Online Access Free 300-206 Exam Questions

No.# Botnet Filtering - Static Database
You can manually enter domain names or IP addresses (host or subnet) that you want to tag as bad names in a blacklist. Static blacklist entries are always designated with a Very High threat level.
Threat levels:
1. very-low
2. low
3. moderate
4. high
5. very-high

Command to drop blacklisted traffic:
dynamic-filter drop blacklist [interface name] [action-classify-list subset_access_list] [threat-level {eq level | range min max}]

Command to treat greylisted traffic as blacklisted traffic for dropping purposes:
dynamic-filter ambiguous-is-black
- If you do not enable this command, greylisted traffic will not be dropped.
• Ambiguous addresses (greylist)—These addresses are associated with multiple domain names, but not all of these domain names are on the blacklist. These addresses are on the greylist .

Example configuration form real ASA:
dynamic-filter drop blacklist interface outside
dynamic-filter ambiguous-is-black

Supported features:
• Supported in single and multiple context mode.

• Supported in routed and transparent firewall mode.

• Does NOT support replication of the DNS reverse lookup cache, DNS host cache, or the dynamic database in Stateful Failover.

• Does NOT support IPv6.

• TCP DNS traffic is NOT supported.

• You can add up to 1000 blacklist entries and 1000 whitelist entries in the static database.

• The packet tracer is NOT supported.

Defaults:
Botnet Traffic Filter is disabled by default, as is use of the dynamic database.
For DNS inspection, which is enabled by default, Botnet Traffic Filter snooping is disabled by default.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/protect_botnet.html

Licensing requirements:
• Botnet Traffic Filter License.
• Strong Encryption (3DES/AES) License to download the dynamic database.

Be sure to set up a DNS server for the ASA so that it can access the Cisco update server URL. In multiple context mode, the system downloads the database for all contexts using the admin context interface; be sure to set up a DNS server in the admin context.

No.# Explanation:

The management plane is used in order to access, configure, and manage a device, as well as monitor its operations and the network on which it is deployed. The management plane is the plane that receives and sends traffic for operations of these functions. This list of protocols is used by the management plane:

• Simple Network Management Protocol (SNMP)
• Secure Shell Protocol (SSH)
• File Transfer Protocol (FTP)
• Trivial File Transfer Protocol (TFTP)
• Secure Copy Protocol (SCP)
• TACACS+
• RADIUS
• NetFlow
• Network Time Protocol (NTP)
• Syslog
• ICMP
• SMB

No.# The ASA and ASASM (i.e. ASA Services Module module) supports SNMP v. 1, 2c, and 3, and supports the use of all three versions simultaneously.

The ASA and ASASM support SNMP READ-ONLY access through issuance of a GET request. SNMP write access is NOT allowed, so you cannot make changes with SNMP. In addition, the SNMP SET request is not supported.

The ASA and ASASM have an SNMP agent that notifies designated management stations if events occur that are predefined to require a notification, for example, when a link goes up or down. The notification it sends includes an SNMP OID, which identifies itself to the management stations. The ASA or ASASM SNMP agent also replies when a management station asks for information.
Source: Cisco.com

No.# Firewall traversal for end-to end VoIP calls poses several problems:

o VoIP protocols use many ports for a single communication session. It is not possible to configure static rules for a large range of ports.

o Limiting the RTP port range is not supported by most endpoints.

o An application layer gateway (ALG) can be costly in terms of system resources and maintenance.


Cisco Unified Communications Trusted Firewall Control pushes services onto the network through a Trusted Relay Point (TRP) firewall. Firewall traversal is accomplished using Session Traversal Utilities for NAT(STUN) on a TRP colocated with a Cisco Unified Communications Manager Express (Cisco Unified CME) or a Cisco Unified Border Element.
- Cisco Unified Communications Trusted Firewall Control is supported on the Cisco 1861, 2801, 2811, 2821, 2851, 3825, and 3845 platforms.

Cisco Unified Communications Trusted Firewall Control builds intelligence into the firewall so that it can open a pinhole (a port that is opened through a firewall to allow a particular application access to the protected network) dynamically when it receives a STUN request for a media flow. This request is authenticated/authorized by the firewall to ensure that it opens pinholes only for genuine calls.

STUN = Session Traversal Utilities for NAT
- The protocol requires assistance from a third-party network server (STUN server) located on the opposing (public) side of the NAT, usually the public Internet.

- STUN is a tool for communications protocols to detect and traverse network address translators that are located in the path between two endpoints of communication. It is implemented as a light-weight client-server protocol, requiring only simple query and response components with a third-party server located on the common, easily accessible network, typically the Internet (FW – Trusted Relay Point).

- The client side is implemented in the user's communications application, such as a Voice over Internet Protocol (VoIP) phone or an instant messaging client.

No.# logging debug-trace
- command redirects debugging messages to SYSLOG.
- ASA by default does not include debugging output in syslog messages.
- Debugging messages are generated as severity level 7 messages. They appear in logs with the syslog message number 711001, but do not appear in any monitoring session.