Midterm Chapter 4-6

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Jjscarpino4
J
Jjscarpino4
Community Contributor
Quizzes Created: 3 | Total Attempts: 3,435
| Attempts: 1,426
SettingsSettings
Please wait...
  • 1/68 Questions

    Is it possible to configure the ASA to use authentication for everyone except Joe Donut? In other words, can I excuse a person or user account from having to authenticate and make everyone else in the organization authenticate?

    • Yes
    • No
Please wait...
About This Quiz

Midterm Chapter 4-6 evaluates understanding of Access Control Lists (ACLs), focusing on their components, behaviors, and specific functionalities in network security. It tests key skills in configuring and troubleshooting ACLs, essential for network administration.

Midterm Chapter 4-6 - Quiz

Quiz Preview

  • 2. 

    True or false, only the first packet of a flow is inspected by the ACL , after that all subsequent packets matching that connection are not checked.

    • True

    • False

    Correct Answer
    A. True
    Explanation
    The statement is true. ACLs (Access Control Lists) are used to control network traffic by filtering packets based on specific criteria. Once a packet matches a flow, the ACL will inspect it and make a decision (allow or deny). However, for subsequent packets that belong to the same flow, the ACL does not need to inspect them again as the decision has already been made. This helps improve network performance by reducing the processing overhead on the ACL for every packet in the same flow.

    Rate this question:

  • 3. 

    When passwords are sent from the ASA to the radius server on the internal network, are they encrypted?

    • Yes

    • No

    Correct Answer
    A. Yes
    Explanation
    Yes, passwords are encrypted when they are sent from the ASA to the radius server on the internal network. Encryption ensures that the passwords are securely transmitted and cannot be intercepted or accessed by unauthorized individuals. This helps to protect the confidentiality and integrity of the passwords, ensuring that they remain secure during transmission.

    Rate this question:

  • 4. 

    Is it true that LDAP only provides authorization services and if you want authentication services you need to find a separate protocol?

    • Yes

    • No

    Correct Answer
    A. Yes
    Explanation
    LDAP (Lightweight Directory Access Protocol) is primarily used for directory services, including user authentication and authorization. However, it is incorrect to state that LDAP only provides authorization services. In fact, LDAP supports both authentication and authorization functionalities. It can authenticate users by verifying their credentials against the directory server and also authorize their access to specific resources based on their permissions. Therefore, the correct answer should be "No" instead of "Yes".

    Rate this question:

  • 5. 

    Is it possible to customize the authentication prompts that a user sees when trying to access secure recourses through the ASA?

    • Yes

    • No

    Correct Answer
    A. Yes
    Explanation
    Yes, it is possible to customize the authentication prompts that a user sees when trying to access secure resources through the ASA. This can be done by configuring the ASA to use customized login banners or by implementing a customized web portal for authentication. These customization options allow organizations to provide a branded and personalized authentication experience for their users, enhancing security and user experience.

    Rate this question:

  • 6. 

    True of False, an extended ACL only filters by IP address?

    • True

    • False

    Correct Answer
    A. False
    Explanation
    An extended ACL does not only filter by IP address. It can also filter based on other criteria such as protocol type, source and destination port numbers, and specific TCP flags. This allows for more granular control and flexibility in determining what traffic is allowed or denied.

    Rate this question:

  • 7. 

    What kind of ACL is this - access-list 102 permit tcp any 192.168.100.200 0.0.0.0 eq 25

    • Standard

    • Extended

    • Email

    • SMTP

    Correct Answer
    A. Extended
    Explanation
    The given access control list (ACL) is an extended ACL. This can be determined by looking at the syntax of the command. In an extended ACL, we can specify more specific criteria such as source and destination IP addresses, protocols, and port numbers. In this case, the ACL permits TCP traffic from any source IP address to the destination IP address 192.168.100.200 on port 25, which is commonly used for SMTP (Simple Mail Transfer Protocol) for email communication.

    Rate this question:

  • 8. 

    What is it called when I prove I am who I say I am?

    • Authentication

    • Authorization

    • Accounting

    Correct Answer
    A. Authentication
    Explanation
    Authentication is the process of proving one's identity or verifying that someone is who they claim to be. It involves providing credentials, such as a username and password, or using biometric measures like fingerprints or facial recognition. By successfully completing the authentication process, individuals can gain access to systems, accounts, or resources that require verification of their identity.

    Rate this question:

  • 9. 

    Does the ASA support Authorization when using Radius?

    • Yes

    • No

    Correct Answer
    A. Yes
    Explanation
    The ASA (Adaptive Security Appliance) does support Authorization when using Radius. Radius is a protocol commonly used for authentication, authorization, and accounting (AAA) purposes in network security. By integrating Radius with the ASA, administrators can enforce access control policies and determine what actions users are allowed to perform on the network. This authorization process helps ensure that only authorized individuals or devices can access specific resources or perform certain actions within the network.

    Rate this question:

  • 10. 

    Which routing protocol is Cisco proprietary?

    • RIP

    • OSPF

    • EIGRP

    • SpongeBob

    Correct Answer
    A. EIGRP
    Explanation
    EIGRP is Cisco proprietary because it was developed by Cisco Systems and is only available on Cisco devices. Unlike RIP and OSPF, which are open standard protocols that can be used on various vendors' equipment, EIGRP is exclusive to Cisco. SpongeBob is not a routing protocol and is not relevant to this question.

    Rate this question:

  • 11. 

    If I manually put in a route it is called a________?

    • Manual route

    • Static route

    • Enhanced route

    • OPP route, yeah you know me

    Correct Answer
    A. Static route
    Explanation
    A manually inputted route is called a static route. This means that the route is manually configured and does not change unless manually updated. It is commonly used in small networks or for specific network configurations where the route needs to remain constant.

    Rate this question:

  • 12. 

    What version of RIP supports CIDR?

    • Version 1

    • Version 2

    • Version 2.1

    • Version crack-attack

    Correct Answer
    A. Version 2
    Explanation
    RIP (Routing Information Protocol) is a distance-vector routing protocol that is used to exchange routing information between routers. Version 1 of RIP does not support Classless Inter-Domain Routing (CIDR), which is a technique used to allocate IP addresses more efficiently. However, Version 2 of RIP does support CIDR. Therefore, the correct answer is Version 2.

    Rate this question:

  • 13. 

    True or False, ICMP is considered a unidirectional protocol and requires a rule for each direction you wish it to flow.

    • True

    • False

    Correct Answer
    A. True
    Explanation
    ICMP (Internet Control Message Protocol) is considered a unidirectional protocol because it is primarily used for error reporting and diagnostic purposes in IP networks. It does not establish a connection or maintain a session between two hosts, unlike bidirectional protocols such as TCP or UDP. In order to allow ICMP traffic to flow in both directions, separate rules need to be configured for each direction. Therefore, the statement that ICMP is considered a unidirectional protocol and requires a rule for each direction is true.

    Rate this question:

  • 14. 

    If I want to send default route information with my RIP advertisements, what command do I use?

    • Passive-interface

    • Default-information originate

    • Redistribute

    • RIP Ver 2

    Correct Answer
    A. Default-information originate
    Explanation
    The correct answer is "Default-information originate." This command is used in RIP (Routing Information Protocol) to advertise the default route to other routers in the network. By using this command, the router sends the default route information in its RIP advertisements, allowing other routers to learn about the default route and use it for forwarding packets to destinations outside of their own network.

    Rate this question:

  • 15. 

    What does OSPF stand for?

    • Open shortest route first

    • Often smoke pot first

    • Open short people first

    • Open shortest path first

    Correct Answer
    A. Open shortest path first
    Explanation
    OSPF stands for Open Shortest Path First. This is a routing protocol used in computer networks to determine the best path for data packets to travel from one network to another. It calculates the shortest path based on the cost of each link and updates the routing table accordingly. By using OSPF, networks can efficiently exchange routing information and dynamically adapt to changes in network topology.

    Rate this question:

  • 16. 

    Is it possible to configure the ASA to authenticate users of the ASDM by using a remote server like RADIUS?

    • Yes

    • No

    • Only in Windows

    • Only with a Mac

    Correct Answer
    A. Yes
    Explanation
    Yes, it is possible to configure the ASA (Adaptive Security Appliance) to authenticate users of the ASDM (Adaptive Security Device Manager) by using a remote server like RADIUS (Remote Authentication Dial-In User Service). This allows for centralized authentication and authorization of users accessing the ASDM interface, providing an additional layer of security and control.

    Rate this question:

  • 17. 

    True or false, if a packet flow comes in and the first line of the ACL matches the packet, no further ACE’s are checked.

    • True

    • False

    Correct Answer
    A. True
    Explanation
    If the first line of the Access Control List (ACL) matches the packet flow, it means that the conditions specified in that line are satisfied by the packet. In this case, there is no need to check any further Access Control Entries (ACEs) in the ACL because the packet has already been matched and the corresponding action can be taken. Therefore, the statement "if a packet flow comes in and the first line of the ACL matches the packet, no further ACE's are checked" is true.

    Rate this question:

  • 18. 

    True or False, named ACL’s have to include the “standard” or “extended” parameter?

    • True

    • False

    Correct Answer
    A. True
    Explanation
    Named ACL's have to include the "standard" or "extended" parameter. This means that when creating a named ACL, it is necessary to specify whether it is a standard or extended ACL.

    Rate this question:

  • 19. 

    Which of the two open-source routing protocols are designed for large-scale networks?

    • RIP

    • OSPF

    • EIGRP

    • SpongeBob

    Correct Answer
    A. OSPF
    Explanation
    OSPF (Open Shortest Path First) is an open-source routing protocol that is specifically designed for large-scale networks. It is widely used in enterprise networks and internet service provider networks. OSPF uses a link-state routing algorithm, which allows it to efficiently calculate the shortest path to a destination and adapt to changes in the network topology. It supports large networks with thousands of routers and can scale well. Therefore, OSPF is the correct answer for this question.

    Rate this question:

  • 20. 

    True or False, IP6 ACL’s are only supported in version 6.2 of the ASDM or higher?

    • True

    • False

    Correct Answer
    A. True
    Explanation
    IP6 ACL's are only supported in version 6.2 of the ASDM or higher.

    Rate this question:

  • 21. 

    If I want to stop the router from advertising RIP updates through an interface, what command do I use?

    • Passive-interface

    • Default-information originate

    • Redistribute

    • RIP Ver 2

    Correct Answer
    A. Passive-interface
    Explanation
    The command "Passive-interface" is used to stop the router from advertising RIP updates through an interface. By configuring an interface as passive, the router will still receive RIP updates from that interface but will not send any updates out through it. This is useful when you want to prevent certain interfaces from participating in RIP routing updates while still allowing them to receive routing information from other interfaces.

    Rate this question:

  • 22. 

    What was the name of the routing protocol that was a “link-state” protocol?

    • RIP

    • OSPF

    • EIGRP

    • SpongeBob

    Correct Answer
    A. OSPF
    Explanation
    OSPF, which stands for Open Shortest Path First, is a routing protocol that is classified as a "link-state" protocol. This means that it uses information about the state of links in a network to determine the shortest path to a destination. OSPF calculates the cost of each link based on factors such as bandwidth and congestion, and then uses this information to build a database of the network's topology. By considering the state of each link, OSPF is able to make more informed routing decisions and efficiently route data packets through the network.

    Rate this question:

  • 23. 

    True or False, Standard ACL’s only work in transparent mode.

    • True

    • False

    Correct Answer
    A. False
    Explanation
    Standard ACL's can work in both transparent mode and routed mode. Transparent mode is used in a firewall to filter traffic between two networks without changing the IP addresses. In this mode, the firewall acts as a bridge between the two networks. However, standard ACL's can also be applied to interfaces in routed mode, where the firewall is actively routing traffic between networks. Therefore, the statement that standard ACL's only work in transparent mode is false.

    Rate this question:

  • 24. 

    What is the term for how many times a packet is matched against an ACE?

    • Hit count

    • Counters

    • Conn

    • Statistics

    Correct Answer
    A. Hit count
    Explanation
    The term for how many times a packet is matched against an ACE is "hit count". This refers to the number of times a packet matches the conditions specified in an Access Control Entry (ACE) within a network device. By keeping track of the hit count, network administrators can monitor the traffic patterns and determine the effectiveness of their access control policies.

    Rate this question:

  • 25. 

    True of False, an ACL can inspect a packet header for layer 5 information?

    • True

    • False

    Correct Answer
    A. False
    Explanation
    An ACL (Access Control List) cannot inspect a packet header for layer 5 information. ACLs are typically used for filtering network traffic based on layer 3 (network layer) and layer 4 (transport layer) information such as source and destination IP addresses, ports, and protocols. Layer 5 (session layer) information, which includes data related to establishing, managing, and terminating connections between network devices, is not typically inspected by ACLs. Therefore, the statement that an ACL can inspect a packet header for layer 5 information is false.

    Rate this question:

  • 26. 

    Which command will allow me to create a time-based ACL that will be enforced every Saturday?

    • Periodic

    • Recurring

    • Absolute

    • Internal

    Correct Answer
    A. Periodic
    Explanation
    The command "Periodic" allows the creation of a time-based ACL that will be enforced every Saturday. This means that the ACL rules will only be applied and enforced on Saturdays, providing a specific time-based restriction.

    Rate this question:

  • 27. 

    What does RIP stand for?

    • Routing Internet Protocol

    • Routing Information Protocol

    • Route Interior Protocol

    • Route Internet Protocol

    Correct Answer
    A. Routing Information Protocol
    Explanation
    RIP stands for Routing Information Protocol. This protocol is used for routing and exchanging network information between routers in a network. It helps routers to determine the best path for data packets to travel from one network to another. RIP uses hop count as a metric to calculate the distance between routers and chooses the route with the fewest hops as the best route.

    Rate this question:

  • 28. 

    RIP has a limit of how many hops?

    • 10

    • 12

    • 15

    • 20

    Correct Answer
    A. 15
    Explanation
    RIP (Routing Information Protocol) has a limit of 15 hops. This means that RIP can only route packets to a maximum of 15 network hops away. If a destination network is more than 15 hops away, RIP will not be able to route the packets to that network.

    Rate this question:

  • 29. 

    Can I distribute static routes using EIGRP?

    • Yes

    • No

    • I like crack

    Correct Answer
    A. Yes
    Explanation
    Yes, static routes can be distributed using EIGRP. EIGRP is a routing protocol that supports the redistribution of routes between different routing protocols, including static routes. By redistributing static routes into EIGRP, the network administrator can make these routes available to other routers within the EIGRP domain. This allows for greater flexibility and control in network routing.

    Rate this question:

  • 30. 

    What command will display the routing table of the ASA?

    • Show routing table

    • Show route

    • Show the routes damnit

    • Show table

    Correct Answer
    A. Show route
    Explanation
    The correct answer is "Show route." This command is used to display the routing table of the ASA.

    Rate this question:

  • 31. 

    Can an ASA be connected to two different networks using two different routing protocols? In other words, can I have a RIP network connected and an EIGRP network connected and be able to route between both of them?

    • Yes

    • No

    • Sometimes

    • Only in Rip Ver 2

    Correct Answer
    A. Yes
    Explanation
    Yes, an ASA can be connected to two different networks using two different routing protocols. This allows the ASA to route between both networks and enables communication between devices on each network.

    Rate this question:

  • 32. 

    What is this the main topic of this chapter (6)?

    • AAA

    • Routing

    • Switching

    Correct Answer
    A. AAA
    Explanation
    The main topic of this chapter is AAA, which stands for Authentication, Authorization, and Accounting. AAA is a framework used in computer systems to control access to resources and track user activities. It involves verifying the identity of users, determining their access privileges, and logging their actions for auditing purposes. This chapter likely explores the concepts, principles, and implementation of AAA in network routing and switching.

    Rate this question:

  • 33. 

    What are the entries called that make up an ACL?

