CISCO ASA

75 Questions | Total Attempts: 361

SettingsSettingsSettings
CISCO Quizzes & Trivia

Chapter 1-3


Questions and Answers
  • 1. 
    What does ASA stand for?
    • A. 

      Advanced Security Application

    • B. 

      Adaptive Security Application

    • C. 

      Adaptive Security Appliance

    • D. 

      Advanced Security Application

  • 2. 
    Which one is NOT a way to access the CLI?
    • A. 

      Telnet

    • B. 

      Console

    • C. 

      RDP

    • D. 

      SSH

  • 3. 
    By default, without any configuration form you, the ASA has a default inside IP address of?
    • A. 

      It does not have an IP by default

    • B. 

      10.1.1.1

    • C. 

      192.168.1.100

    • D. 

      192.168.1.1

  • 4. 
    At what baud rate should you set your terminal emulation program in order to connect to the ASA and access the CLI?
    • A. 

      2400

    • B. 

      9600

    • C. 

      12500

    • D. 

      None, you don’t use a baud rate in telnet programs

  • 5. 
    According to the text, what should flow control be set at?
    • A. 

      Hardware

    • B. 

      Software

    • C. 

      None

    • D. 

      I don’t know, I was up all night smoking crack.

  • 6. 
    What is the symbol for the prompt in the CLI that lets you know you are in privileged mode?
    • A. 

      >

    • B. 

      #

    • C. 

      (config)

    • D. 

      (priv)

  • 7. 
    According to the textbook, what mode are you in if the prompt look like this “(configs)”?
    • A. 

      User

    • B. 

      Privileged

    • C. 

      Configuration

    • D. 

      Sub-Configuration

  • 8. 
    Which one of these commands will show me the license information on the ASA?
    • A. 

      Show Version

    • B. 

      Show Flash

    • C. 

      Show License

    • D. 

      Show Porn

  • 9. 
    What command do I type in to enter a new license key?
    • A. 

      Activation-key

    • B. 

      Enter activation-key

    • C. 

      License-key

    • D. 

      Activate License-Key

  • 10. 
    If a user selects "NO" at the setup menu when the ASA starts up, what will the hostname of the device be?
    • A. 

      ASA

    • B. 

      CiscoASA

    • C. 

      Cisco

    • D. 

      Router

  • 11. 
    If you accidently type NO in for the setup option, is there another way to get into setup (according to the text) without rebooting or power cycling the ASA?
    • A. 

      No

    • B. 

      Type setup in configs mode

    • C. 

      Type reload in priv mode

    • D. 

      I picked the wrong week to quit sniffing glue

  • 12. 
    Where is the ASDM software stored at on the ASA?
    • A. 

      Flash

    • B. 

      Rom

    • C. 

      NVRAM

    • D. 

      Hard Drive

  • 13. 
    If I set the inside IP address to 192.168.1.1, what would I type into my browser to access the ASDM?
    • A. 

      Http://192.168.1.1

    • B. 

      Https://192.168.1.1

    • C. 

      Https://192.168.1.1/admin

    • D. 

      Https://192.168.1.1/ASDM

  • 14. 
    Where does the ASDM software store error logs/messages?
    • A. 

      Flash memory on the ASA

    • B. 

      On the users computer

    • C. 

      In the ROM memory

    • D. 

      D) In NVRAM

  • 15. 
    In the "HOME" screen of the ASDM software, where would I look to find information about the number of active TCP connections going through the ASA?
    • A. 

      System Resources Status

    • B. 

      VPN Status

    • C. 

      Interface Status

    • D. 

      Traffic Status

  • 16. 
    How often is the information on the HOME screen refreshed on the ASDM software?
    • A. 

      5 sec

    • B. 

      10 sec

    • C. 

      15 sec

    • D. 

      30 sec

  • 17. 
    How long of a time period does the ASDM display on the HOME screen? If the ASA says there have been 50 active TCP connections, what is the timeframe it is measuring that in?
    • A. 

      1 minute

    • B. 

      2 minutes

    • C. 

      5 minutes

    • D. 

      10 minutes

  • 18. 
    What is the default device name on the ASA?
    • A. 

      ASA

    • B. 

      Cisco

    • C. 

      Hostname

    • D. 

      CiscoASA

  • 19. 
    What is the default SSH session username used by the 5505?
    • A. 

      PIX

    • B. 

      Cisco

    • C. 

      CiscoASA

    • D. 

      SecWeb

  • 20. 
    What is the default enable password on the ASA?
    • A. 

      Porn

    • B. 

      Cisco

    • C. 

      Cisco ASA

    • D. 

      There is none by default

  • 21. 
    When dealing with security levels, what is the most secure level?
    • A. 

      10

    • B. 

      100

    • C. 

      255

    • D. 

      1000

  • 22. 
    Where do I go in the ASDM software to configure an IP address on an interface?
    • A. 

      Configuration\Device Setup\Interfaces

    • B. 

      File\Properties\Interfaces

    • C. 

      Setup\Interfaces

    • D. 

      Appreciation\Porn\Inflatable Animal

  • 23. 
    When using the CLI, what mode is used to enter a security level?
    • A. 

      User

    • B. 

      Privileged

    • C. 

      Configuration

    • D. 

      Sub-Configuration

  • 24. 
    What is the maximum number of Vlans you are able to configure on the base ASA?
    • A. 

      3

    • B. 

      5

    • C. 

      10

    • D. 

      25

  • 25. 
    If you want to preview commands in the ASDM software before they are sent to the ASA, where do you go to turn that on?
    • A. 

      File\Properties

    • B. 

      Tools\Preferences

    • C. 

      Commands\Preview

    • D. 

      I have no clue

  • 26. 
    Which module is required for IPS?
    • A. 

      CSC-SSM

    • B. 

      AIP-SSM

    • C. 

      SSC-SSM

    • D. 

      OU812

  • 27. 
    Which module provides support for antivirus features?
    • A. 

      CSC-SSM

    • B. 

      AIP-SSM

    • C. 

      SSC-SSM

    • D. 

      OU812

  • 28. 
    What does a solid amber light on the status LED mean?
    • A. 

      System is booting

    • B. 

      System tests passed

    • C. 

      System tests failed

    • D. 

      No soup for you!

  • 29. 
    Whatis the max speed of the switchports on the 5505?
    • A. 

      10mbps

    • B. 

      100mbps

    • C. 

      1000mbps

    • D. 

      Frick’n fast man!

  • 30. 
    How many Vlans can be created on the 5505 using the switchports by default?
    • A. 

      2

    • B. 

      3

    • C. 

      4

    • D. 

      6

  • 31. 
    How many PoE ports are there on the 5505 by default?
    • A. 

      1

    • B. 

      2

    • C. 

      3

    • D. 

      5

  • 32. 
    What port numbers are used for the PoE ports?
    • A. 

      7 and 8

    • B. 

      1 and 2

    • C. 

      6 and 7

    • D. 

      1 and 8

  • 33. 
    What can I purchase to get some of the switchports to function at gigabit speed on the 5510?
    • A. 

      AIP-SSM Module

    • B. 

      CSC-SSM Module

    • C. 

      Security Plus Upgrade License

    • D. 

      Optional 1gig Memory Module

  • 34. 
    How big is the license key used to enable features on the ASA?
    • A. 

      20 Digit Decimal

    • B. 

      30 Digit Hex

    • C. 

      40 Digit Hex

    • D. 

      40 Digit Decimal

  • 35. 
    What is the flash card used for on the ASA 5510 besides storing the IOS?
    • A. 

      Saving Configs

    • B. 

      Additional RAM space

    • C. 

      CPU Overflow

    • D. 

      Flashing the BIOS

  • 36. 
    What is the smallest ASA you can buy with a gigabit interface without buying an additional license upgrade?
    • A. 

      5510

    • B. 

      5520

    • C. 

      5550

    • D. 

      5580

  • 37. 
    How many IPSec VPN connections does the 5510 allow without upgrading the license?
    • A. 

      100

    • B. 

      150

    • C. 

      200

    • D. 

      250

  • 38. 
    What is the maximum number of Vlans supports on the 5510 without upgrading the license?
    • A. 

      25

    • B. 

      50

    • C. 

      150

    • D. 

      200

  • 39. 
    On the 5510, enabling the 3DES/AES encryption slows down the firewall throughput by how many mbps?
    • A. 

      75 mbps

    • B. 

      100 mbps

    • C. 

      130 mbps

    • D. 

      150 mbps

  • 40. 
    Which model of ASA supports up to 1 million connections?
    • A. 

      5520

    • B. 

      5550

    • C. 

      5580-20

    • D. 

      5580-40

  • 41. 
    Which model of ASA does NOT support adding the AIP-SSM according to the book?
    • A. 

