CCNP Security FAQ : Security Contexts

CCNP Security FAQ : Security Contexts

Q1. What are the benefits of using security context over multiple firewall units?
A. It reduces the overall cost of the security platform.
B. Management of the firewalls becomes a much easier task.
C. It uses less physical space.
D. All of these answers are correct.

Answer: D

Q2. What determines the amount of security contexts a Security Appliance can have?
A. Hardware model.
B. OS software version.
C. License purchased.
D. There is no limit.
E. The hardware model and license purchased.

Answer: E

Q3. What is the name used for the default administrative context?
A. default
B. context1
C. admin
D. cisco

Answer: C

Q4. Where can you store context configuration files?
A. FTP server
B. Flash memory DIMM
C. TFTP server
D. HTTP server
E. All of these answers are correct

Answer: E

Q5. The Security Appliance classifies traffic flows by using which of the following characteristics of the packet?
B. Destination address
C. Source address
D. Port type
E. Both VLAN and destination address

Answer: E

Q6. Which command enables multiple security context mode?
A. multiple-context enable
B. context-mode multiple
C. mode multiple
D. enable multimode
E. None of these answers are correct

Answer: C

Q7. Which of the following does the invisible parameter in the allocate-interface command do?
A. Disables an interface for the whole system

B. Hides physical interface properties from non-administrative users of a context

C. Enables transparent firewall support in a context

D. Hides a list of privileged commands from users of a context

Answer: B

Q8. Which command identifies the location from which the system downloads the context configuration file?
A. context-config
B. config-url
C. remote-config context
D. copy tftp flash

Answer: B

Q9. What are the two methods used to direct traffic flows to a security context?

Answer: Source interface (VLAN) and Destination address

Q10. Using Figure 9-2, configure the security contexts for PIXFX1. Assume that Context1 to Context3 store their configuration files on the web server in the directory/configlets using the username PIXCONFIG and password CISCO123. Context 2 stores its configuration on the Flash drive. All nonadministrative contexts use the naming scheme context[x].cfg.


Q11. How do you enable multiple security contexts?

Answer: To enable multiple security contexts, you must use the mode multiple [noconfirm] command.

Q12. What are the interface limitations of a security context when the firewall is in transparent mode?

Answer: If a Security Appliance is configured to be a transparent firewall, each context can only be assigned two interfaces, with the exception of the management port, which can be assigned as the third interface.

Q13. What happens to the configuration files when multiple context mode is enabled?

Answer: The configuration files are split into two new configuration files: the system configuration and the admin context configuration. Additionally, the running-config is saved to old_running.cfg in the root of Flash.

Q14. What are the potential problems when you change the config-url setting for a context that is live?

Answer: If you change the config-url command for a context while the context is active, the Security Appliance will attempt to merge the new and old configurations into a single new configuration.

Q15. What are the limitations of the allocate-interface command?

Answer: The mapped name configured by the allocate-interface command must consist of an alphabetic portion followed by a numeric portion. If a range of interfaces is specified, the alphabetic portion of the mapped name must be consistent throughout the assigned range of interfaces
The numeric portion of the mapped name must include the same quantity of numbers as the subinterface range.

Q16. What does clear configure context do?

Answer: It removes all currently configured contexts on a Security Appliance.

More Resources

About the author


Leave a Comment