    • ACL

    • ABC

    • ACE

    • DMZ

    Correct Answer
    A. ACE
    Explanation
    The entries that make up an ACL (Access Control List) are called ACE (Access Control Entries). ACEs define the permissions or restrictions for a particular user or group of users on a network device or system. They specify whether the user or group is allowed or denied access to specific resources or actions.

    Rate this question:

  • 34. 

    Does OSPF use an area number?

    • Yes

    • No

    • How the heck should I know

    • Can I just send you money and get an A

    Correct Answer
    A. Yes
    Explanation
    OSPF (Open Shortest Path First) does use an area number. OSPF divides a network into areas to improve scalability and reduce routing overhead. Each area is identified by a unique area number, and routers within the same area share routing information. This allows for efficient routing within the area and reduces the amount of routing information that needs to be exchanged between areas.

    Rate this question:

  • 35. 

    If I have BOTH an Absolute and a Periodic parameter configured in the same timerange, which one would be evaluated first?

    • Recurring

    • Periodic

    • Absolute

    • Internal

    Correct Answer
    A. Absolute
    Explanation
    If both an Absolute and a Periodic parameter are configured in the same timerange, the Absolute parameter would be evaluated first. This means that the timerange specified by the Absolute parameter would take precedence over the timerange specified by the Periodic parameter.

    Rate this question:

  • 36. 

    What command can I run to only show the routes learned on the inside interface of the ASA?

    • Show route

    • Show Inside

    • Show route inside

    • Show crack smoked

    Correct Answer
    A. Show route inside
    Explanation
    The correct answer is "Show route inside" because this command specifically instructs the ASA to display only the routes learned on the inside interface. By using the "inside" keyword, the command filters the output to show only the relevant information, making it easier for the user to identify and analyze the routes learned on the inside interface.

    Rate this question:

  • 37. 

    Which AAA protocol or service does the ASA NOT support?

    • RADIUS

    • TACACS+

    • DHCP

    • Kerberos

    Correct Answer
    A. DHCP
    Explanation
    The ASA (Adaptive Security Appliance) does not support the DHCP (Dynamic Host Configuration Protocol) protocol or service. DHCP is used to automatically assign IP addresses and other network configuration settings to devices on a network. While the ASA can support other AAA (Authentication, Authorization, and Accounting) protocols such as RADIUS and TACACS+, it does not have the capability to act as a DHCP server or relay agent.

    Rate this question:

  • 38. 

    Where are new ACE’s added to the ACL?

    • Top of the list

    • Bottom of the list

    • Where they fit in with the layers of the OSI model

    • Ascending order by port number

    Correct Answer
    A. Bottom of the list
    Explanation
    New ACEs (Access Control Entries) are added to the bottom of the ACL (Access Control List). This is because the ACL is processed in a sequential manner from top to bottom, and the first matching ACE determines the access control decision. By adding new ACEs at the bottom, they have a lower priority and will only be evaluated if no previous ACEs match the criteria.

    Rate this question:

  • 39. 

    In the show route command, what letter signifies a route learned through RIP?

    • E

    • B

    • D

    • R

    Correct Answer
    A. R
    Explanation
    The letter "R" signifies a route learned through RIP in the show route command. RIP (Routing Information Protocol) is a dynamic routing protocol that uses hop count as a metric to determine the best path for routing data packets. When the show route command is used, the "R" indicates that the route was learned through RIP.

    Rate this question:

  • 40. 

    OK, since you know the answer to the question above is yes, what is the command to make RIP work with another routing protocol?

    • Passive-interface

    • Default-information originate

    • Redistribute

    • RIP Ver 2

    Correct Answer
    A. Redistribute
    Explanation
    The command "redistribute" is used to make RIP work with another routing protocol. This command allows the redistribution of routes learned from one routing protocol into another routing protocol. By using this command, RIP can exchange routing information with other protocols, enabling communication and coordination between different routing protocols.

    Rate this question:

  • 41. 

    What port does TACACS+ use?

    • 29

    • 39

    • 49

    • 59

    • 92

    • 93

    • 94

    • 95

    Correct Answer
    A. 49
    Explanation
    TACACS+ uses port 49.

    Rate this question:

  • 42. 

    If I have an ACL that says permit 192.168.10.0 0.0.0.255, which address will it block?

