when asdm is used to configure an asa site-to-site vpn, what can be customized to secure traffic?
CCNA Security v2.0 Chapter ten Answers – Implementing Network Security
CCNA Security Affiliate ten Examination Answers
- What must be configured on an ASA before information technology tin can be accessed by ASDM?
- web server access*
- Telnet or SSH
- an Ethernet port other than 0/0
- Ethernet 0/0 IP address
Before an ASA can exist accessed using ASDM, the ASA must have access permissions and the ASA web server enabled. Furthermore, a direction interface must be configured. On an ASA 5505, a logical VLAN interface and Ethernet port other than 0/0 must exist configured. All other ASAs must take a dedicated Layer 3 management interface that is assigned an IP address and appropriate security level.
- How is an ASA interface configured as an exterior interface when using ASDM?
- Select a bank check box from the Interface Type option that shows within, exterior, and DMZ.
- Select outside from the Interface Blazon driblet-downwardly menu.
- Enter the name "outside" in the Interface Name text box.*
- Drag the interface to the port labeled "outside" in the ASA drawing.
To configure an ASA interface using ASDM, select the desired interface and click Add. In the Interface Name textbox, enter outside. Assign the security level, IP address, and subnet mask. Do not forget to enable the Enable Interface check box.
- Refer to the exhibit. Which Device Management menu item would be used to access the ASA command line from within Cisco ASDM?
- Licensing
- Arrangement Paradigm/Configuration
- Management Access*
- Advanced
To access the command line, aggrandize the Direction Access pick, expand the Control Line (CLI) section, and select CLI Prompt.
- Which ASDM configuration option is used to configure the ASA enable secret password?
- Device Setup*
- Monitoring
- Interfaces
- Device Direction
The two main ASDM options used to configure an ASA are Device Setup and Device Management. Within Device Setup are the Startup Magician, Interfaces, Routing, Device Name/Password, and System Time options.
- Refer to the showroom. Which Device Setup ASDM menu option would be used to configure the ASA for an NTP server?
- Startup Sorcerer
- Device Name/Password
- Routing
- Interfaces
- System Time*
The System Fourth dimension option is used to manually configure the time zone, date, and time or to configure the organisation to obtain the date and time from an NTP server.
- True or False?
The ASA can be configured through ASDM as a DHCP server.- fake
- truthful*
Use the Device Management configuration choice to select DHCP and configure DHCP inside and outside settings.
- Which ASDM interface pick would be used to configure an ASA as a DHCP server for local corporate devices?
- DMZ
- exterior
- local
- inside*
ASDM supports DHCP server and relay settings. From the DHCP Server menu option, select the inside interface and enable the DHCP server pick to provide addresses for devices attached through the inside ASA interface. The DMZ normally contains servers that have statically assigned IP addresses. The outside interface connects to the WAN and would not accept devices that would use corporate-provided DHCP.
- When ASDM is used to configure an ASA site-to-site VPN, what tin can be customized to secure traffic?
- ISAKMP
- IKE
- IKE and ISAKMP*
- preshared key
When selected traffic is being secured during ASDM site-to-site VPN configuration, both IKE and ISAKMP parameters can be ready. The authentication options are a preshared key or the employ of a digital certificate.
- Which VPN solution allows the utilise of a web browser to institute a secure, remote-admission VPN tunnel to the ASA?
- clientless SSL*
- site-to-site using an ACL
- site-to-site using a preshared key
- client-based SSL
When a spider web browser is used to securely access the corporate network, the browser must utilise a secure version of HTTP to provide SSL encryption. A VPN client is not required to exist installed on the remote host, so a clientless SSL connexion is used.
- Which remote-access VPN connection allows the user to connect by using a web browser?
- IPsec (IKEv2) VPN
- site-to-site VPN
- clientless SSL VPN*
- IPsec (IKEv1) VPN
When a web browser is used to securely access the corporate network, the browser must apply a secure version of HTTP to provide SSL encryption. A VPN client is non required to be installed on the remote host, so a clientless SSL connection is used.
- Which ASDM configuration option re-encrypts all shared keys and passwords on an ASA?
- security master
- super encryption
- master passphrase*
- device protection
The master passphrase is used to reversibly encrypt shared keys and passwords.
- Which blazon of encryption is applied to shared keys and passwords when the master passphrase option is enabled through ASDM for an ASA?
- 3DES
- public/private primal
- AES*
- 128-chip
The master passphrase is used to reversibly encrypt shared keys and passwords. Once enabled, AES encryption is used for the password encryption.
- Which statement describes the function provided to a network ambassador who uses the Cisco Adaptive Security Device Manager (ASDM) GUI that runs as a Java Web Outset application?
- The administrator tin can connect to and manage a unmarried ASA.*
- The ambassador tin connect to and manage multiple ASA devices.
- The administrator tin connect to and manage multiple ASA devices and Cisco routers.
- The administrator tin connect to and manage multiple ASA devices, Cisco routers, and Cisco switches.
Cisco Adaptive Security Device Manager (ASDM) is a Coffee-based GUI tool that facilitates the management of Cisco ASAs. Cisco ASDM tin be used to manage multiple ASAs that run the aforementioned ASDM version. ASDM can exist run as a Coffee Spider web Beginning application that allows an administrator to configure and monitor that ASA device. Otherwise ASDM tin also be downloaded from wink and installed locally on a host as an awarding; which allows an administrator to utilize ASDM (local application) to manage multiple ASA devices.
