Which of the following panes in the firewall configuration navigation tree can you use to achieve this task? (Select the best answer.)

Posted on By admin No Comments on Which of the following panes in the firewall configuration navigation tree can you use to achieve this task? (Select the best answer.)

[TABS_R id=8782]

You have been asked to use ASDM to change the global application inspection settings on an ASA at the edge of your network.

Which of the following panes in the firewall configuration navigation tree can you use to achieve this task? (Select the best answer.)

  • Access Rules
  • Service Policy Rules
  • Filter Rules
  • Advanced

Explanation:
You can use the Service Policy Rules pane in the firewall configuration navigation tree of Cisco Adaptive Security Device Manager (ASDM) to change the global application inspection settings on a Cisco Adaptive Security Appliance (ASA) at the edge of your network. Application inspection is one of the actions that can be applied to traffic with a policy map. Services that embed IP addresses in the packet or that utilize dynamically assigned ports for secondary channels require deep packet inspection, which is provided by Application layer protocol inspection. Some traffic, such as Internet Control Message Protocol (ICMP) traffic, might be dropped if inspection for that protocol is not enabled. You can use ASDM to make changes to the global policy by navigating to the Service Policy Rules pane, highlighting the inspection policy, and clicking Edit, as shown in the following exhibit:

300-735 Part 14 Q08 133
300-735 Part 14 Q08 133

From the Edit Service Policy Rule dialog box, click the Rule Actions tab, where you will find the protocol inspection configurations for the global policy. For example, you could select the check box next to the ICMP field in the following exhibit to enable the ASA to inspect ICMP traffic so that ICMP replies from valid ICMP requests are not inadvertently dropped:

300-735 Part 14 Q08 134
300-735 Part 14 Q08 134

The Access Rules pane in ASDM cannot be used to change the global application inspection settings on an ASA at the edge of your network. The Access Rules pane is used to configure security policies related to controlling access to your network. All inbound traffic must pass through the firewall? by default, no traffic can pass unless an access rule is configured to permit it. The Access Rules pane is shown in the following exhibit:

300-735 Part 14 Q08 135
300-735 Part 14 Q08 135

The Filter Rules pane in ASDM cannot be used to change the global application inspection settings on an
ASA at the edge of your network. The Filter Rules pane is used to configure Uniform Resource Locator (URL) filtering, which prevents inappropriate Internet usage on a secure network. Typically, URL filtering is not handled directly by the ASA but by some other server that must be enabled via the URL Filtering Servers pane before you can add filter rules. When a user makes a request for content from an outside address, the ASA sends a message to the filtering serverĶ¾ if the response from the filtering server indicates that there is no filter prohibiting access to that URL, the ASA will allow the requested content. The Filter Rules pane is shown in the following exhibit:

300-735 Part 14 Q08 136
300-735 Part 14 Q08 136

The Advanced pane in ASDM cannot be used to change the global application inspection settings on an ASA at the edge of your network. From the Advanced pane, you are able to configure several advanced firewall protection features, such as encrypted traffic inspection, IP audit, and fragment size. The Advanced pane is shown in the following exhibit:

300-735 Part 14 Q08 137
300-735 Part 14 Q08 137

[TABS_R id=8782]

Uncategorized
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x