CISCO ASA
Chapter 1-3
Questions and Answers
- 1.
What does ASA stand for?
- A.
Advanced Security Application
- B.
Adaptive Security Application
- C.
Adaptive Security Appliance
- D.
Advanced Security Application
Correct Answer
C. Adaptive Security ApplianceExplanation
ASA stands for Adaptive Security Appliance. This term refers to a firewall and security device developed by Cisco Systems. The ASA provides network security by combining firewall, VPN (Virtual Private Network), and intrusion prevention system capabilities. It is designed to protect networks from various threats and attacks, ensuring the confidentiality, integrity, and availability of network resources.Rate this question:
-
- 2.
Which one is NOT a way to access the CLI?
- A.
Telnet
- B.
Console
- C.
RDP
- D.
SSH
Correct Answer
C. RDPExplanation
RDP (Remote Desktop Protocol) is not a way to access the Command Line Interface (CLI). RDP is a proprietary protocol developed by Microsoft that allows users to remotely connect to and control a computer over a network. It provides a graphical interface rather than a command line interface. Telnet, Console, and SSH are all methods that can be used to access the CLI. Telnet is a network protocol used to establish a remote command line session, Console refers to accessing the CLI directly from the physical device, and SSH (Secure Shell) is a network protocol that provides secure remote access to the CLI.Rate this question:
-
- 3.
By default, without any configuration form you, the ASA has a default inside IP address of?
- A.
It does not have an IP by default
- B.
10.1.1.1
- C.
192.168.1.100
- D.
192.168.1.1
Correct Answer
A. It does not have an IP by defaultExplanation
By default, the ASA does not have an IP address assigned to its inside interface. It needs to be manually configured with an IP address for communication on the inside network.Rate this question:
-
- 4.
At what baud rate should you set your terminal emulation program in order to connect to the ASA and access the CLI?
- A.
2400
- B.
9600
- C.
12500
- D.
None, you don’t use a baud rate in telnet programs
Correct Answer
B. 9600Explanation
To connect to the ASA and access the CLI, you should set your terminal emulation program to a baud rate of 9600. Baud rate refers to the number of signal changes per second in a communication channel, and setting it to 9600 ensures a reliable and efficient connection between the terminal emulation program and the ASA.Rate this question:
-
- 5.
According to the text, what should flow control be set at?
- A.
Hardware
- B.
Software
- C.
None
- D.
I don’t know, I was up all night smoking crack.
Correct Answer
A. HardwareExplanation
The text suggests that flow control should be set at hardware.Rate this question:
-
- 6.
What is the symbol for the prompt in the CLI that lets you know you are in privileged mode?
- A.
>
- B.
#
- C.
(config)
- D.
(priv)
Correct Answer
B. #Explanation
The symbol "#" is used in the CLI to indicate that the user is in privileged mode. This mode grants the user access to advanced configuration and management commands, allowing them to make changes to the system settings. The "#" symbol is commonly used in various network devices and operating systems, such as Cisco routers and Unix-based systems, to signify privileged mode.Rate this question:
-
- 7.
According to the textbook, what mode are you in if the prompt look like this “(configs)�
- A.
User
- B.
Privileged
- C.
Configuration
- D.
Sub-Configuration
Correct Answer
C. ConfigurationExplanation
If the prompt looks like "(configs)", according to the textbook, the mode you are in is the Configuration mode.Rate this question:
-
- 8.
Which one of these commands will show me the license information on the ASA?
- A.
Show Version
- B.
Show Flash
- C.
Show License
- D.
Show Porn
Correct Answer
A. Show VersionExplanation
The "Show Version" command will provide the license information on the ASA. This command displays detailed information about the software and hardware components of the ASA, including the license information. It is commonly used to verify the software version, activation key, and license details of the ASA device.Rate this question:
-
- 9.
What command do I type in to enter a new license key?
- A.
Activation-key
- B.
Enter activation-key
- C.
License-key
- D.
Activate License-Key
Correct Answer
A. Activation-keyExplanation
To enter a new license key, the correct command to type in is "activation-key". This command is used to activate or update the license key on a system. It is a standard command used in many software applications to input license information and unlock additional features or functionalities.Rate this question:
-
- 10.
