Documente Academic
Documente Profesional
Documente Cultură
Networker Interview
Prepare for CCNA, CCNP, CCIE Interview !
Firewall is a device that is placed between a trusted and an untrusted network. It deny or permit trac that
enters or leaves network based on pre-con䏯�gured policies. Firewalls protect inside networks from
CCNA Interview Questions
unauthorized access by users on an outside network. A 䏯�rewall can also protect inside networks from each
other. For example - By keeping a Management network separate from a user network.
& Answers PDF Download
How can we allow packets from lower security level to higher security level (Override Security Levels)?
We use ACLs to allow packets from lower security level to higher security level.
What are the values for timeout of TCP session, UDP session, ICMP session?
TCP session - 60 minutes
UDP session - 2 minutes
ICMP session - 2 seconds
connection provide information about the state of TCP connections to the ASA.
What is the Di၏erence between ports in ASA 8.4 and ASA 8.2?
In ASA 8.4 all ports are Gig ports and in ASA 8.2 all are Ethernet ports.
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 2/8
7/19/2016 ASA Firewall Interview Questions and Answers [CCIE] | Networker Interview
# sh conn
What are the similarities between switch and ASA (in Transparent mode) ?
Both learns which mac addresses are associated with which interface and store them in local mac address
table.
What are the di၏erences between switch and ASA (in Transparent mode) ?
ASA does not 䏲oods unknown unicast frames that are not found in mac address table.
ASA does not participate in STP.
Switch process trac at layer 1 & layer 2 while ASA can process trac from layer 1 to layer 7.
What are the features that are not supported in Transparent mode?
1.Dynamic Routing.
2.Multicasting.
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 3/8
7/19/2016 ASA Firewall Interview Questions and Answers [CCIE] | Networker Interview
3.QOS.
4.VPNs like IPSec and WebVPN cannot be terminated.
5.ASA cannot act as DHCP relay agent.
Explain Failover?
Failover is a cisco proprietary feature. It is used to provide redundancy. It requires two identical ASAs to be
connected to each other through a dedicated failover link. Health of active interfaces and units are
monitored to determine if failover has occurred or not.
The ASA unit determines the health of the other unit by monitoring the failover link. When a unit does not
receive three consecutive hello messages on the failover link, it sends hello messages on each interface,
including the failover interface, to 䏯�nd whether or not the other unit is responsive.
Based upon the response from the other unit it takes following actions:-
1.If the ASA receives a response on the failover interface, then it does not failover.
2.If the ASA does not receive a response on the failover link, but it does receive a response on another
interface, then the unit does not failover. The failover link is marked as failed.
3.If the ASA does not receive a response on any interface, then the standby unit switches to active mode
and classi䏯�es the other unit as failed.
being the administrative context. Any context can be made administrative context. One of the contexts on
our appliance must be the administrative context. An “*” beside a context name indicates that the context
is the administrative context.
- Static NAT
- Static PAT
4.Dynamic NAT
- NAT Zero
- Dynamic Policy NAT
- Dynamic NAT
- Dynamic PAT
You can also buy all these questions in pdf format for your reference - 1$ only
Go Back
Share
Jitendra Yadav
1
Its really amazing webside, plz keep post good thing on this portal
mandeep kumar
2
it is Awesome!!!
Ashim
3
for study
Janardan
4
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 7/8
7/19/2016 ASA Firewall Interview Questions and Answers [CCIE] | Networker Interview
sujeet
5
Comment
Name:
E-mail :
Website :
Comment:
Submit
Contact us About us Privacy Policy
Give your valuable suggestions and feedback through comments
http://networkerinterview.net/entries/asafirewall/asafirewallinterviewquestionsandanswers 8/8