Latest ASA Firewall Multiple choice Questions and Answers pdf

51. Explain Security Context?
We can partition a Single ASA into multiple virtual devices, known as Security Contexts. Each Context acts as an independent device, with its own security policy, interfaces, and administrators. Multiple contexts are similar to having multiple standalone devices.

52. What features are supported in multiple context mode?
Routing tables, Firewall features, IPS, and Management.

53. What features are not supported in multiple context mode?
VPN and Dynamic Routing Protocols.

54. Explain System area?
When we boot up in multiple mode from the CLI, we are taken into the system area. The system area is used to create and manage the contexts, configure the physical properties of the interfaces, create VLANs for trunking, create resource classes to restrict the context system resource usage.

55. What is the admin context?
When the appliance boots up, one context is automatically created called Admin Context which defaults to being the administrative context. Any context can be made administrative context. One of the contexts on our appliance must be the administrative context. An “*” beside a context name indicates that the context is the administrative context.

56. How ASA classifies packets?
The packet that enters is to be processed by which context is classified by ASA as follows:-
1.Unique Interfaces - If only one context is associated with the ingress interface, the ASA classifies the packet into that context.
2.Unique MAC Addresses - If multiple contexts share an interface, then the interface MAC address is used as classifier. ASA lets us assign a different MAC address in each context to the same shared interface. By default, shared interfaces do not have unique MAC addresses. We can set the MAC addresses manually or we can automatically generate MAC addresses by # mac-address auto command.
3.NAT Configuration - If we do not use unique MAC addresses, then the mapped addresses in our NAT configuration are used to classify packets.

57. What is the command to switch to multiple context Mode?
# mode multiple
After entering this command the appliance will reboot itself and our current configuration is automatically backed up to flash in case we want to switch back to single mode. The file is called “old_running.cfg.”

58. What is the command to switch back to single mode?
# mode single

59. What are different types of NAT in ASA?
Static NAT - A consistent mapping between a real and mapped IP address. It allows Bidirectional traffic initiation.
Dynamic NAT - A group of real IP addresses are mapped to a (usually smaller) group of mapped IP addresses on a first come first served basis. It allows only Unidirectional traffic initiation.
Dynamic Port Address Translation (PAT) - A group of real IP addresses are mapped to a single IP address using a unique source port of that IP address.
Identity NAT - A real address is statically translated to itself, essentially bypassing NAT.

60. What is Policy NAT?
Policy NAT allows you to NAT by specifying both the source and destination addresses in an extended access list. We can also optionally specify the source and destination ports. Regular NAT can only consider the source addresses, not the destination address.
In Static NAT it is called as Static Policy NAT.
In Dynamic NAT it is called as Dynamic Policy NAT.

61. Give the order of preference between different types of NAT?
1.Nat exemption.
2.Existing translation in Xlate.
3.Static NAT
- Static Identity NAT
- Static Policy NAT
- Static NAT
- Static PAT
4.Dynamic NAT
- NAT Zero
- Dynamic Policy NAT
- Dynamic NAT
- Dynamic PAT

62. What is the difference between Auto NAT & Manual NAT?
Auto NAT (Network Object NAT) - It only considers the source address while performing NAT. So, Auto NAT is only used for Static or Dynamic NAT. Auto NAT is configured within an object.
Manual NAT (Twice NAT) - Manual NAT considers either only the source address or the source and destination address while performing NAT. It can be used for almost all types of NAT like NAT exempt, policy NAT etc.
Unlike Auto NAT that is configured within an object, Manual NAT is configured directly from the global configuration mode.

63. Give NAT Order in terms of Auto NAT & Manual NAT?
NAT is ordered in 3 sections.
Section 1 – Manual NAT
Section 2 – Auto NAT
Section 3 – Manual Nat After-Auto

64. What are the command to see NAT Translations?
# sh xlate
# sh nat

Read More Questions:
ASA Firewall Interview Questions Part1
ASA Firewall Interview Questions Part2
ASA Firewall Interview Questions Part3
ASA Firewall Interview Questions Part4
ASA Firewall Interview Questions Part5
ASA Firewall Interview Questions Part6

0 comments: