Realtime ASA Firewall Multiple choice Questions and Answers pdf

31. What are the differences between switch and ASA (in Transparent mode) ?
ASA does not floods unknown unicast frames that are not found in mac address table.
ASA does not participate in STP.
Switch process traffic at layer 1 & layer 2 while ASA can process traffic from layer 1 to layer 7.

32. What are the features that are not supported in Transparent mode?
1.Dynamic Routing.
2.Multicasting.
3.QOS.
4.VPNs like IPSec and WebVPN cannot be terminated.
5.ASA cannot act as DHCP relay agent.

33. Explain Ether-Type ACL?
In Transparent mode, unlike TCP/IP traffic for which security levels are used to permit or deny traffic all non-IP traffic is denied by default. We create Ether-Type ACL to allow NON-IP traffic. We can control traffic like BPDU, IPX etc with Ether-Type ACL.

34. What is the command to convert ASA into Transparent mode?
# firewall transparent

35. What is the command to see mode (routed or transparent)?
# sh firewall

36. Explain Failover?
Failover is a cisco proprietary feature. It is used to provide redundancy. It requires two identical ASAs to be connected to each other through a dedicated failover link. Health of active interfaces and units are monitored to determine if failover has occurred or not.

37. What are type of Failover?
1.Active/Standby Failover.
2.Active/Active Failover.

38. What information is exchanged between ASAs over a Failover link?
1.State - Active or standby.
2.Hello Messages.
3.Network Link Status.
4.Mac Addresses.
5.Configuration Replication and Synchronization.

39. What is the difference between Stateful failover and Stateless failover?
Stateless Failover - When failover occurs all active connections are dropped. Clients need to re-establish connections when the new active unit takes over.
Stateful Failover - The active unit continually passes per-connection state information to the standby unit. After a failover occurs, the same connection information is available at the new active unit. Clients are not required to reconnect to keep the same communication session.

40. What Information Active unit passes to the standby unit in Stateful Failover?
NAT translation table, TCP connection states, The ARP table, The Layer 2 bridge table (when running in transparent firewall mode), ICMP connection state etc.

Read More Questions:
ASA Firewall Interview Questions Part1
ASA Firewall Interview Questions Part2
ASA Firewall Interview Questions Part3
ASA Firewall Interview Questions Part4
ASA Firewall Interview Questions Part5
ASA Firewall Interview Questions Part6

0 comments: