PrepAway - Latest Free Exam Questions & Answers

Which Cisco ASDM 6.4.1 pane is used to enable the Cisco…

Which Cisco ASDM 6.4.1 pane is used to enable the Cisco ASA appliance to perform TCP checksum verifications?

PrepAway - Latest Free Exam Questions & Answers

A.
Configuration > Firewall > Service Policy Rules

B.
Configuration > Firewall > Advanced > IP Audit > IP Audit Policy

C.
Configuration > Firewall > Advanced > IP Audit > IP Audit Signatures

D.
Configuration > Firewall > Advanced > TCP options

E.
Configuration > Firewall > Objects > TCP Maps

F.
Configuration > Firewall > Objects > Inspect Maps

Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/release/notes/rn524.html shows:

http://www.cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/protect.html
shows
a. In the TCP Map Name field, enter a name.
b. In the Queue Limit field, enter the maximum number of out-of-order packets, between 0 and 250.
c. In the Reserved Bits area, click Clear and allow, Allow only, or Drop. Allow only allows packets with the reserved bits in the TCP header. Clear and allow clears
the reserved bits in the TCP header and allows the packet. Drop drops the packet with the reserved bits in the TCP header.
d. Check any of the following options:
·Clear Urgent Flag–Allows or clears the URG pointer through the security appliance. ·Drop Connection on Window Variation–Drops a connection that has changed
its window size unexpectedly.
·Drop Packets that Exceed Maximum Segment Size–Allows or drops packets that exceed MSS set by peer.
·Check if transmitted data is the same as original–Enables and disables the retransmit data checks.
·Drop SYN Packets With Data–Allows or drops SYN packets with data. ·Enable TTL Evasion Protection–Enables or disables the TTL evasion protection offered by
the security appliance.

·Verify TCP Checksum–Enables and disables checksum verification. e. To set TCP options, check any of the following options:
·Clear Selective Ack–Lists whether the selective-ack TCP option is allowed or cleared. ·Clear TCP Timestamp–Lists whether the TCP timestamp option is allowed
or cleared. ·Clear Window Scale–Lists whether the window scale timestamp option is allowed or cleared. ·Range–Lists the valid TCP options ranges, which should
fall within 6-7 and 9-255. The lower bound should be less than or equal to the upper bound.
f. Click OK.


Leave a Reply