“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz helps you determine your level of knowledge of this chapter’s topics before you begin. Table 16-1 details the major topics discussed in this chapter and their corresponding quiz questions.
1. Which of the following features does the Cisco ASA provide? (Choose all that apply.)
a. Simple packet filtering using standard or extended access lists
b. Layer 2 transparent implementation
c. Support for remote-access SSL VPN connections
d. Support for site-to-site SSL VPN connections
2. Which of the following Cisco ASA models are designed for small and branch offices? (Choose all that apply.)
a. 5505
b. 5512-X
c. 5555-X
d. 5585-X with SSP10
3. When used in an access policy, which component could identify multiple servers?
a. Stateful filtering
b. Application awareness
c. Object groups
d. DHCP services
4. Which of the following is an accurate description of the word inbound as it relates to an ASA? (Choose all that apply.)
a. Traffic from a device that is located on a high-security interface
b. Traffic from a device that is located on a low-security interface
c. Traffic that is entering any interface
d. Traffic that is exiting any interface
5. When is traffic allowed to be routed and forwarded if the source of the traffic is from a device located off of a low-security interface if the destination device is located off of a high-security interface? (Choose all that apply.)
a. This traffic is never allowed.
b. This traffic is allowed if the initial traffic was inspected and this traffic is the return traffic.
c. If there is an access list that is permitting this traffic.
d. This traffic is always allowed by default.
6. Which of the following tools could be used to configure or manage an ASA? (Choose all that apply.)
a. Cisco Security Manager (CSM)
b. ASA Security Device Manager (ASDM)
c. Cisco Configuration Professional (CCP)
d. The command-line interface (CLI)
7. Which of the following elements, which are part of the Modular Policy Framework on the ASA, are used to classify traffic?
a. Class maps
b. Policy maps
c. Service policies
d. Stateful filtering
8. When you configure the ASA as a DHCP server for a small office, what default gateway will be assigned for the DHCP clients to use?
a. The service provider’s next-hop IP address.
b. The ASA’s outside IP address.
c. The ASA’s inside IP address.
d. Clients need to locally configure a default gateway value.
9. When you configure network address translation for a small office, devices on the Internet will see the ASA inside users as coming from which IP address?
a. The inside address of the ASA.
b. The outside address of the ASA.
c. The DMZ address of the ASA.
d. Clients will each be assigned a unique global address, one for each user.
10. You are interested in verifying whether the security policy you implemented is having the desired effect. How can you verify this policy without involving end users or their computers?
a. Run the policy check tool, which is built in to the ASA.
b. The ASA automatically verifies that policy matches intended rules.
c. Use the Packet Tracer tool.
d. You must manually generate the traffic from an end-user device to verify that the firewall will forward it or deny it based on policy.