You want to use ASDM to create an inspection rule that will drop and log SHOUTcast media streams.
Which of the following inspection rules should you configure to achieve your goal? (Select the best answer.)
A.
H.323 H.225
B.
H.323 RAS
C.
HTTP
D.
RTSP
E.
IM
Explanation:
You should configure a Hypertext Transfer Protocol (HTTP) inspection rule to drop and log SHOUTcast media
streams on a Cisco Adaptive Security Appliance (ASA). When HTTP inspection is enabled in a service policy,
such as the global service policy, you can opt to use the default inspection rules or you can customize the
inspection rules by applying an HTTP inspect map. You can select a custom HTTP inspect map from the
Select HTTP Inspect Map dialog box, as shown below:You can modify the configuration of an HTTP inspect map from the Configuration > Firewall > Objects > Inspect
Maps > HTTP pane of Cisco Adaptive Security Device Manager (ASDM). This pane enables you to add, delete,
and modify HTTP inspect maps. To modify an existing map, you should first click the Customize button, which
opens the Edit HTTP Inspect Map dialog box, as shown in the following exhibit:You can reset the inspection map to its default security level by clicking the Default Level button, or you can
slide the Security Level slider to select a predefined setting. Alternatively, you can click the Details button to
expand the Edit HTTP Inspect Map dialog box into a larger window with more options, as shown below:You can use the Parameters tab of the expanded Edit HTTP Inspect Map dialog box to enable protocol
violation checks and to select the actions that the ASA should take if protocol violations are found. You can also
use the tab to configure server string spoofing and the maximum body length for HTTP request and response
searches. The Inspections tab of the expanded Edit HTTP Inspect Map dialog box displays the details of theinspection map, as shown in the exhibit below:The Inspections tab displays the inspection rules that apply to the current inspect map. The Match Type column
indicates whether traffic must match or not match the criterion specified in the remaining columns. The Criterion
column specifies what type of inspection is being performed. If the traffic is being inspected for a value, that
value is indicated in the Value column. The Action column indicates what action will be applied to sessions that
meet the rules requirements, and the Log column indicates whether the action triggers a system log (syslog)
message. If you wanted to add an inspection rule that dropped and logged SHOUTcast media streams, you
could click the Add button to open the Add HTTP Inspect dialog box and then select the
_default_shoutcasttunnelingprotocol item from the HTTP Traffic Class dropdown list box, as shown in the
following exhibit:The items listed in the dropdown list are class maps that have been defined on the ASA. Names that begin with
_default are predefined in the system default configuration and can be referenced directly from ASDM or by the
class command in a policy map. The _default_shoutcasttunnelingprotocol class map is a predefined class map
that can identify SHOUTcast media streams by their HTTP metadata, as shown in the following exhibit:You cannot configure H.323 H.225; H.323 Registration, Admission, and Status (RAS); Instant Messaging (IM);
or RealTime Streaming Protocol (RTSP) inspection rules to drop and log SHOUTcast media streams on an
ASA. SHOUTcast media streams use HTTP, not H.323 or H.225. H.323 H.225 and H.323 RAS inspection rules
provide support for International Telecommunication Union (ITU) H.323compliant applications such as Cisco
CallManager. IM inspection rules provide the ASA with the ability to enforce security policies for a variety of
mainstream IM applications. RTSP inspection rules enable an ASA to process media streams that are
commonly produced by RealAudio, Apple QuickTime, and Cisco IP television (IPTV) connections.Cisco: Configuring Application Layer Protocol Inspection: HTTP Class Map
Cisco: Configuring Inspection of Basic Internet Protocols: Configuring an HTTP Inspection Policy Map for
Additional Inspection Control
Cisco: Configuring Application Layer Protocol Inspection: Add/Edit HTTP Map