Most recently ASA Firewall Multiple choice Questions and Answers pdf

41. What are the Failover Requirements between two devices?
Hardware Requirements - The two units in a failover configuration must be the same model, should have same number and types of interfaces.
Software Requirements - The two units in a failover configuration must be in the same operating modes (routed or transparent single or multiple context). They must have the same software version.

42. Explain Active/Standby Failover?
In Active/Standby Failover, one unit is the active unit which passes traffic. The standby unit does not actively pass traffic. When Failover occurs, the active unit fails over to the standby unit, which then becomes active. We can use Active/Standby Failover for ASAs in both single or multiple context mode.

43. Explain Active/Active Failover?
It is only available for ASAs in multiple context mode. In an Active/Active Failover configuration, both ASAs can pass network traffic. In Active/Active Failover, we divide the security contexts on the ASA into Failover Groups. A Failover Group is simply a logical group of one or more security contexts. Each group is assigned to be active on a specific ASA in the failover pair. When Failover occurs, it occurs at the Failover group level.

44. What is the command to enable Failover?
# Failover

45. What is the command to see Failover?
# sh failover

46. Explain Unit Health Monitoring in Failover? How Failover occurs?
The ASA unit determines the health of the other unit by monitoring the failover link. When a unit does not receive three consecutive hello messages on the failover link, it sends hello messages on each interface, including the failover interface, to find whether or not the other unit is responsive.
Based upon the response from the other unit it takes following actions:-
1.If the ASA receives a response on the failover interface, then it does not failover.
2.If the ASA does not receive a response on the failover link, but it does receive a response on another interface, then the unit does not failover. The failover link is marked as failed.
3.If the ASA does not receive a response on any interface, then the standby unit switches to active mode and classifies the other unit as failed.

47. How active unit is determined in Active/Standby Failover?
1.If a unit boots and detects another unit already running as active, it becomes the standby unit.
2.If a unit boots and does not detect active unit, it becomes the active unit.
3.If both units boot simultaneously, then the primary unit becomes the active unit, and the secondary
unit becomes the standby unit.

48. Name some commands replicated to standby unit?
All configuration commands except for mode, firewall, and failover lan unit are replicated to standby unit.
# copy running-config startup-config
# write memory

49. Name some commands that are not replicated to standby unit?
All forms of the copy command except for # copy running-config startup-config
all forms of the write command except for # write memory

50. Explain Active/Standby Failover & Active/Active Failover in terms of preemption?
In Active/Standby Failover there is no preemption.
In Active/Active Failover preemption is optional.

Read More Questions:
ASA Firewall Interview Questions Part1
ASA Firewall Interview Questions Part2
ASA Firewall Interview Questions Part3
ASA Firewall Interview Questions Part4
ASA Firewall Interview Questions Part5
ASA Firewall Interview Questions Part6

0 comments: