The following questions will be added to the Core Knowledge Simulation once the new version/engine is complete. Enjoy! Answers will be provided in the comments section.
Implement secure networks using Cisco ASA Firewalls
Why is it that ASDM and WebVPN, using their defaults, cannot be enabled on the same interface of the ASA?
What are the hardware and software requirements for 2 ASAs to perform failover?
Implement secure networks using Cisco VPN solutions
What ASA feature produced the following output?
Implement Control Plane and Management Plane Security
What is the mechanism used to transmit the MD5 signature between two BGP authenticated speakers?
About Keith Barker, CCIE #6783:
Keith Barker excelled as a Network Engineer beginning in 1986 with EDS. Before opting for a career in IT Education, Keith’s practical experience culminated with the position of IT Manager for Paramount Pictures. Once joining the field of IT Education, Keith became a top-rated Microsoft and Cisco Certified Instructor. Keith Barker, along with Jeremy Cioara and Anthony Sequeira helped to make KnowledgeNet, the most respected Online IT Training organization of its time. You will find Keith Barker in Live Classroom, Live Online, and Self-Paced Route/Switch and Security classes here at INE.
You can leave a response, or trackback from your own site.
9 Responses to “New CCIE Security Core Knowledge Questions – Part 1”
Leave a Reply
Loading ...
Question: Why is it that ASDM and WebVPN, using their defaults, cannot be enabled on the same interface of the ASA?
Answer: Both are listening on the same port – 443.
More Information:
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807be2a1.shtml#topic1
Question: What ASA feature produced the following output?
Answer: The WebVPN Capture Tool
More Information:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804a3718.shtml#output
Question: What are the hardware and software requirements for 2 ASAs to perform failover?
Answer:
Hardware: Must have the same hardware configuration, must be the same model, have the same number and types of interfaces, the same amount of RAM, and have the same SSMs installed (if any).
Software: Must be in the same operating modes (routed or transparent, single or multiple context).
More Information:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1155967
Question: What is the mechanism used to transmit the MD5 signature between two BGP authenticated speakers?
Answer: TCP Option 19
More Information
http://www.rfc-editor.org/rfc/rfc2385.txt
Great stuff
I love those question and links provided by Keith
Hi Keith,
I heard that the answers for these questions are short ones which have about 4, 5 word length.
But the failover question is rather long and without referencing Cisco documentation it’s a bit difficult to tell all the details
Could you give me some advices on this?
Thanks
HAT
AWESOME!
Great job guys! 
RAM, MODEL, INTERFACES, MODE (ROUTED, TRANS, SINGLE, MULTIPLE)
Great work INE. These are great questions and I do appreciatee the links for more info, something that is missing in the current product for security.
All of our Core Knowledge Sim questions include a More Information link. They are located in the Answer key version.
Hi Anthony. Sorry, my bad. You are correct, I do see the “more info” links in the answer key. Again, great updates and keep up the great work.
Thanks for the question HAT! I hear you. The question on the ASAs indeed could be very lengthy, such as:
Hardware Requirement:
Same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of RAM. However, an exception to this is that the two ASAs do not need to have the same size Flash memory, but make sure the unit with the smaller Flash memory has enough space to store the software image files and the configuration files. If it does’t, configuration synchronization from the unit with the larger Flash memory to the unit with the smaller Flash memory doesn’t work.
Software Requirement
Same operational modes (routed or transparent, single or multiple context). They must have the same major (first number) and minor (second number) software version, but you can use different versions of the software within an upgrade process; for example, you can upgrade one unit from Version 7.0(1) to Version 7.0(2) and have failover remain active. You can upgrade from the last minor release of the previous version to the next major release. For example, you can upgrade from 7.9 to 8.0, assuming that 7.9 is the last minor version in the 7.x release.
The answer could also be less than 10 characters or less, like Anthony’s response (thank you Anthony).
My coaching would be to keep it concise, and accurate.
Thanks again for the question-
Keith