If a user selects "NO" at the setup menu when the ASA starts up, what will the hostname of the device be?
- A.
ASA
- B.
CiscoASA
- C.
Cisco
- D.
Router
Correct Answer
B. CiscoASAExplanation
If a user selects "NO" at the setup menu when the ASA starts up, the hostname of the device will be CiscoASA.Rate this question:
-
- 11.
If you accidently type NO in for the setup option, is there another way to get into setup (according to the text) without rebooting or power cycling the ASA?
- A.
No
- B.
Type setup in configs mode
- C.
Type reload in priv mode
- D.
I picked the wrong week to quit sniffing glue
Correct Answer
B. Type setup in configs modeExplanation
The correct answer is "Type setup in configs mode." This means that if you accidentally type "NO" for the setup option, you can still access the setup mode by typing "setup" in the configuration mode. This allows you to make changes to the ASA without having to reboot or power cycle it.Rate this question:
-
- 12.
Where is the ASDM software stored at on the ASA?
- A.
Flash
- B.
Rom
- C.
NVRAM
- D.
Hard Drive
Correct Answer
A. FlashExplanation
The ASDM software is stored in the Flash memory of the ASA. Flash memory is a type of non-volatile storage that retains data even when power is lost. It is commonly used in networking devices like the ASA to store firmware, operating systems, and other software. Storing the ASDM software in Flash memory allows for easy access and quick retrieval when needed.Rate this question:
-
- 13.
If I set the inside IP address to 192.168.1.1, what would I type into my browser to access the ASDM?
- A.
Http://192.168.1.1
- B.
Https://192.168.1.1
- C.
Https://192.168.1.1/admin
- D.
Https://192.168.1.1/ASDM
Correct Answer
C. Https://192.168.1.1/adminExplanation
To access the ASDM, which is a web-based management tool for Cisco devices, you would need to type "https://192.168.1.1/admin" into your browser. The "https://" indicates that it is a secure connection, while "192.168.1.1" is the IP address of the device. The "/admin" specifies the path to the ASDM interface.Rate this question:
-
- 14.
Where does the ASDM software store error logs/messages?
- A.
Flash memory on the ASA
- B.
On the users computer
- C.
In the ROM memory
- D.
D) In NVRAM
Correct Answer
B. On the users computerExplanation
The ASDM software stores error logs/messages on the user's computer. This is because the ASDM software is typically installed on the user's computer and it logs any errors or messages locally on the computer for easy access and troubleshooting. Storing the logs on the user's computer allows for quick retrieval and analysis of the logs without the need to access the ASA or any other external storage.Rate this question:
-
- 15.
In the "HOME" screen of the ASDM software, where would I look to find information about the number of active TCP connections going through the ASA?
- A.
System Resources Status
- B.
VPN Status
- C.
Interface Status
- D.
Traffic Status
Correct Answer
D. Traffic StatusExplanation
In the "Traffic Status" section of the ASDM software's "HOME" screen, information about the number of active TCP connections going through the ASA can be found. This section provides details and statistics related to the traffic passing through the ASA, including the number of active TCP connections.Rate this question:
-
- 16.
How often is the information on the HOME screen refreshed on the ASDM software?
- A.
5 sec
- B.
10 sec
- C.
15 sec
- D.
30 sec
Correct Answer
B. 10 secExplanation
The information on the HOME screen of the ASDM software is refreshed every 10 seconds. This means that any data or statistics displayed on the HOME screen will be updated every 10 seconds to provide the user with the most current information. This frequent refresh rate allows users to monitor real-time data and make informed decisions based on the most up-to-date information available.Rate this question:
-
- 17.
How long of a time period does the ASDM display on the HOME screen? If the ASA says there have been 50 active TCP connections, what is the timeframe it is measuring that in?
- A.
1 minute
- B.
2 minutes
- C.
5 minutes
- D.
10 minutes
Correct Answer
C. 5 minutesExplanation
The ASDM displays a time period of 5 minutes on the HOME screen. Therefore, if the ASA says there have been 50 active TCP connections, it is measuring that within the 5-minute timeframe.Rate this question:
-
- 18.
