network settings. - ANSWER True
An admin context is created after the System Execution Space and all (customer
contexts) have been created - ANSWER False
Any interface not defined as...
A system execution space (customer context) does not have any Layer 2 or Layer 3
interfaces or any network settings. - ANSWER True
An admin context is created after the System Execution Space and all (customer
contexts) have been created - ANSWER False
Any interface not defined as an admin context is a customer context - ANSWER
True
Stealth firewalls do not provide a way to filter packets that traverse from one host to
another on the same LAN segment - ANSWER False
Traditional firewalls require a new network segment to be created when they are
inserted into a network - ANSWER True
The alias command is not supported in transparent firewall mode. - ANSWER True
Reverse Routing Injection (RRI) is supported when a Cisco ASA is configured as a
transparent firewall mode - ANSWER False
Network Address Translation Traversal (NAT-T) & Public Key Infrastructure (PKI)
are partially supported in transparent mode for the management tunnel - ANSWER
False
In a scenario where all security contexts in the Cisco ASA use unique physical or
logical subinterfaces, the packet classification becomes more difficult because the
security appliance labels the packets based upon the source interface - ANSWER
False
In a scenario where an interface is shared between multiple security contexts, then
the interface may be assigned the same mac address across all virtual firewalls -
ANSWER True
_____ ____ _____ _____ is when the security appliance acts as a secured bridge
that switches traffic from one interface to another. - ANSWER Single-Mode
Transparent Firewalls
_____ _____ _____ does not support the sharing of interfaces between multiple
contexts - ANSWER Multimode Transparent Firewalls
_____ _____ segregate protected networks from unprotected ones by acting as an
extra hop in the network design - ANSWER Routed Firewalls
_____ _____ acts & behaves as an independent entity with its own configuration -
ANSWER Virtual Firewalls
, Remote management for Admin Context is conducted through: - ANSWER Port 22
or port 23
The Bridge Group Virtual Interface (BVI) Bridge group feature) - ANSWER Up to
four physical interfaces or subinterfaces can be assigned to this bridge group.
Three important settings configured for each context in the system execution space
include: - ANSWER - Context Name
- Location of context's startup configuration (Configlet)
- Interface allocation
Cisco ASA is set up in transparent mode: - ANSWER - Only one site-to-site IPsec
tunnel can be configured.
- The IPsec tunnel could be terminated on either the internal or external interface
- An IPsec tunnel for traversing traffic can be established
Transparent firewalls & NAT - ANSWER - Static routes established on the
upstream router are used to translate IP addresses if the network node resides on a
different subnet/network as the global IP address
- Address Resolution Protocol (ARP) requests are used to translate if the network
node resides on the same subnet/network as the global IP address
- Address Resolution Protocol (ARP) inspection is not used when the source's IP
address is translated on the same side of the firewall prior to contacting the node on
the other side of the firewall.
no shutdown command is used to disable & enable a redundant interfaces, even
though the system enables a redundant interface by default at the time of creation. -
ANSWER False
The two interfaces used in a redundant pair are not required to be identical. -
ANSWER False
Management0/0 & Management0/1 interfaces are supported for use as dedicated
physical management interfaces. - ANSWER False
Cisco ASA security appliances that contain a built-in switch are supported as
support dedicated redundant interface capable. - ANSWER False
Internal zone contains all of the downstream network nodes to be protected. -
ANSWER True
Illegal zone contains the IP addresses that Cisco ASA IPS should never see in
transit traffic - ANSWER True
External zone contains all IP addresses that do not belong to the internal or illegal
zonex - ANSWER True
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller DOCRISHNA. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.
