Comments on: New CCIE Security Core Knowledge Questions – Part 1 http://blog.ine.com/2009/09/08/new-ccie-security-core-knowledge-questions-part-1/ Helping you become a Cisco Certified Internetwork Expert Wed, 28 Jul 2010 22:47:55 -0700 http://wordpress.org/?v=2.8.6 hourly 1 By: Keith Barker http://blog.ine.com/2009/09/08/new-ccie-security-core-knowledge-questions-part-1/comment-page-1/#comment-65150 Keith Barker Thu, 10 Sep 2009 23:26:12 +0000 http://blog.ine.com/?p=1918#comment-65150 Thanks for the question HAT! I hear you. The question on the ASAs indeed could be very lengthy, such as: Hardware Requirement: Same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of RAM. However, an exception to this is that the two ASAs do not need to have the same size Flash memory, but make sure the unit with the smaller Flash memory has enough space to store the software image files and the configuration files. If it does't, configuration synchronization from the unit with the larger Flash memory to the unit with the smaller Flash memory doesn't work. Software Requirement Same operational modes (routed or transparent, single or multiple context). They must have the same major (first number) and minor (second number) software version, but you can use different versions of the software within an upgrade process; for example, you can upgrade one unit from Version 7.0(1) to Version 7.0(2) and have failover remain active. You can upgrade from the last minor release of the previous version to the next major release. For example, you can upgrade from 7.9 to 8.0, assuming that 7.9 is the last minor version in the 7.x release. The answer could also be less than 10 characters or less, like Anthony’s response (thank you Anthony). My coaching would be to keep it concise, and accurate. Thanks again for the question- Keith Thanks for the question HAT! I hear you. The question on the ASAs indeed could be very lengthy, such as:

Hardware Requirement:

Same hardware configuration. They must be the same model, have the same number and types of interfaces, and the same amount of RAM. However, an exception to this is that the two ASAs do not need to have the same size Flash memory, but make sure the unit with the smaller Flash memory has enough space to store the software image files and the configuration files. If it does’t, configuration synchronization from the unit with the larger Flash memory to the unit with the smaller Flash memory doesn’t work.

Software Requirement

Same operational modes (routed or transparent, single or multiple context). They must have the same major (first number) and minor (second number) software version, but you can use different versions of the software within an upgrade process; for example, you can upgrade one unit from Version 7.0(1) to Version 7.0(2) and have failover remain active. You can upgrade from the last minor release of the previous version to the next major release. For example, you can upgrade from 7.9 to 8.0, assuming that 7.9 is the last minor version in the 7.x release.

The answer could also be less than 10 characters or less, like Anthony’s response (thank you Anthony).

My coaching would be to keep it concise, and accurate.

Thanks again for the question-

Keith

]]> By: Yohon http://blog.ine.com/2009/09/08/new-ccie-security-core-knowledge-questions-part-1/comment-page-1/#comment-64999 Yohon Wed, 09 Sep 2009 19:25:07 +0000 http://blog.ine.com/?p=1918#comment-64999 Hi Anthony. Sorry, my bad. You are correct, I do see the "more info" links in the answer key. Again, great updates and keep up the great work. Hi Anthony. Sorry, my bad. You are correct, I do see the “more info” links in the answer key. Again, great updates and keep up the great work.

]]> By: Anthony Sequeira, #15626 http://blog.ine.com/2009/09/08/new-ccie-security-core-knowledge-questions-part-1/comment-page-1/#comment-64989 Anthony Sequeira, #15626 Wed, 09 Sep 2009 17:48:20 +0000 http://blog.ine.com/?p=1918#comment-64989 All of our Core Knowledge Sim questions include a More Information link. They are located in the Answer key version. All of our Core Knowledge Sim questions include a More Information link. They are located in the Answer key version.

]]> By: Yohon http://blog.ine.com/2009/09/08/new-ccie-security-core-knowledge-questions-part-1/comment-page-1/#comment-64970 Yohon Wed, 09 Sep 2009 13:25:24 +0000 http://blog.ine.com/?p=1918#comment-64970 Great work INE. These are great questions and I do appreciatee the links for more info, something that is missing in the current product for security. Great work INE. These are great questions and I do appreciatee the links for more info, something that is missing in the current product for security.

