![MCQs [2024]](https://engineeringinterviewquestions.com/wp-content/uploads/2021/02/Interview-Questions-2.png)
Q1. What Information Active Unit Passes To The Standby Unit In Stateful Failover?
NAT trlation table, TCP connection states, The ARP table, The Layer 2 bridge table (when running in trparent firewall mode), ICMP connection state etc.
Q2. What Is Access Control Lists?
Rules for packet filters (typically routers) that define which packets to pass and which to block.
Q3. What Is Data Encryption?
Data encryption ensures data safety and very important for confidential or critical data. It protect data from being read, altered or forged while trmission.
Q4. What Is Log Retention?
How long audit logs are retained and maintained.
Q5. What Features Are Not Supported In Multiple Context Mode?
VPN and Dynamic Routing Protocols.
Q6. What Is Firewall?
A firewall is a hardware or software installed to provide security to the private networks connected to the internet. They can be implemented in both hardware and A firewall is a hardware or software installed to provide security to the private networks connected to the internet. They can be implemented in both hardware and software, or a combination of both. All data entering or leaving the Intranet passes through the firewall which allows only the data meeting the administrators’ rules to pass through it.software, or a combination of both. All data entering or leaving the Intranet passes through the firewall which allows only the data meeting the administrators’ rules to pass through it.
Q7. What Is Bastion Host?
A system that has been hardened to resist attack, and which is installed on a network in such a way that it is expected to potentially come under attack. Bastion hosts are often components of firewalls, or may be “outside” web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., Unix, VMS, NT, etc.) rather than a ROM-based or firmware operating system.
Q8. What Is Perimeter-based Security?
The technique of securing a network by controlling access to all entry and exit points of the network.
Q9. What Is Worm?
A standalone program that, when run, copies itself from one host to another, and then runs itself on each newly infected host. The widely reported ‘Internet Virus’ of 1988 was not a virus at all, but actually a worm.
Q10. How Asa Works In Reference To Traceroute?
ASA does not decrement the TTL value in traceroute because it does not want to give its information to others for security purpose. It forwards it without decrementing the TTL Value.
Q11. What Are The Types Of Firewalls?
Packet Filtering Firewall: This type of Firewall detects packets and block unnecessary packets and makes network traffic release.
Screening Router Firewalls: It’s a software base firewall available in Router provides only light filtering.
Computer-based Firewall: It’s a firewall stored in server with an existing Operating System like Windows and UNIX.
Hardware base Firewall: Its device like box allows strong security from public network. Mostly used by big networks.
Proxy Server: Proxy server allows all clients to access Internet with different access limits. Proxy server has its own firewall which filters the all packet from web server.
Q12. What Information Does Stateful Firewall Maintains?
Stateful firewall maintains following information in its State table:-
- Source IP address.
- Destination IP address.
- IP protocol like TCP, UDP.
- IP protocol information such as TCP/UDP Port Numbers, TCP Sequence Numbers, and TCP Flags.
Q13. What Is Log Processing?
How audit logs are processed, searched for key events, or summarized.
Q14. What Is Least Privilege?
Designing operational aspects of a system to operate with a minimum amount of system privilege. This reduces the authorization level at which various actions are performed and decreases the chance that a process or user with high privileges may be caused to perform unauthorized activity resulting in a security breach.
Q15. What Is Screened Host?
A host on a network behind a screening router. The degree to which a screened host may be accessed depends on the screening rules in the router.
Q16. What Is Defense In Depth?
The security approach whereby each system on the network is secured to the greatest possible degree. May be used in conjunction with firewalls.
Q17. What Is The Need Of Trparent Firewall?
If we want to deploy a new firewall into an existing network it can be a complicated process due to various issues like IP address reconfiguration, network topology changes, current firewall etc. We can easily insert a trparent firewall in an existing segment and control traffic between two sides without having to readdress or reconfigure the devices.
Q18. What Is Ip Spoofing?
An attack whereby a system attempts to illicitly impersonate another system by using its IP network address.
In computer networking, the term IP address spoofing or IP spoofing refers to the creation of Internet Protocol (IP) packets with a forged source IP address, called spoofing, with the purpose of concealing the identity of the sender or impersonating another computing system.
Q19. What If We Apply Acl As Global In Asa?
It will be applied on all interfaces towards inbound. Global option is only in ASA 8.4 not in ASA 8.2
Q20. What Is The Difference Between Stateful & Stateless Firewall?
Stateful firewall – A Stateful firewall is aware of the connections that pass through it. It adds and maintains information about users connections in state table, referred to as a connection table. It than uses this connection table to implement the security policies for users connections. Example of stateful firewall are PIX, ASA, Checkpoint.
Stateless firewall – (Packet Filtering) Stateless firewalls on the other hand, does not look at the state of connections but just at the packets themselves. Example of a packet filtering firewall is the Extended Access Control Lists on Cisco IOS Routers.
Q21. What Is Cryptographic Checksum?
A one-way function applied to a file to produce a unique “fingerprint” of the file for later reference. Checksum systems are a primary me of detecting filesystem tampering on Unix.
Q22. What Is Uthentication?
The process of determining the identity of a user that is attempting to access a system.
authentication is a process that can verify pc identity(user name and pass etc)
Q23. What Features Are Supported In Multiple Context Mode?
Routing tables, Firewall features, IPS, and Management.
Q24. Define Digital Signatures?
