1.
What does ASA stand for?
Correct Answer
C. Adaptive Security Appliance
Explanation
ASA stands for Adaptive Security Appliance. This term refers to a firewall and security device developed by Cisco Systems. The ASA provides network security by combining firewall, VPN (Virtual Private Network), and intrusion prevention system capabilities. It is designed to protect networks from various threats and attacks, ensuring the confidentiality, integrity, and availability of network resources.
2.
Which one is NOT a way to access the CLI?
Correct Answer
C. RDP
Explanation
RDP (Remote Desktop Protocol) is not a way to access the Command Line Interface (CLI). RDP is a proprietary protocol developed by Microsoft that allows users to remotely connect to and control a computer over a network. It provides a graphical interface rather than a command line interface. Telnet, Console, and SSH are all methods that can be used to access the CLI. Telnet is a network protocol used to establish a remote command line session, Console refers to accessing the CLI directly from the physical device, and SSH (Secure Shell) is a network protocol that provides secure remote access to the CLI.
3.
By default, without any configuration form you, the ASA has a default inside IP address of?
Correct Answer
A. It does not have an IP by default
Explanation
By default, the ASA does not have an IP address assigned to its inside interface. It needs to be manually configured with an IP address for communication on the inside network.
4.
At what baud rate should you set your terminal emulation program in order to connect to the ASA and access the CLI?
Correct Answer
B. 9600
Explanation
To connect to the ASA and access the CLI, you should set your terminal emulation program to a baud rate of 9600. Baud rate refers to the number of signal changes per second in a communication channel, and setting it to 9600 ensures a reliable and efficient connection between the terminal emulation program and the ASA.
5.
According to the text, what should flow control be set at?
Correct Answer
A. Hardware
Explanation
The text suggests that flow control should be set at hardware.
6.
What is the symbol for the prompt in the CLI that lets you know you are in privileged mode?
Correct Answer
B. #
Explanation
The symbol "#" is used in the CLI to indicate that the user is in privileged mode. This mode grants the user access to advanced configuration and management commands, allowing them to make changes to the system settings. The "#" symbol is commonly used in various network devices and operating systems, such as Cisco routers and Unix-based systems, to signify privileged mode.
7.
According to the textbook, what mode are you in if the prompt look like this “(configs)�
Correct Answer
C. Configuration
Explanation
If the prompt looks like "(configs)", according to the textbook, the mode you are in is the Configuration mode.
8.
Which one of these commands will show me the license information on the ASA?
Correct Answer
A. Show Version
Explanation
The "Show Version" command will provide the license information on the ASA. This command displays detailed information about the software and hardware components of the ASA, including the license information. It is commonly used to verify the software version, activation key, and license details of the ASA device.
9.
What command do I type in to enter a new license key?
Correct Answer
A. Activation-key
Explanation
To enter a new license key, the correct command to type in is "activation-key". This command is used to activate or update the license key on a system. It is a standard command used in many software applications to input license information and unlock additional features or functionalities.
10.
If a user selects "NO" at the setup menu when the ASA starts up, what will the hostname of the device be?
Correct Answer
B. CiscoASA
Explanation
If a user selects "NO" at the setup menu when the ASA starts up, the hostname of the device will be CiscoASA.
11.
If you accidently type NO in for the setup option, is there another way to get into setup (according to the text) without rebooting or power cycling the ASA?
Correct Answer
B. Type setup in configs mode
Explanation
The correct answer is "Type setup in configs mode." This means that if you accidentally type "NO" for the setup option, you can still access the setup mode by typing "setup" in the configuration mode. This allows you to make changes to the ASA without having to reboot or power cycle it.
12.
Where is the ASDM software stored at on the ASA?
Correct Answer
A. Flash
Explanation
The ASDM software is stored in the Flash memory of the ASA. Flash memory is a type of non-volatile storage that retains data even when power is lost. It is commonly used in networking devices like the ASA to store firmware, operating systems, and other software. Storing the ASDM software in Flash memory allows for easy access and quick retrieval when needed.
13.
If I set the inside IP address to 192.168.1.1, what would I type into my browser to access the ASDM?
