Professional Documents
Culture Documents
PDF Asa Firewall Interview Questions and Answers Ccie Networker Interview DD - PDF
PDF Asa Firewall Interview Questions and Answers Ccie Networker Interview DD - PDF
Networker Interview
Prepare for CCNA, CCNP, CCIE Interview !
What is a Firewall?
Firewall is a device that is placed between a trusted and an untr
an untrusted
usted network. It deny or permit tra䖶c that
enters or leaves network based on pre-con刍gured policies.
po licies. Firewalls protect inside networks from
Buy
unauthorized access by users on an outside network. A 刍rewall
刍re wall can also protect inside networks from each
other. For example - By keeping a Management network separat
separatee from a user network. Ques
Questi
tio
o
incomin
in coming
g or outgoi
outgoing
ng access. Network
access. Network 刍rewalls
刍rewalls may be hardware devices or software programs.
http://netw or
or ke
ker in
inter v
vii e
ew
w.net/entr ie
ies/asa- fifi rre
ewal ll//asa- ffiir e
ew
wall -i
-i nt
nter v
vii ew
ew- qu
questi on
ons- an
and- a
an
nswer s 1/10
How can we allow packets from lower security level to higher security level (Override Security Levels)? Ne
1,4
We use ACLs to allow packets from lower security level to higher security level.
http://netw or
or ke
ker in
inter v
vii e
ew
w.net/entr ie
ies/asa- fifi rre
ewal ll//asa- ffiir e
ew
wall -i
-i nt
nter v
vii ew
ew- qu
questi on
ons- an
and- a
an
nswer s 2/10
What is the Di淜erence between ports in ASA 8.4 and ASA 8.2?
In ASA 8.4 all ports are Gig ports and in ASA 8.2 all are Ethernet ports.
http://netw or
or ke
ker in
inter v
vii e
ew
w.net/entr ie
ies/asa- fifi rre
ewal ll//asa- ffiir e
ew
wall -i
-i nt
nter v
vii ew
ew- qu
questi on
ons- an
and- a
an
nswer s 3/10
What are the similarities between switch and ASA (in Transparent mode) ?
Both learns which mac addresses are associated with which interface and store them in local mac address
table.
What are the di淜erences between switch and ASA (in Transparent mode) ?
ASA does not າoods unknown unicast frames that are not found in mac address table.
ASA does not participate in STP.
Switch process tra䖶c at layer 1 & layer 2 while ASA can process tra䖶c from layer 1 to layer 7.
What are the features that are not supported in Transparent mode?
1.Dynamic Routing.
2.Multicasting.
3.QOS.
4.VPNs like IPSec and WebVPN cannot be terminated.
t erminated.
5.ASA cannot act as DHCP relay agent.
http://netw or
or ke
ker in
inter v
vii e
ew
w.net/entr ie
ies/asa- fifi rre
ewal ll//asa- ffiir e
ew
wall -i
-i nt
nter v
vii ew
ew- qu
questi on
ons- an
and- a
an
nswer s 4/10
Explain Failover?
Failover is a cisco proprietary feature. It is used to provide redundancy. It requires two identical ASAs to be
connected to each other through a dedicated failover link. Health of active interfaces and units are
monitored to determine if failover has occurred or not.
What Information Active unit passes to the standby unit in Stateful Failover?
NAT translation table, TCP connection states, The ARP table, The Layer 2 bridge table (when running in
transparent 刍rewall mode), ICMP connection state etc.
(routed or transparent single or multiple context). They must have the same software version.
to be active on a speci刍c ASA in the failover pair. When Failover occurs, it occurs at the Failover group
level.
http://netw or
or ke
ker in
inter v
vii e
ew
w.net/entr ie
ies/asa- fifi rre
ewal ll//asa- ffiir e
ew
wall -i
-i nt
nter v
vii ew
ew- qu
questi on
ons- an
and- a
an
nswer s 5/10
including the failover interface, to 刍nd whether or not the other unit is responsive.
Based upon the response from the other unit it takes following actions:-
1.If the ASA receives a response on the failover interface, then it does not failover.
2.If the ASA does not receive a response on the failover link, but it does receive a response on another
interface, then the unit does not failover. The failover link is marked as failed.
3.If the ASA does not receive a response on any interface, then the standby unit switches to active mode
and classi刍es the other unit as failed.
http://netw or
or ke
ker in
inter v
vii e
ew
w.net/entr ie
ies/asa- fifi rre
ewal ll//asa- ffiir e
ew
wall -i
-i nt
nter v
vii ew
ew- qu
questi on
ons- an
and- a
an
nswer s 6/10
3.NAT Con刍guration - If we do not use unique MAC addresses, then the mapped addresses in our NAT
con刍guration are used to classify packets.
Static NAT - A consistent mapping between a real and mapped IP address. It allows Bidirectional tra䖶c
initiation.
Dynamic NAT - A group of real IP addresses are mapped to a (usually smaller) group of mapped IP
addresses on a 刍rst come 刍rst served basis. It allows only Unidirectional tra䖶c initiation.
Dynamic Port Address Translation (PAT) - A group of real IP addresses are mapped to a single IP address
using a unique source port of that
t hat IP address.
Identity NAT - A real
re al address is statically translated to itself,
it self, essentially bypassing NAT.
http://netw or
or ke
ker in
inter v
vii e
ew
w.net/entr ie
ies/asa- fifi rre
ewal ll//asa- ffiir e
ew
wall -i
-i nt
nter v
vii ew
ew- qu
questi on
ons- an
and- a
an
nswer s 7/10
4.Dynamic NAT
- NAT Zero
- Dynamic Policy NAT
- Dynamic NAT
- Dynamic PAT
# sh xlate
# sh nat
What is the command to see both NAT Table and Connection Table?
# sh local-host
Buy VPN & ASA Firewall Interview Questions and Answers Pdf - 3 $
http://netw or
or ke
ker in
inter v
vii e
ew
w.net/entr ie
ies/asa- fifi rre
ewal ll//asa- ffiir e
ew
wall -i
-i nt
nter v
vii ew
ew- qu
questi on
ons- an
and- a
an
nswer s 8/10
Go Back
Share
Jitendra Yadav
1
Its really amazing webside, plz keep post good thing on this portal
mandeep kumar
2
it is Awesome!!!
shim
3
for study
Janardan
4
sujeet
5
Dilip
6
Comment
Name:
E-mail :
Website :
http://netw or
or ke
ker in
inter v
vii e
ew
w.net/entr ie
ies/asa- fifi rre
ewal ll//asa- ffiir e
ew
wall -i
-i nt
nter v
vii ew
ew- qu
questi on
ons- an
and- a
an
nswer s 9/10
Comment:
Submit
Contact us
us About us
us Privacy Policy
http://netw or
or ke
ker in
inter v
vii e
ew
w.net/entr ie
ies/asa- fifi rre
ewal ll//asa- ffiir e
ew
wall -i
-i nt
nter v
vii ew
ew- qu
questi on
ons- an
and- a
an
nswer s 10/10