Digital signature is an attachment to an electronic message used for security purpose. It is used to verify the authenticity of the sender.
Q25. Which Feature On A Firewall Can Be Used For Mitigating Ip Spoofing Attacks?
Access control list can be used for the purpose.
Q26. What Is The Difference Between Gateway And Firewall?
A Gateway joins two networks together and a network firewall protects a network against unauthorized incoming or outgoing access. Network firewalls may be hardware devices or software programs.
Q27. What Is Dns Spoofing?
Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.
Q28. What Is Ip Splicing/hijacking?
An attack whereby an active, established, session is intercepted and co-opted by the attacker. IP Splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP Splicing rely on encryption at the session or network layer.
Q29. Explain You Are Currently Designing Your Own Desktop Publishing Application, As You Have Not Found Any That?
You are currently designing your own Desktop Publishing application, as you have not found any that do exactly what you want with existing applications. As part of the design you are using a Controller to which you send all GUI requests. Not all objects can process the same commands. For example you can?t select the spell check tool when an image has the focus. To stop any possible errors you would like to filter out some of the messages as they are passed from these objects to.
Q30. What Is Tunneling Router?
A router or system capable of routing traffic by encrypting it and encapsulating it for trmission across an untrusted network, for eventual de-encapsulation and decryption.
Q31. What Is Screened Subnet?
A subnet behind a screening router. The degree to which the subnet may be accessed depends on the screening rules in the router.
Q32. Explain Abuse Of Privilege?
When a user performs an action that they should not have, according to organizational policy or law.
Q33. What Is Dual Homed Gateway?
A dual homed gateway is a system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks.
Q34. Explain Failover?
Failover is a cisco proprietary feature. It is used to provide redundancy. It requires two identical ASAs to be connected to each other through a dedicated failover link. Health of active interfaces and units are monitored to determine if failover has occurred or not.
Q35. Which Fields In A Packet Does A Network Layer Firewall Look Into For Making Decisions?
IP and trport layer headers for information related to source and destination IP addresses, port numbers etc.
Q36. What Are The Different Types Of Acl In Firewall?
1.Standard ACL
2.Extended ACL
3.Ethertype ACL (Trparent Firewall)
4.Webtype ACL (SSL VPN)
Q37. What Is The Public Key Encryption?
Public key encryption use public and private key for encryption and decryption. In this mechanism, public key is used to encrypt messages and only the corresponding private key can be used to decrypt them. To encrypt a message, a sender has to know recipient’s public key.
Q38. Explain Active/standby Failover?
In Active/Standby Failover, one unit is the active unit which passes traffic. The standby unit does not actively pass traffic. When Failover occurs, the active unit fails over to the standby unit, which then becomes active. We can use Active/Standby Failover for ASAs in both single or multiple context mode.
Q39. What Are The Failover Requirements Between Two Devices?
Hardware Requirements: The two units in a failover configuration must be the same model, should have same number and types of interfaces.
Software Requirements: The two units in a failover configuration must be in the same operating modes (routed or trparent single or multiple context). They must have the same software version.
Q40. Firewalls Works At Which Layers?
Firewalls work at layer 3, 4 & 7.
Q41. Explain Security Context?
We can partition a Single ASA into multiple virtual devices, known as Security Contexts. Each Context acts as an independent device, with its own security policy, interfaces, and administrators. Multiple contexts are similar to having multiple standalone devices.
Q42. Explain Dmz (demilitarized Zone) Server?
If we need some network resources such as a Web server or FTP server to be available to outside users we place these resources on a separate network behind the firewall called a demilitarized zone (DMZ). The firewall allows limited access to the DMZ, but because the DMZ only includes the public servers, an attack there only affects the servers and does not affect the inside network.
Q43. Explain Ether-type Acl?
In Trparent mode, unlike TCP/IP traffic for which security levels are used to permit or deny traffic all non-IP traffic is denied by default. We create Ether-Type ACL to allow NON-IP traffic. We can control traffic like BPDU, IPX etc with Ether-Type ACL.
Q44. What Is The Difference In Acl On Asa Than On Router?
In router, if we delete one access-control entry whole ACL will be deleted. In ASA, if we will delete one access-control entry whole ACL will not be deleted.
Q45. Which Feature On A Cisco Firewall Can Be Used For Protection Against Tcp Syn Flood Attacks?
TCP intercept feature.
Q46. What Is Authentication Token?
A portable device used for authenticating a user. Authentication tokens operate by challenge/response, time-based code sequences, or other techniques. This may include paper-based lists of one-time passwords.
Q47. What Type Of Firewall Can Be Used To Block A Web Security Threat?
A web application firewall or a layer 7 firewall can be used for the purpose.
Q48. What Is Tranparent Firewall?
In Trparent Mode, ASA acts as a Layer 2 device like a bridge or switch and forwards Ethernet frames based on destination MAC-address.
Q49. Which Is The Main Field In An Ip Header , Which Is Modified By A Nat Firewall?
The source IP address in the IP header.
Q50. What Is The Difference Between Stateful Failover And Stateless Failover?
Stateless Failover: When failover occurs all active connections are dropped. Clients need to re-establish connections when the new active unit takes over.
Stateful Failover: The active unit continually passes per-connection state information to the standby unit. After a failover occurs, the same connection information is available at the new active unit. Clients are not required to reconnect to keep the same communication session.