Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
22 Cards in this Set
- Front
- Back
|
What are the components of the Modular Policy Framework?
|
class-map - identify L3/L4 traffic policy-map - apply actions to the class map service-policy - activate the policy-map
|
|
|
What can be used in a class-map to match traffic ?
|
- ACL -Flow to dest IP - port: tcp/udp/rtp - any -dscp: qos - precedence: qos -tunnel-group: VPN
|
|
|
What actions can be set on a class in a policy-map?
|
- Send to the CSC or IPS module -inspect - L7 inspection police - limit bandwidth -prioirty - send to low latency queue - set - set connection parameters
|
|
|
What is the order of actions applied by the policy map?
|
1. TCP normalization, connection limit and timeout, and seq # randomization 2. CSC 3. Application Inspection 4. IPS 5. QoS input policing 6. QoS output policing 7. QoS priority queuing
|
|
|
What is the order of implementing modular policies in the ASDM?
|
1. Create service policy for the interface, or the global poilcy 2. Identify traffic to apply actions to 3. apply actions to each class
|
|
|
Where in the ASDM do you configure service policies?
|
Configuration ? Firewall ? Service Policy Rules
|
|
|
How can you setup a Management Policy in the ASDM?
|
Configuration ? Firewall ? Service Policy ? Add Management Service Policy
|
|
|
What direction of traffic is inspection done?
|
If a global policy, inspection done on egress only. If an interface specific policy, bi-directional policy done.
|
|
|
For what reason is Protocol inspection done?
|
- dynamic opening and closing of ports -address translation in headers and bodies - protect from latest threats
|
|
|
What is FTP Strict ?
|
- Prevents web browsers from sending embedded commands in FTP requests - requires FTP commands be acknowledge before new command - checks status and port commands for error strings - tracks each command and response for anomalous activity:
|
|
|
What can be accomplished with Advanced FTP inspection?
|
-command filtering -blocking based on file types, servers, ext- block specific users - protocol conformance
|
|
|
What can HTTP Inspection provide?
|
- URL Screening through Websense or Secure Computing SmartFilter - Java and ActiveX Filtering - Advanced HTTP inspection
|
|
|
What can be done with Advanced HTTP Inspection?
|
- control IM, P2P and tunnel apps - configure size adn count limits -block MIME types - block non-ASII Characters - block null HTTP encoding - control HTTP methods and extensions - block list of URLs - configured HTTP he
|
|
|
What can be done with Advanced ESMTP inspection?
|
- rate limit ESMTP commands - buffer overflow protection --- block body, line and header lengths --- limit characters in MIME name --- limit length of command line commands --- limit length of sender address - Block SPAM 
|
|
|
What does DNS inspection accomplish?
|
- track DNS requests and responses, limit only 1 per - translate A records - reassemble to verify packet length
|
|
|
What can be done with Advanced DNS Inspection?
|
- block DNS Types - mask flags in DNS header - Limit domains that can be quereied - randomize DNS ID - generate alerts for excessive mismatched responses - require TSIG for every DNS message - disable DNS guard for some traff
|
|
|
What is the purpose of ICMP inspection?
|
Only allow one reply per request
|
|
|
What is the purpose of SNMP inspection?
|
Require certain version of SNMP
|
|
|
What are the two types of Threat Detection?
|
Basic Threat Detection - reports rate packets are droped and generates syslog when exceeds threshold Scanning Threat Detection - detects sweeps and scans and takes action
|
|
|
What events are monitored by Basic Threat Detection?
|
- ACL denial - bad packet format - exceeded connection limits - DoS attacks - Failed basic firewall checks - suspicious ICMP packets - interface overload - Scanning Attacks - incomplete sessions
|
|
|
Where is threat detection enabled?
|
Configuration ? Firewall ? Threat Detection
|
|
|
What can be matched in a class-map?
|
access-listanydefault-inspection-trafficdscp - QoSflow port - TCP/UDPprecedencertp - rtp porttunnel-group
|