What is the default device name on the ASA?
- A.
ASA
- B.
Cisco
- C.
Hostname
- D.
CiscoASA
Correct Answer
D. CiscoASAExplanation
The default device name on the ASA is "CiscoASA".Rate this question:
-
- 19.
What is the default SSH session username used by the 5505?
- A.
PIX
- B.
Cisco
- C.
CiscoASA
- D.
SecWeb
Correct Answer
A. PIXExplanation
The default SSH session username used by the 5505 is "PIX".Rate this question:
-
- 20.
What is the default enable password on the ASA?
- A.
Porn
- B.
Cisco
- C.
Cisco ASA
- D.
There is none by default
Correct Answer
D. There is none by defaultExplanation
The correct answer is "There is none by default" because the ASA (Adaptive Security Appliance) does not have a default enable password. When initially setting up the ASA, the user is prompted to create an enable password. If the user does not set a password during the initial setup, the enable password remains blank by default. It is important for the user to set a strong enable password to ensure the security of the ASA.Rate this question:
-
- 21.
When dealing with security levels, what is the most secure level?
- A.
10
- B.
100
- C.
255
- D.
1000
Correct Answer
B. 100Explanation
The most secure level when dealing with security levels is 100.Rate this question:
-
- 22.
Where do I go in the ASDM software to configure an IP address on an interface?
- A.
Configuration\Device Setup\Interfaces
- B.
File\Properties\Interfaces
- C.
Setup\Interfaces
- D.
Appreciation\Porn\Inflatable Animal
Correct Answer
A. Configuration\Device Setup\InterfacesExplanation
The correct answer is "Configuration\Device Setup\Interfaces." This is the correct location in the ASDM software to configure an IP address on an interface. The "Device Setup" menu allows users to configure various settings related to the device, including network interfaces. Within the "Interfaces" submenu, users can select the specific interface they want to configure and then set the desired IP address.Rate this question:
-
- 23.
When using the CLI, what mode is used to enter a security level?
- A.
User
- B.
Privileged
- C.
Configuration
- D.
Sub-Configuration
Correct Answer
D. Sub-ConfigurationExplanation
p70Rate this question:
-
- 24.
What is the maximum number of Vlans you are able to configure on the base ASA?
- A.
3
- B.
5
- C.
10
- D.
25
Correct Answer
A. 3Explanation
The maximum number of VLANs that can be configured on the base ASA is 3. This means that the ASA can support up to 3 separate VLANs for network segmentation and traffic management purposes.Rate this question:
-
- 25.
If you want to preview commands in the ASDM software before they are sent to the ASA, where do you go to turn that on?
- A.
File\Properties
- B.
Tools\Preferences
- C.
Commands\Preview
- D.
I have no clue
Correct Answer
B. Tools\PreferencesExplanation
To preview commands in the ASDM software before they are sent to the ASA, you need to go to Tools\Preferences. This option allows you to review the commands and make any necessary changes or adjustments before they are actually implemented on the ASA. It provides an additional layer of control and ensures that the correct commands are being sent to the device, minimizing the risk of errors or unintended consequences.Rate this question:
-
- 26.
Which module is required for IPS?
- A.
CSC-SSM
- B.
AIP-SSM
- C.
SSC-SSM
- D.
OU812
Correct Answer
B. AIP-SSMExplanation
The AIP-SSM module is required for IPS. The AIP-SSM (Advanced Inspection and Prevention Security Services Module) is specifically designed for intrusion prevention and detection. It provides real-time threat protection, network visibility, and advanced security features. The CSC-SSM (Content Security and Control Security Services Module) is focused on content filtering and anti-malware, while the SSC-SSM (Security Services Card) is used for firewall and VPN services. OU812 is not a valid module for IPS.Rate this question:
-
- 27.
Which module provides support for antivirus features?
- A.
CSC-SSM
- B.
AIP-SSM
- C.
SSC-SSM
- D.
OU812
Correct Answer
A. CSC-SSMExplanation
The CSC-SSM module provides support for antivirus features.Rate this question:
-
- 28.
What does a solid amber light on the status LED mean?
- A.
System is booting
- B.
System tests passed
- C.
System tests failed
- D.
No soup for you!
Correct Answer
C. System tests failedExplanation
A solid amber light on the status LED indicates that the system tests have failed. This means that there is an issue or malfunction in the system that needs to be addressed. It could be a hardware or software problem that needs to be diagnosed and fixed before the system can function properly.Rate this question:
-
- 29.
Whatis the max speed of the switchports on the 5505?
- A.
10mbps
- B.
100mbps
- C.
1000mbps
- D.
Frick’n fast man!
Correct Answer
B. 100mbpsExplanation
The correct answer is 100mbps. The 5505 switchports have a maximum speed of 100mbps.Rate this question:
-
- 30.
How many Vlans can be created on the 5505 using the switchports by default?
- A.
2
- B.
3
- C.
4
- D.
6
Correct Answer
B. 3Explanation
The correct answer is 3 because the Cisco ASA 5505, by default, has three switchports that can be used to create VLANs. These switchports can be configured as access ports or trunk ports to support VLANs and allow for network segmentation and traffic isolation.Rate this question:
-
- 31.
How many PoE ports are there on the 5505 by default?
- A.
1
- B.
2
- C.
3
- D.
5
Correct Answer
B. 2Explanation
The default number of PoE ports on the 5505 is 2.Rate this question:
-
- 32.
What port numbers are used for the PoE ports?
- A.
7 and 8
- B.
1 and 2
- C.
6 and 7
- D.
1 and 8
Correct Answer
C. 6 and 7Explanation
The correct answer is 6 and 7. These port numbers are used for the Power over Ethernet (PoE) ports. PoE allows for both power and data to be transmitted over the same Ethernet cable, eliminating the need for separate power cables. Port numbers 6 and 7 are specifically designated for PoE, indicating that these ports are capable of providing power to connected devices.Rate this question:
-
- 33.
What can I purchase to get some of the switchports to function at gigabit speed on the 5510?
- A.
AIP-SSM Module
- B.
CSC-SSM Module
- C.
Security Plus Upgrade License
- D.
Optional 1gig Memory Module
Correct Answer
C. Security Plus Upgrade LicenseExplanation
To enable gigabit speed on the switchports of the 5510, a Security Plus Upgrade License is required. This license provides additional features and capabilities, including the ability to support gigabit speed on the switchports. The AIP-SSM Module and CSC-SSM Module are not related to the switchports' speed, and the optional 1gig Memory Module does not affect the switchports' functionality. Therefore, the Security Plus Upgrade License is the correct answer.Rate this question:
-
- 34.
How big is the license key used to enable features on the ASA?
- A.
20 Digit Decimal
- B.
30 Digit Hex
- C.
40 Digit Hex
- D.
40 Digit Decimal
Correct Answer
C. 40 Digit HexExplanation
The license key used to enable features on the ASA is a 40 digit hexadecimal number. Hexadecimal numbers are commonly used in computing systems, as they provide a convenient way to represent large binary numbers. The 40 digit length suggests that the license key is quite long, which may provide a high level of security and complexity.Rate this question:
-
- 35.
What is the flash card used for on the ASA 5510 besides storing the IOS?
- A.
Saving Configs
- B.
Additional RAM space
- C.
CPU Overflow
- D.
Flashing the BIOS
Correct Answer
A. Saving ConfigsExplanation
The flash card on the ASA 5510 is used for saving configurations. Configurations include settings and parameters that define how the device operates, such as network settings, security policies, and access control rules. By storing configurations on the flash card, they can be easily backed up, restored, or transferred to other devices. This helps in maintaining consistent and reliable network configurations across multiple devices and simplifies the management of the ASA 5510.Rate this question:
-
- 36.
What is the smallest ASA you can buy with a gigabit interface without buying an additional license upgrade?
- A.
5510
- B.
5520
- C.
5550
- D.
5580
Correct Answer
B. 5520Explanation
The correct answer is 5520 because it is the smallest ASA model that comes with a gigabit interface without requiring an additional license upgrade. This means that you can achieve high-speed data transfer without any additional cost or hassle.Rate this question:
-
- 37.
How many IPSec VPN connections does the 5510 allow without upgrading the license?
- A.
100
- B.
150
- C.
200
- D.
250
Correct Answer
D. 250Explanation
The Cisco ASA 5510 firewall allows up to 250 IPSec VPN connections without requiring a license upgrade. This means that organizations can establish secure VPN connections for up to 250 remote users or branch offices without incurring additional costs. This feature is beneficial for small to medium-sized businesses that need to connect multiple locations or provide remote access for a large number of employees.Rate this question:
-
- 38.
What is the maximum number of Vlans supports on the 5510 without upgrading the license?
- A.
25
- B.
50
- C.
150
- D.
200
Correct Answer
B. 50Explanation
The maximum number of VLANs supported on the 5510 without upgrading the license is 50. This means that the device can handle up to 50 separate virtual LANs, allowing for network segmentation and improved network management.Rate this question:
-
- 39.
On the 5510, enabling the 3DES/AES encryption slows down the firewall throughput by how many mbps?
- A.
75 mbps
- B.
100 mbps
- C.
130 mbps
- D.
150 mbps
Correct Answer
C. 130 mbpsExplanation
Enabling the 3DES/AES encryption on the 5510 firewall reduces the throughput by 130 mbps. This means that when the encryption is enabled, the firewall can process data at a speed that is 130 mbps slower compared to when the encryption is disabled. This reduction in throughput is due to the additional processing required for encryption and decryption of data, which takes up computational resources and slows down the overall performance of the firewall.Rate this question:
-
- 40.
Which model of ASA supports up to 1 million connections?
- A.
5520
- B.
5550
- C.
5580-20
- D.
5580-40
Correct Answer
C. 5580-20Explanation
The 5580-20 model of ASA supports up to 1 million connections.Rate this question:
-
- 41.
Which model of ASA does NOT support adding the AIP-SSM according to the book?
- A.
5505
- B.
5510
- C.
5520
- D.
5555
Correct Answer
A. 5505Explanation
The ASA 5505 model does not support adding the AIP-SSM according to the book.Rate this question:
-
- 42.
If I have an ASA 5510 and I add an AIP-SSM-10 module and I don’t use 3DES/AES, how much of a reduction in throughput would I have? Your gonna have to think out of the box a bit on this one, the answer is not spelled out for you in the book.
- A.
75 mbps
- B.
100 mbps
- C.
150 mbps
- D.
200 mbps
Correct Answer
C. 150 mbpsExplanation
Adding an AIP-SSM-10 module to an ASA 5510 without using 3DES/AES would result in a reduction in throughput of 150 mbps. This suggests that the AIP-SSM-10 module has a maximum throughput of 150 mbps and not using 3DES/AES does not further impact the reduction in throughput.Rate this question:
-
- 43.
How much does an AIP-SSM cost for the 5505 from CDW according to my powerpoint slide?
- A.
Under $1,000
- B.
$1,000 to $2,500
- C.
$2,500 to $3,500
- D.
Over $5,000
Correct Answer
B. $1,000 to $2,500Explanation
The given answer suggests that the cost of an AIP-SSM for the 5505 from CDW according to the powerpoint slide is between $1,000 to $2,500.Rate this question:
-
- 44.
How much does an ASA 5510 cost from CDW with no extra security license? (CDW Part# 792589)
- A.
Under $1000
- B.
$1000 to $2000
- C.
$2000 to $3000
- D.
Over $4000
Correct Answer
C. $2000 to $3000Explanation
The correct answer is $2000 to $3000. This suggests that the cost of an ASA 5510 from CDW, without any additional security license, falls within the range of $2000 to $3000.Rate this question:
-
- 45.
How much does an ASA 5505 cost with a standard 10 user bundle from CDW?
- A.
Under $200
- B.
Under $300
- C.
$300 to $400
- D.
Over $400
Correct Answer
D. Over $400Explanation
The given answer states that the cost of an ASA 5505 with a standard 10 user bundle from CDW is over $400. This implies that the price for this product is higher than $400.Rate this question:
-
- 46.