      5505

    • B. 

      5510

    • C. 

      5520

    • D. 

      5555

  • 42. 
    If I have an ASA 5510 and I add an AIP-SSM-10 module and I don’t use 3DES/AES, how much of a reduction in throughput would I have? Your gonna have to think out of the box a bit on this one, the answer is not spelled out for you in the book.
    • A. 

      75 mbps

    • B. 

      100 mbps

    • C. 

      150 mbps

    • D. 

      200 mbps

  • 43. 
    How much does an AIP-SSM cost for the 5505 from CDW according to my powerpoint slide?
    • A. 

      Under $1,000

    • B. 

      $1,000 to $2,500

    • C. 

      $2,500 to $3,500

    • D. 

      Over $5,000

  • 44. 
    How much does an ASA 5510 cost from CDW with no extra security license? (CDW Part# 792589)
    • A. 

      Under $1000

    • B. 

      $1000 to $2000

    • C. 

      $2000 to $3000

    • D. 

      Over $4000

  • 45. 
    How much does an ASA 5505 cost with a standard 10 user bundle from CDW?
    • A. 

      Under $200

    • B. 

      Under $300

    • C. 

      $300 to $400

    • D. 

      Over $400

  • 46. 
    What scanning software does the CSC-SSM module use?
    • A. 

      AVG

    • B. 

      Trend Micro

    • C. 

      Avast

    • D. 

      PCcillin

  • 47. 
    Which number is NOT a valid model of the AIP-SSM module?
    • A. 

      -10

    • B. 

      -20

    • C. 

      -30

    • D. 

      -40

  • 48. 
    Can the ASA scan HTTPS traffic if you have a CSC-SSM module installed?
    • A. 

      Yes

    • B. 

      No

    • C. 

      How the frick should I know

    • D. 

      What?

  • 49. 
    How much does the CSC-SSM-10 cost from CDW? (CDW Part# 973275)
    • A. 

      Under $1000Under $1000

    • B. 

      Under $2000

    • C. 

      $2000 to $4000

    • D. 

      Over $5000

  • 50. 
    According to the bottom of page one, where are firewalls placed?
    • A. 

      Only at the entryway to the internet

    • B. 

      Between trusted and untrusted networks

    • C. 

      Only internally

    • D. 

      Right after a switch

  • 51. 
    According to page two, what is the primary task of the firewall?
    • A. 

      To deny bad traffic from entering the network

    • B. 

      To permit good traffic to leave the network

    • C. 

      To deny or permit traffic that attempts to enter the network

    • D. 

      To control access to specific network segments

  • 52. 
    Based on the solution you found for the question above, what does a firewall use to base its decisions on which traffic to permit or deny into the network?
    • A. 

      Explicit preconfigured policies and rules

    • B. 

      Only Network address translation

    • C. 

      TCP/IP Stateful Proxies

    • D. 

      Application Translation

  • 53. 
    At which layer of the OSI model do packet filters typically operate at?
    • A. 

      Data-Link

    • B. 

      Network

    • C. 

      Transport

    • D. 

      Session

  • 54. 
    Which of the following is NOT an element that could be inspected by a packet-filtering technique?
    • A. 

      Source address

    • B. 

      Destination translation

    • C. 

      Source port

    • D. 

      Protocol

  • 55. 
    What is the purpose of a packet filter?
    • A. 

      Filter traffic based on rules from the Proxy

    • B. 

      Control access to specific network segments by defining which traffic can pass through them

    • C. 

      Operate as an intermediary agent on behalf of clients that are on a private network

    • D. 

      Hide the internal private addresses from the unprotected network

  • 56. 
    True or false, packet filters do not commonly inspect layer 4 fields like the sequence number and ACK fields?
    • A. 

      True

    • B. 

      False

  • 57. 
    At which layer do the majority of proxy firewalls operate at?
    • A. 

      Application

    • B. 

      Presentation

    • C. 

      Session

    • D. 

      Transport

  • 58. 
    What does an application proxy do?
    • A. 

      Filter traffic based on rules from network address translation

    • B. 

      Control access to specific network segments by defining which traffic can pass through them

    • C. 

      Operate as an intermediary agent on behalf of clients that are on a private or protected network

    • D. 

      Hide the internal private addresses from the unprotected network

  • 59. 
    What does the firewall do with NAT?
    • A. 

      Filter traffic based on rules from network address translation

    • B. 

      Control access to specific network segments by defining which traffic can pass through them

    • C. 

      Operate as an intermediary agent on behalf of clients that are on a private or protected network

    • D. 

      Hides the internal private addresses from the unprotected network, and exposes only its own address

  • 60. 
    What is the first octet of a class A private ip address when expressed in binary?
    • A. 

      00000010

    • B. 

      00001010

    • C. 

      00101010

    • D. 

      10101010

  • 61. 
    Which one is NOT a class B private ip address?
    • A. 

      172.16.0.200

    • B. 

      172.24.255.5

    • C. 

      172.32.12.15

    • D. 

      172.30.255.254

  • 62. 
    The process of allowing many devices on the internal protected network to share one ip address by inspecting the layer 4 information of the packet is called?
    • A. 

      Static translation

    • B. 

      Stateful inspection

    • C. 

      Deep packet inspection

    • D. 

      Port address translation

  • 63. 
    What kind of address translation would I use if I had a web server that resided on the internal network that people needed to access from the public side?
    • A. 

      Port address translation

    • B. 

      Static translation

    • C. 

      Dynamic translation

    • D. 

      Deep packet translation

  • 64. 
    What is meant by Stateful Inspection?
    • A. 

      Firewalls can look at specific layer 7 payloads to protect against security threats

    • B. 

      The device searches for a fixed sequence of bytes within the packets traversing the network

    • C. 

      The tracking of every packet passing through an interface by assuring that they are valid, established connections

    • D. 

      When the state highway patrol pulls you over after you had a bad day and got snookered with some tequila to the point you cant even see straight

  • 65. 
    What does Deep Packet Inspection do?
    • A. 

      Firewalls can look at specific layer 7 payloads to protect against security threats

    • B. 

      The device searches for a fixed sequence of bytes within the packets traversing the network

    • C. 

      The tracking of every packet passing through an interface by assuring that they are valid, established connections

    • D. 

      When the state highway patrol pulls you over after you had a bad day and got snookered with some tequila to the point you cant even see straight.

  • 66. 
    What  does the book call a "popular software application that you can install on end-user machines or servers to protect them from external security threats and intrusions"?
    • A. 

      Cisco ASA

    • B. 

      Cisco PIX

    • C. 

      Personal Firewall

    • D. 

      Network Address Translation

  • 67. 
    Why is it safer to have an IPS rather than an IDS?
    • A. 

      An IPS will actually prevent the malicious packet from arriving

    • B. 

      An IDS will alert you to the malicious activity

    • C. 

      An IDS does not detect distributed denial of service attacks

    • D. 

      An IDS does not work in promiscuous mode

  • 68. 
    Which layer 4 protocol will pattern matching work against?
    • A. 

      ESP

    • B. 

      AH

    • C. 

      TCP

    • D. 

      GRE

  • 69. 
    What does the book call a set of conditions that point out some type of intrusion occurance?
    • A. 

      Protocol analysis

    • B. 

      Heuristic-based analysis

    • C. 

      A signature

    • D. 

      Pattern matching

  • 70. 
    Which of the following has a major disadvantage of generating a considerably high amount of false positives?
    • A. 

      Protocol analysis

    • B. 

      Heuristic-based analysis

    • C. 

      A signature

    • D. 

      Pattern matching

  • 71. 
    What is it called when a program attempts to store more data in a temporary storage area within memory than it was designed to hold?
    • A. 

      Heuristic analysis

    • B. 

      Zero-day exploit

    • C. 

      Distributed denial of service

    • D. 

      Buffer overflow

  • 72. 
    What is an attack for which there is no signature called?
    • A. 

      Heuristic analysis

    • B. 

      Zero-day exploit

    • C. 

      Distributed denial of service

    • D. 

      Buffer overflow

  • 73. 
    What are the two different modes when using IPSEC?
    • A. 

      ESP and AH

    • B. 

      Transport and Tunnel

    • C. 

      Site and Transport

    • D. 

      SSL or HTTPS

  • 74. 
    During IKE negotiation, what protocol and port number are used?
    • A. 

      TCP port 500

    • B. 

      UDP port 500

    • C. 

      TCP port 443

    • D. 

      UDP port 443

  • 75. 
    How much does the security license upgrade cost from CDW? NOT the promo license, cdw part# 1761242.
    • A. 

      Under $200

    • B. 

      Under $300

    • C. 

      $300 to $400

    • D. 

      Over $400