Correct Answer
C. Https://192.168.1.1/admin
Explanation
To access the ASDM, which is a web-based management tool for Cisco devices, you would need to type "https://192.168.1.1/admin" into your browser. The "https://" indicates that it is a secure connection, while "192.168.1.1" is the IP address of the device. The "/admin" specifies the path to the ASDM interface.
14.
Where does the ASDM software store error logs/messages?
Correct Answer
B. On the users computer
Explanation
The ASDM software stores error logs/messages on the user's computer. This is because the ASDM software is typically installed on the user's computer and it logs any errors or messages locally on the computer for easy access and troubleshooting. Storing the logs on the user's computer allows for quick retrieval and analysis of the logs without the need to access the ASA or any other external storage.
15.
In the "HOME" screen of the ASDM software, where would I look to find information about the number of active TCP connections going through the ASA?
Correct Answer
D. Traffic Status
Explanation
In the "Traffic Status" section of the ASDM software's "HOME" screen, information about the number of active TCP connections going through the ASA can be found. This section provides details and statistics related to the traffic passing through the ASA, including the number of active TCP connections.
16.
How often is the information on the HOME screen refreshed on the ASDM software?
Correct Answer
B. 10 sec
Explanation
The information on the HOME screen of the ASDM software is refreshed every 10 seconds. This means that any data or statistics displayed on the HOME screen will be updated every 10 seconds to provide the user with the most current information. This frequent refresh rate allows users to monitor real-time data and make informed decisions based on the most up-to-date information available.
17.
How long of a time period does the ASDM display on the HOME screen? If the ASA says there have been 50 active TCP connections, what is the timeframe it is measuring that in?
Correct Answer
C. 5 minutes
Explanation
The ASDM displays a time period of 5 minutes on the HOME screen. Therefore, if the ASA says there have been 50 active TCP connections, it is measuring that within the 5-minute timeframe.
18.
What is the default device name on the ASA?
Correct Answer
D. CiscoASA
Explanation
The default device name on the ASA is "CiscoASA".
19.
What is the default SSH session username used by the 5505?
Correct Answer
A. PIX
Explanation
The default SSH session username used by the 5505 is "PIX".
20.
What is the default enable password on the ASA?
Correct Answer
D. There is none by default
Explanation
The correct answer is "There is none by default" because the ASA (Adaptive Security Appliance) does not have a default enable password. When initially setting up the ASA, the user is prompted to create an enable password. If the user does not set a password during the initial setup, the enable password remains blank by default. It is important for the user to set a strong enable password to ensure the security of the ASA.
21.
When dealing with security levels, what is the most secure level?
Correct Answer
B. 100
Explanation
The most secure level when dealing with security levels is 100.
22.
Where do I go in the ASDM software to configure an IP address on an interface?
Correct Answer
A. Configuration\Device Setup\Interfaces
Explanation
The correct answer is "Configuration\Device Setup\Interfaces." This is the correct location in the ASDM software to configure an IP address on an interface. The "Device Setup" menu allows users to configure various settings related to the device, including network interfaces. Within the "Interfaces" submenu, users can select the specific interface they want to configure and then set the desired IP address.
23.
When using the CLI, what mode is used to enter a security level?
Correct Answer
D. Sub-Configuration
Explanation
p70
24.
What is the maximum number of Vlans you are able to configure on the base ASA?
Correct Answer
A. 3
Explanation
The maximum number of VLANs that can be configured on the base ASA is 3. This means that the ASA can support up to 3 separate VLANs for network segmentation and traffic management purposes.
25.
If you want to preview commands in the ASDM software before they are sent to the ASA, where do you go to turn that on?
Correct Answer
B. Tools\Preferences
Explanation
To preview commands in the ASDM software before they are sent to the ASA, you need to go to Tools\Preferences. This option allows you to review the commands and make any necessary changes or adjustments before they are actually implemented on the ASA. It provides an additional layer of control and ensures that the correct commands are being sent to the device, minimizing the risk of errors or unintended consequences.
26.
Which module is required for IPS?
Correct Answer
B. AIP-SSM
Explanation
The AIP-SSM module is required for IPS. The AIP-SSM (Advanced Inspection and Prevention Security Services Module) is specifically designed for intrusion prevention and detection. It provides real-time threat protection, network visibility, and advanced security features. The CSC-SSM (Content Security and Control Security Services Module) is focused on content filtering and anti-malware, while the SSC-SSM (Security Services Card) is used for firewall and VPN services. OU812 is not a valid module for IPS.
27.
Which module provides support for antivirus features?
Correct Answer
A. CSC-SSM
Explanation
The CSC-SSM module provides support for antivirus features.
28.
What does a solid amber light on the status LED mean?
Correct Answer
C. System tests failed
Explanation
A solid amber light on the status LED indicates that the system tests have failed. This means that there is an issue or malfunction in the system that needs to be addressed. It could be a hardware or software problem that needs to be diagnosed and fixed before the system can function properly.
29.
Whatis the max speed of the switchports on the 5505?
Correct Answer
B. 100mbps
Explanation
The correct answer is 100mbps. The 5505 switchports have a maximum speed of 100mbps.
30.
How many Vlans can be created on the 5505 using the switchports by default?
Correct Answer
B. 3
Explanation
The correct answer is 3 because the Cisco ASA 5505, by default, has three switchports that can be used to create VLANs. These switchports can be configured as access ports or trunk ports to support VLANs and allow for network segmentation and traffic isolation.
31.
How many PoE ports are there on the 5505 by default?
Correct Answer
B. 2
Explanation
The default number of PoE ports on the 5505 is 2.
32.
What port numbers are used for the PoE ports?
Correct Answer
C. 6 and 7
Explanation
The correct answer is 6 and 7. These port numbers are used for the Power over Ethernet (PoE) ports. PoE allows for both power and data to be transmitted over the same Ethernet cable, eliminating the need for separate power cables. Port numbers 6 and 7 are specifically designated for PoE, indicating that these ports are capable of providing power to connected devices.
33.
What can I purchase to get some of the switchports to function at gigabit speed on the 5510?
Correct Answer
C. Security Plus Upgrade License
Explanation
To enable gigabit speed on the switchports of the 5510, a Security Plus Upgrade License is required. This license provides additional features and capabilities, including the ability to support gigabit speed on the switchports. The AIP-SSM Module and CSC-SSM Module are not related to the switchports' speed, and the optional 1gig Memory Module does not affect the switchports' functionality. Therefore, the Security Plus Upgrade License is the correct answer.
34.
How big is the license key used to enable features on the ASA?
Correct Answer
C. 40 Digit Hex
Explanation
The license key used to enable features on the ASA is a 40 digit hexadecimal number. Hexadecimal numbers are commonly used in computing systems, as they provide a convenient way to represent large binary numbers. The 40 digit length suggests that the license key is quite long, which may provide a high level of security and complexity.
35.
What is the flash card used for on the ASA 5510 besides storing the IOS?
Correct Answer
A. Saving Configs
Explanation
The flash card on the ASA 5510 is used for saving configurations. Configurations include settings and parameters that define how the device operates, such as network settings, security policies, and access control rules. By storing configurations on the flash card, they can be easily backed up, restored, or transferred to other devices. This helps in maintaining consistent and reliable network configurations across multiple devices and simplifies the management of the ASA 5510.
36.
What is the smallest ASA you can buy with a gigabit interface without buying an additional license upgrade?
Correct Answer
B. 5520
Explanation
The correct answer is 5520 because it is the smallest ASA model that comes with a gigabit interface without requiring an additional license upgrade. This means that you can achieve high-speed data transfer without any additional cost or hassle.
37.
How many IPSec VPN connections does the 5510 allow without upgrading the license?
Correct Answer
D. 250
Explanation
The Cisco ASA 5510 firewall allows up to 250 IPSec VPN connections without requiring a license upgrade. This means that organizations can establish secure VPN connections for up to 250 remote users or branch offices without incurring additional costs. This feature is beneficial for small to medium-sized businesses that need to connect multiple locations or provide remote access for a large number of employees.
38.
What is the maximum number of Vlans supports on the 5510 without upgrading the license?
Correct Answer
B. 50
Explanation
The maximum number of VLANs supported on the 5510 without upgrading the license is 50. This means that the device can handle up to 50 separate virtual LANs, allowing for network segmentation and improved network management.
39.
On the 5510, enabling the 3DES/AES encryption slows down the firewall throughput by how many mbps?
Correct Answer
C. 130 mbps
Explanation
Enabling the 3DES/AES encryption on the 5510 firewall reduces the throughput by 130 mbps. This means that when the encryption is enabled, the firewall can process data at a speed that is 130 mbps slower compared to when the encryption is disabled. This reduction in throughput is due to the additional processing required for encryption and decryption of data, which takes up computational resources and slows down the overall performance of the firewall.
40.
Which model of ASA supports up to 1 million connections?
Correct Answer
C. 5580-20
Explanation
The 5580-20 model of ASA supports up to 1 million connections.
41.
Which model of ASA does NOT support adding the AIP-SSM according to the book?
Correct Answer
A. 5505
Explanation
The ASA 5505 model does not support adding the AIP-SSM according to the book.
42.
If I have an ASA 5510 and I add an AIP-SSM-10 module and I don’t use 3DES/AES, how much of a reduction in throughput would I have? Your gonna have to think out of the box a bit on this one, the answer is not spelled out for you in the book.
Correct Answer
C. 150 mbps
Explanation
Adding an AIP-SSM-10 module to an ASA 5510 without using 3DES/AES would result in a reduction in throughput of 150 mbps. This suggests that the AIP-SSM-10 module has a maximum throughput of 150 mbps and not using 3DES/AES does not further impact the reduction in throughput.
43.
How much does an AIP-SSM cost for the 5505 from CDW according to my powerpoint slide?
Correct Answer
B. $1,000 to $2,500
Explanation
The given answer suggests that the cost of an AIP-SSM for the 5505 from CDW according to the powerpoint slide is between $1,000 to $2,500.
44.
How much does an ASA 5510 cost from CDW with no extra security license? (CDW Part# 792589)
Correct Answer
C. $2000 to $3000
Explanation
The correct answer is $2000 to $3000. This suggests that the cost of an ASA 5510 from CDW, without any additional security license, falls within the range of $2000 to $3000.
45.
How much does an ASA 5505 cost with a standard 10 user bundle from CDW?
Correct Answer
D. Over $400
Explanation
The given answer states that the cost of an ASA 5505 with a standard 10 user bundle from CDW is over $400. This implies that the price for this product is higher than $400.
46.
What scanning software does the CSC-SSM module use?
Correct Answer
B. Trend Micro
Explanation
The CSC-SSM module uses Trend Micro scanning software.
47.
Which number is NOT a valid model of the AIP-SSM module?
Correct Answer
C. -30
Explanation
The AIP-SSM module typically uses positive numbers as model numbers. Since -30 is a negative number, it is not a valid model of the AIP-SSM module.
48.
Can the ASA scan HTTPS traffic if you have a CSC-SSM module installed?
Correct Answer
B. No
Explanation
The ASA cannot scan HTTPS traffic if a CSC-SSM module is installed. The CSC-SSM module is designed to inspect and filter HTTP traffic, but it does not have the capability to decrypt and inspect encrypted HTTPS traffic. Therefore, the ASA would not be able to scan the contents of HTTPS traffic passing through the network.
49.
How much does the CSC-SSM-10 cost from CDW? (CDW Part# 973275)
Correct Answer
C. $2000 to $4000
Explanation
The CSC-SSM-10 from CDW costs between $2000 to $4000.
50.
According to the bottom of page one, where are firewalls placed?
Correct Answer
B. Between trusted and untrusted networks
Explanation
Firewalls are placed between trusted and untrusted networks. This means that they are positioned at the boundary where the trusted network (such as an internal network) connects with the untrusted network (such as the internet). By being placed in this location, firewalls can monitor and control the incoming and outgoing network traffic, ensuring that only authorized and safe data is allowed to pass through while blocking any potentially harmful or unauthorized access attempts.