What scanning software does the CSC-SSM module use?
- A.
AVG
- B.
Trend Micro
- C.
Avast
- D.
PCcillin
Correct Answer
B. Trend MicroExplanation
The CSC-SSM module uses Trend Micro scanning software.Rate this question:
-
- 47.
Which number is NOT a valid model of the AIP-SSM module?
- A.
-10
- B.
-20
- C.
-30
- D.
-40
Correct Answer
C. -30Explanation
The AIP-SSM module typically uses positive numbers as model numbers. Since -30 is a negative number, it is not a valid model of the AIP-SSM module.Rate this question:
-
- 48.
Can the ASA scan HTTPS traffic if you have a CSC-SSM module installed?
- A.
Yes
- B.
No
- C.
How the frick should I know
- D.
What?
Correct Answer
B. NoExplanation
The ASA cannot scan HTTPS traffic if a CSC-SSM module is installed. The CSC-SSM module is designed to inspect and filter HTTP traffic, but it does not have the capability to decrypt and inspect encrypted HTTPS traffic. Therefore, the ASA would not be able to scan the contents of HTTPS traffic passing through the network.Rate this question:
-
- 49.
How much does the CSC-SSM-10 cost from CDW? (CDW Part# 973275)
- A.
Under $1000Under $1000
- B.
Under $2000
- C.
$2000 to $4000
- D.
Over $5000
Correct Answer
C. $2000 to $4000Explanation
The CSC-SSM-10 from CDW costs between $2000 to $4000.Rate this question:
-
- 50.
According to the bottom of page one, where are firewalls placed?
- A.
Only at the entryway to the internet
- B.
Between trusted and untrusted networks
- C.
Only internally
- D.
Right after a switch
Correct Answer
B. Between trusted and untrusted networksExplanation
Firewalls are placed between trusted and untrusted networks. This means that they are positioned at the boundary where the trusted network (such as an internal network) connects with the untrusted network (such as the internet). By being placed in this location, firewalls can monitor and control the incoming and outgoing network traffic, ensuring that only authorized and safe data is allowed to pass through while blocking any potentially harmful or unauthorized access attempts.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 22, 2023Quiz Edited by
ProProfs Editorial Team -
Feb 14, 2012Quiz Created by
Jjscarpino4
Cisco CyberOps Security Fundamentals Section 02: Network Infrastructure (Q 1-10)
Cisco CyberOps Security Fundamentals Section 02: Network Infrastructure (Q 1-10)
Cisco CyberOps Security Fundamentals Section 01: TCP/IP Protocol Suite (Q 41-50)
Cisco CyberOps Security Fundamentals Section 01: TCP/IP Protocol Suite (Q 41-50)
Cisco CyberOps Security Fundamentals Section 01: TCP/IP Protocol Suite (Q 51-60)
Cisco CyberOps Security Fundamentals Section 01: TCP/IP Protocol Suite (Q 51-60)
Cisco CyberOps Security Fundamentals Section 01: TCP/IP Protocol Suite (Q 31-40)
Cisco CyberOps Security Fundamentals Section 01: TCP/IP Protocol Suite (Q 31-40)
- ACA Quizzes
- ACCA Quizzes
- ACE Quizzes
- BCBA Quizzes
- CCP Quizzes
- CDC Quizzes
- CDCs Quizzes
- CEH Quizzes
- CISA Quizzes
- CISSP Quizzes
- CompTIA Quizzes
- CPA Quizzes
- CPAT Quizzes
- CPFA Quizzes
- CPP Quizzes
- CPT Quizzes
- CSA Quizzes
- CSET Quizzes
- CST Quizzes
- CSWIP Quizzes
- FTCE Quizzes
- HIPAA Quizzes
- IAHCSMM Quizzes
- ISTQB Quizzes
- LEED Ga Quizzes
- MBLEx Quizzes
- NCIDQ Quizzes
- PMP Quizzes
- PRAXIS Quizzes
- PTCB Quizzes
- Six Sigma Quizzes
- TEAS Quizzes
Back to top