Sep
08

The following questions will be added to the Core Knowledge Simulation once the new version/engine is complete. Enjoy! Answers will be provided in the comments section.

Implement secure networks using Cisco ASA Firewalls

Why is it that ASDM and WebVPN, using their defaults, cannot be enabled on the same interface of the ASA?

What are the hardware and software requirements for 2 ASAs to perform failover?

Implement secure networks using Cisco VPN solutions

What ASA feature produced the following output?

WebVPNCaptureTool

Implement Control Plane and Management Plane Security

What is the mechanism used to transmit the MD5 signature between two BGP authenticated speakers?


You can leave a response, or trackback from your own site.

9 Responses to “New CCIE Security Core Knowledge Questions – Part 1”

 
  1. Question: Why is it that ASDM and WebVPN, using their defaults, cannot be enabled on the same interface of the ASA?

    Answer: Both are listening on the same port – 443.

    More Information:
    http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807be2a1.shtml#topic1

    Question: What ASA feature produced the following output?

    Answer: The WebVPN Capture Tool

    More Information:
    http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804a3718.shtml#output

    Question: What are the hardware and software requirements for 2 ASAs to perform failover?

    Answer:
    Hardware: Must have the same hardware configuration, must be the same model, have the same number and types of interfaces, the same amount of RAM, and have the same SSMs installed (if any).
    Software: Must be in the same operating modes (routed or transparent, single or multiple context).

    More Information:
    http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1155967

    Question: What is the mechanism used to transmit the MD5 signature between two BGP authenticated speakers?

    Answer: TCP Option 19

    More Information
    http://www.rfc-editor.org/rfc/rfc2385.txt

  2. Rizzo says:

    Great stuff

    I love those question and links

  3. HAT says:

    Hi,

    I heard that the answers for these questions are short ones which have about 4, 5 word length.

    But the failover question is rather long and without referencing Cisco documentation it’s a bit difficult to tell all the details

    Could you give me some advices on this?

    Thanks
    HAT

  4. Tacack says:

    AWESOME! :) Great job guys! :)

  5. Yohon says:

    Great work INE. These are great questions and I do appreciatee the links for more info, something that is missing in the current product for security.

  6. Yohon says:

    Hi. Sorry, my bad. You are correct, I do see the “more info” links in the answer key. Again, great updates and keep up the great work.

  7. Thanks for the question HAT! I hear you. The question on the ASAs indeed could be very lengthy, such as:

    Hardware Requirement:

    Same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of RAM. However, an exception to this is that the two ASAs do not need to have the same size Flash memory, but make sure the unit with the smaller Flash memory has enough space to store the software image files and the configuration files. If it does’t, configuration synchronization from the unit with the larger Flash memory to the unit with the smaller Flash memory doesn’t work.

    Software Requirement

    Same operational modes (routed or transparent, single or multiple context). They must have the same major (first number) and minor (second number) software version, but you can use different versions of the software within an upgrade process; for example, you can upgrade one unit from Version 7.0(1) to Version 7.0(2) and have failover remain active. You can upgrade from the last minor release of the previous version to the next major release. For example, you can upgrade from 7.9 to 8.0, assuming that 7.9 is the last minor version in the 7.x release.

    The answer could also be less than 10 characters or less.

    My coaching would be to keep it concise, and accurate.

    Thanks again for the question.

 

Leave a Reply

Categories

CCIE Bloggers