CCNP Security FAQ : Configuring Access
Q1. Which of the following are constraints when configuring policy NAT?
A. A global address can be used concurrently for NAT and PAT.
B. An access list must be used only twice with the nat command.
C. Access lists for policy NAT cannot contain deny statements.
D. An access list must be used only once with the nat command
Q2. Which of the following is not one of four options for object types when you create an object group?
A. Network
B. Protocol
C. Application
D. Services
Q3. Which command lets you create a network object group?
A. object-group network group-id
B. enable object-group network group-id
C. create network object-group
D. network object-group enable
Q4. What command can you configure the Security Appliance to allow access to higher-security subnets?
A. nat (outside) 0
B. nat (inside) 0
C. global
D. static
E. None of these answers are correct.
Q5. How many SMTP commands are made by the ASA application inspection function?
A. 3
B. 2
C. 7
D. 5
Q6. How do you change the port of an FTP inspection?
A. Using a class-map to create a traffic class
B. fixup protocol ftp port
C. inspect ftp port
D. redirect ftp port
Q7. Which of the following is the correct syntax for mapping an internal web server with an IP address of 10.10.10.15 to an outside IP address of 192.168.100.15 for HTTP traffic?
A. static (inside, outside) 192.168.100.15 80 10.10.10.15 netmask 255.255.255.255 eq www
B. static (inside, outside) 192.168.100.15 80 10.10.10.15 netmask 255.255.255.255
C. static (inside, outside) tcp 192.168.100.15 80 10.10.10.15 www netmask 255.255.255.255
D. static (inside, outside) 192.168.100.15 80 10.10.10.15 netmask 255.255.255.255
Q8. What do static NAT settings do?
Q9. What is the difference between regular NAT and policy-based network translation?
Q10. True or false: The following commands constitute the correct way to set up NAT on a ASA 5520?
Q11. Which command would you use to create a description/remark “Linda’s group extranet server access” for access list 112?
Q12. How would you change the default port assignment for FTP?
Q13. What is the function of object groups?
Q14. What are the four object type options available when you are creating object groups?
Q15. How would you specify the maximum number of concurrent deny flows that can be created with an access list?
Q16. What are the seven SMTP commands allowed by SMTP inspection?
More Resources