Which of the following statements is true regarding the…

You issue the following commands on a Cisco ASA. No other interfaces have been configured.
asa(config)#interface gigabitethernet 0/1asa(configif)#speed 1000
asa(configif)#duplex full
asa(configif)#securitylevel 0
asa(configif)#nameif inside
asa(configif)#ip address 10.1.1.1
255.255.255.0 asa(configif)#no
shutdownasa(configif)#exit
asa(config)#telnet 10.1.1.0 255.255.255.0
inside asa(config)#telnet timeout 30
Which of the following statements is true regarding the resulting configuration? (Select the best answer.)

You issue the following commands on a Cisco ASA. No other interfaces have been configured.
asa(config)#interface gigabitethernet 0/1asa(configif)#speed 1000
asa(configif)#duplex full
asa(configif)#securitylevel 0
asa(configif)#nameif inside
asa(configif)#ip address 10.1.1.1
255.255.255.0 asa(configif)#no
shutdownasa(configif)#exit
asa(config)#telnet 10.1.1.0 255.255.255.0
inside asa(config)#telnet timeout 30
Which of the following statements is true regarding the resulting configuration? (Select the best answer.)

A.
Telnet sessions will time out after 30 seconds of inactivity.

B.
The ASA will deny SSH connections to the interface.

C.
The ASA will reassign the interface a security level of 100.

D.
Telnet sessions will be denied because a security level is manually assigned.

Explanation:
In this scenario, the Cisco Adaptive Security Appliance (ASA) will deny Telnet sessions to the
GigabitEthernet 0/1 interface because a security level is manually assigned. Normally, Telnet traffic is not
permitted to the interface with the lowest security. However, if there is only one configured interface and it has
been configured with a security level of 100, Telnet traffic is permitted even though the interface is
simultaneously the interface with the lowest security and the highest security. Because the interface in this
scenario has been manually assigned the lowest security level of 0, the Telnet session will be denied. If there
were other active interfaces on the ASA, a Telnet session would be permitted to the interface with the lowest
security only if that session was protected by a virtual private network (VPN) tunnel terminating on the interface.
The ASA will not deny Secure Shell (SSH) connections to the interface. Although there are several methods for
working around Telnet access restrictions of the ASA, Cisco recommends disabling Telnet and using more
secure methods for management access, such as SSH or Secure Hypertext Transfer Protocol (HTTPS)
instead? neither HTTPS nor SSH is restricted by the security level of an interface.
The block of commands in this scenario configures the GigabitEthernet 0/1 interface to operate in full duplex
mode at a speed of 1000 megabits per second (Mbps), assigns the interface a security level of 0, names the
interface “inside”, and assigns an IP address 10.1.1.1 with a network mask of 255.255.255.0. In addition, the no
shutdown command enables the interface. The telnet commands define a network range that is permitted to
Telnet to the inside interface and configure a Telnet idletimeout value. The default security level on an ASA is
0? however, the inside interface is an exception to this rule because it is automatically assigned a security level
of 100 if a security level is not explicitly configured. An interface can be assigned any integervalued security
level from 0 through 100.
Telnet sessions will not time out after 30 seconds of activity. The telnet timeout 30 command specifies an
inactivity timeout length of 30 minutes, not 30 seconds. The telnet timeout command accepts an integer value
from 1 through 1440 to specify the number of minutes a Telnet session can remain idle before the ASA closes
the connection.

Cisco: Cisco ASA 5500 Series Command Reference: securitylevel



Leave a Reply 0

Your email address will not be published. Required fields are marked *