- What is one benefit of using ASDM compared to using the CLI to configure the Cisco ASA?
- It does not require any initial device configuration.
- It hides the complexity of security commands.*
- ASDM provides increased configuration security.
- It does not require a remote connection to a Cisco device.
Cisco ASDM facilitates configuration of Cisco ASAs because it hides the complexity of the configuration commands. The ASA is required to have a minimum configuration before accessing the ASDM. ASDM is accessed using a web browser connection or local application which provides no more than security than beingness consoled into the device.
- Which type of security is required for initial access to the Cisco ASDM by using the local application option?
- SSL*
- WPA2 corporate
- biometric
- AES
ASDM is accessed using an SSL local application connexion.
- Which minimum configuration is required on most ASAs before ASDM tin can be used?
- SSH
- a dedicated Layer 3 direction interface*
- a logical VLAN interface and an Ethernet port other than 0/0
- Ethernet 0/0
Before an ASA tin be accessed using ASDM, the ASA must have a direction interface configured. On an ASA 5505 , a logical VLAN interface and Ethernet port other than 0/0 must be configured. All other ASAs must take a dedicated Layer 3 management interface that is assigned an IP accost and appropriate security level.
- When the CLI is used to configure an ISR for a site-to-site VPN connection, which ii items must be specified to enable a crypto map policy? (Choose two.)
- the hash
- the peer*
- encryption
- the ISAKMP policy
- a valid admission listing*
- IP addresses on all active interfaces
Afterwards the crypto map command in global configuration mode has been issued, the new crypto map will remain disabled until a peer and a valid access list take been configured.
- What is the purpose of the ACL in the configuration of an ISR site-to-site VPN connectedness?
- to permit simply secure protocols
- to log denied traffic
- to place the peer
- to define interesting traffic*
An ACL is used in the ISR configuration of a site-to-site VPN connection to define traffic that will be permitted. This traffic is referred to as interesting traffic.
- Which remote-access VPN connection allows the user to connect using Cisco AnyConnect?
- IPsec (IKEv2) VPN*
- site-to-site VPN
- clientless SSL VPN
- IPsec (IKEv1) VPN
Cisco AnyConnect is used to create an IPsec (IKEv2) VPN connexion. A web browser is used for a clientless SSL VPN. A Cisco VPN client uses IPsec (IKEv1).
- Which argument describes available user authentication methods when using an ASA 5505 device?
- The ASA 5505 tin use either a AAA server or a local database.*
- The ASA 5505 simply uses a AAA server for authentication.
- The ASA 5505 only uses a local database for authentication.
- The ASA 5505 must use both a AAA server and a local database.
Hallmark on an ASA 5505 device tin can be accomplished by using a AAA server and indicating the location of the server. Alternatively, a local database can exist used by entering the appropriate username and countersign.
- Which remote-access VPN connectedness needs a bookmark list?
- IPsec (IKEv1) VPN
- IPsec (IKEv2) VPN
- site-to-site VPN
- clientless SSL VPN*
The clientless SSL VPN uses a web browser for access and uses a gear up of URLs that are configured to exist used with the web portal.
- What occurs when a user logs out of the spider web portal on a clientless SSL VPN connection?
- The browser cache is cleared.
- Downloaded files are deleted.
- The user no longer has access to the VPN.*
- The web portal times out.
When a user logs out, he or she loses admission to the VPN. The user does receive a message advising to clear the browser cache, delete the downloaded files, and close the browser window for added security. If the user does not log out, the connection will eventually time out.
- If an outside host does not have the Cisco AnyConnect customer preinstalled, how would the host gain admission to the client paradigm?
- The host initiates a clientless connectedness to a TFTP server to download the client.
- The host initiates a clientless VPN connection using a compliant web browser to download the customer.*
- The Cisco AnyConnect client is installed by default on most major operating systems.
- The host initiates a clientless connection to an FTP server to download the client.
If an outside host does non accept the Cisco AnyConnect client preinstalled, the remote user must initiate a clientless SSL VPN connectedness via a compliant web browser, and so download and install the AnyConnect customer on the remote host.
- What is an optional feature that is performed during the Cisco AnyConnect Secure Mobility Client VPN institution stage?
- security optimization
- host-based ACL installation
- posture assessment*
- quality of service security
During the procedure of establishing a VPN connection, a posture assessment can exist performed in club to identify the customer operating system, antivirus, antispyware, and firewall software. Once identified, a determination tin can be made whether remote access is allowed.
- Which item describes secure protocol support provided by Cisco AnyConnect?
- neither SSL nor IPsec
- SSL only
- both SSL and IPsec*
- IPsec only
Both IPsec and SSL are supported by Cisco AnyConnect.
- What is the purpose of configuring an IP address pool to be used for customer-based SSL VPN connections?
- to assign addresses to the interfaces on the ASA
- to identify which users are immune to download the client image
- to assign IP addresses to clients when they connect*
- to place which clients are allowed to connect
The IP address pool is assigned to clients when they connect. The IP address pool configuration is required for successful client-based SSL VPN connectivity. Without an available IP address pool, the connection to the security apparatus fails.
Source: https://ccnasec.com/ccna-security-v2-0-chapter-10-answers-implementing-network-security.html
0 Response to "when asdm is used to configure an asa site-to-site vpn, what can be customized to secure traffic?"
Post a Comment