Which of the following statements is true regarding sec…

Which of the following statements is true regarding security contexts on a new Cisco ASA in multiple context
mode? (Select the best answer.)

Which of the following statements is true regarding security contexts on a new Cisco ASA in multiple context
mode? (Select the best answer.)

A.
You cannot delete the current admin context.

B.
You can delete a single security context with the clear configure context command.

C.
You can delete all security contexts with the no context command.

D.
You cannot delete a security context from the active unit in a failover configuration.

E.
You can delete a security context only by editing the system configuration.

Explanation:
You can delete a security context only by editing the system configuration on a new Cisco Adaptive Security
Appliance (ASA). Security contexts divide a single ASA into multiple virtual devices with unique policies. This
division enables a single physical ASA to provide security services for different departments while keeping the
departments logically separated. The system configuration contains the startup configuration and resides in the
system execution space, which is also called the system context. You can add, modify, and delete security
contexts from the system execution space. You can issue the contextcommand from configuration mode to
create a new security context and to enter context configuration mode, which is used to edit an existing security
context. Conversely, you can issue the no context command from configuration mode to delete a single security
context. For example, you can issue the no context CTX1 command to delete a context named CTX1.
You cannot issue the no context command to delete the current admin context. You can delete the currentadmin context only if you delete all of the configured security contexts on the ASA. You can issue the clear
configure context command from the system context to remove all security contexts from the system
configuration of an ASA. You can issue the show context command to determine the name of the current admin
context and to display a list of the security contexts currently configured on an ASA. Sample output from the
show context command is shown below:

The current admin context can be identified by the * character to the left of the context name in the output of the
show context command.
You can delete a security context from the active unit in a failover configuration. When you issue the no context
command on the active unit of a failover pair, the security context will also be deleted from the standby unit
after the configuration synchronization is complete. Cisco warns that the synchronization process can take a
few seconds to complete and that any error messages related to the deleted context are likely due to
synchronization delay and should therefore be ignored.

Cisco: Managing Multiple Context Mode: Removing a Security Context



Leave a Reply 0

Your email address will not be published. Required fields are marked *