    • 192.168.10.1

    • 192.169.10.100

    • 192.168.10.10

    • 192.168.10.254

    Correct Answer
    A. 192.169.10.100
  • 43. 

    Which routing protocol uses DUAL for calculating the metric (route options)?

    • RIP

    • OSPF

    • EIGRP

    • SpongeBob

    Correct Answer
    A. EIGRP
    Explanation
    EIGRP (Enhanced Interior Gateway Routing Protocol) is the routing protocol that uses DUAL (Diffusing Update Algorithm) for calculating the metric or route options. DUAL allows EIGRP to quickly adapt to network changes and find the best path to a destination by considering multiple factors such as bandwidth, delay, reliability, and load. This makes EIGRP a highly efficient and scalable routing protocol for large networks.

    Rate this question:

  • 44. 

    Which routing protocol uses only hop-count as its metric?

    • RIP

    • OSPF

    • EIGRP

    • OPP, yeah you know me

    Correct Answer
    A. RIP
    Explanation
    RIP (Routing Information Protocol) uses only hop-count as its metric. Hop-count refers to the number of routers a packet must pass through to reach its destination. RIP determines the best path to a destination based on the lowest hop-count. It is a distance-vector routing protocol that periodically shares routing information with neighboring routers, allowing them to update their routing tables. RIP is a simple and easy-to-configure protocol, but it may not be suitable for large networks due to its limited scalability.

    Rate this question:

  • 45. 

    What does the ip address of 209.165.201.2 signify in the following command – route outside 0.0.0.0 0.0.0.0 209.165.201.2 1

    • Outside IP of the ASA

    • Gateway

    • Inside IP of web server

    • Hop count

    Correct Answer
    A. Gateway
    Explanation
    The IP address 209.165.201.2 in the given command signifies the gateway. In networking, a gateway is a device or a computer that connects different networks together. It acts as an entry point to a network and allows devices from one network to communicate with devices from another network. In this command, the IP address 209.165.201.2 is specified as the gateway for the "outside" interface of the ASA (Adaptive Security Appliance). This means that any traffic destined for networks outside of the ASA will be sent to this IP address for further routing.

    Rate this question:

  • 46. 

    Which one is NOT a type of object group?

    • Network

    • Protocol

    • Service

    • Internal

    Correct Answer
    A. Internal
    Explanation
    The given answer "Internal" is the correct answer because the other options - "Network," "Protocol," and "Service" - are all types of object groups. However, "Internal" does not fall under the category of an object group.

    Rate this question:

  • 47. 

    True or False, anytime I use the “IN” parameter when applying an ACL to an interface, it means to check the traffic coming inside my network?

    • True

    • False

    Correct Answer
    A. False
    Explanation
    Using the "IN" parameter when applying an ACL to an interface does not necessarily mean checking the traffic coming inside the network. The "IN" parameter refers to the direction of traffic flow relative to the interface where the ACL is applied. It could mean checking traffic coming into the interface from an external network or checking traffic going out of the interface towards an external network. Therefore, the statement is false.

    Rate this question:

  • 48. 

    What command will apply an ACL to an interface?

    • Access-group

    • Access-list

    • Access-enable

    • Access-apply

    • Access-group interface

    Correct Answer
    A. Access-group
    Explanation
    The correct answer is "Access-group." This command is used to apply an Access Control List (ACL) to an interface. An ACL is a set of rules that determines what network traffic is allowed or denied on a network device. By using the access-group command, the specified ACL can be applied to a specific interface, allowing the network administrator to control the traffic flow.

    Rate this question:

  • 49. 

    Which command will allow me to create a specfic time-based ACL start and stop time?

    • Periodic

    • Absolute

    • Recurring

    • Internal

    Correct Answer
    A. Absolute
    Explanation
    The command "Absolute" allows the creation of a specific time-based ACL start and stop time. This means that the ACL will only be active during the specified time period and will not be applied outside of that timeframe.

    Rate this question:

Quiz Review Timeline (Updated): Sep 1, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Sep 01, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Mar 20, 2012
    Quiz Created by
    Jjscarpino4
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.