Which of the following statements is true regarding security contexts on a new Cisco ASA in multiple context mode? (Select the best answer.)
- You cannot delete the current admin context.
- You can delete a single security context with the clear configure context command.
- You can delete all security contexts with the no context command.
- You cannot delete a security context from the active unit in a failover configuration.
- You can delete a security context only by editing the system configuration.
You can delete a security context only by editing the system configuration on a new Cisco Adaptive Security Appliance (ASA). Security contexts divide a single ASA into multiple virtual devices with unique policies. This division enables a single physical ASA to provide security services for different departments while keeping the departments logically separated. The system configuration contains the startup configuration and resides in the system execution space, which is also called the system context. You can add, modify, and delete security contexts from the system execution space. You can issue the contextcommand from configuration mode to create a new security context and to enter context configuration mode, which is used to edit an existing security context. Conversely, you can issue the no context command from configuration mode to delete a single security context. For example, you can issue the no context CTX1 command to delete a context named CTX1.
You cannot issue the no context command to delete the current admin context. You can delete the current admin context only if you delete all of the configured security contexts on the ASA. You can issue the clear configure context command from the system context to remove all security contexts from the system configuration of an ASA. You can issue the show context command to determine the name of the current admin context and to display a list of the security contexts currently configured on an ASA. Sample output from the show context command is shown below:
The current admin context can be identified by the * character to the left of the context name in the output of the show context command.
You can delete a security context from the active unit in a failover configuration. When you issue the no context command on the active unit of a failover pair, the security context will also be deleted from the standby unit after the configuration synchronization is complete. Cisco warns that the synchronization process can take a few seconds to complete and that any error messages related to the deleted context are likely due to synchronization delay and should therefore be ignored.