]]> By: Anthony Sequeira, #15626 http://blog.ine.com/2009/09/08/new-ccie-security-core-knowledge-questions-part-1/comment-page-1/#comment-64931 Anthony Sequeira, #15626 Wed, 09 Sep 2009 03:48:31 +0000 http://blog.ine.com/?p=1918#comment-64931 RAM, MODEL, INTERFACES, MODE (ROUTED, TRANS, SINGLE, MULTIPLE) :-) RAM, MODEL, INTERFACES, MODE (ROUTED, TRANS, SINGLE, MULTIPLE)
:-)

]]> By: Tacack http://blog.ine.com/2009/09/08/new-ccie-security-core-knowledge-questions-part-1/comment-page-1/#comment-64929 Tacack Wed, 09 Sep 2009 03:44:24 +0000 http://blog.ine.com/?p=1918#comment-64929 AWESOME! :) Great job guys! :) AWESOME! :) Great job guys! :)

]]> By: HAT http://blog.ine.com/2009/09/08/new-ccie-security-core-knowledge-questions-part-1/comment-page-1/#comment-64918 HAT Wed, 09 Sep 2009 02:46:55 +0000 http://blog.ine.com/?p=1918#comment-64918 Hi Keith, I heard that the answers for these questions are short ones which have about 4, 5 word length. But the failover question is rather long and without referencing Cisco documentation it's a bit difficult to tell all the details Could you give me some advices on this? Thanks HAT Hi Keith,

I heard that the answers for these questions are short ones which have about 4, 5 word length.

But the failover question is rather long and without referencing Cisco documentation it’s a bit difficult to tell all the details

Could you give me some advices on this?

Thanks
HAT

]]> By: Rizzo http://blog.ine.com/2009/09/08/new-ccie-security-core-knowledge-questions-part-1/comment-page-1/#comment-64882 Rizzo Tue, 08 Sep 2009 23:37:25 +0000 http://blog.ine.com/?p=1918#comment-64882 Great stuff I love those question and links provided by Keith Great stuff

I love those question and links provided by Keith

]]> By: Keith Barker http://blog.ine.com/2009/09/08/new-ccie-security-core-knowledge-questions-part-1/comment-page-1/#comment-64837 Keith Barker Tue, 08 Sep 2009 21:11:29 +0000 http://blog.ine.com/?p=1918#comment-64837 Question: Why is it that ASDM and WebVPN, using their defaults, cannot be enabled on the same interface of the ASA? Answer: Both are listening on the same port – 443. More Information: http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807be2a1.shtml#topic1 Question: What ASA feature produced the following output? Answer: The WebVPN Capture Tool More Information: http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804a3718.shtml#output Question: What are the hardware and software requirements for 2 ASAs to perform failover? Answer: Hardware: Must have the same hardware configuration, must be the same model, have the same number and types of interfaces, the same amount of RAM, and have the same SSMs installed (if any). Software: Must be in the same operating modes (routed or transparent, single or multiple context). More Information: http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1155967 Question: What is the mechanism used to transmit the MD5 signature between two BGP authenticated speakers? Answer: TCP Option 19 More Information http://www.rfc-editor.org/rfc/rfc2385.txt Question: Why is it that ASDM and WebVPN, using their defaults, cannot be enabled on the same interface of the ASA?

Answer: Both are listening on the same port – 443.

More Information:
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807be2a1.shtml#topic1

Question: What ASA feature produced the following output?

Answer: The WebVPN Capture Tool

More Information:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00804a3718.shtml#output

Question: What are the hardware and software requirements for 2 ASAs to perform failover?

Answer:
Hardware: Must have the same hardware configuration, must be the same model, have the same number and types of interfaces, the same amount of RAM, and have the same SSMs installed (if any).
Software: Must be in the same operating modes (routed or transparent, single or multiple context).

More Information:
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1155967

Question: What is the mechanism used to transmit the MD5 signature between two BGP authenticated speakers?

Answer: TCP Option 19

More Information
http://www.rfc-editor.org/rfc/rfc2385.txt

]]>