Monitor and manage an installed security appliance
These questions are derived from the Self Test Software Practice Test for Cisco exam #642-522 – Securing Networks with PIX and ASA.
Objective Sequence: Monitor and manage an installed security appliance
SubObjective Sequence: Verify a security appliance configuration via ASDM
Single Answer, Multiple Choice
What is the main benefit of using two or more security appliance interfaces with same security levels?
- It will be easy to manage security appliance if all interfaces have same security level.
- You can configure more than 101 communication interfaces.
- Subinterfaces of a physical interface will be able to communicate with each other.
- You can have better security as the same security level interfaces necessarily require access control list (ACL).
B. You can configure more than 101 communication interfaces.
The main benefit of using interfaces at the same security level is that you can configure more than 101 intercommunicating interfaces. However, using different levels for each interface, you can configure only one interface per level, and there are only 101 security levels (0 to 100).
If you assign the same security level to all interfaces, Adaptive Security Algorithm (ASA) will not work properly between these interfaces because ASA makes its decisions on the basis of security levels. So, we will not be able to avail all the features of Security appliance. It will not help in easy management of the device in any way. Therefore, this is an incorrect option.
Subinterfaces of a physical interface can also communicate with each other if their security levels are different. Therefore, this is an incorrect option.
You can have security appliance interfaces at same security level without configuring ACL which will allow the free flow of traffic between these interfaces. Therefore, this is an incorrect option.