When a Cisco ASA is configured in multiple context mode, within which configuration are the
interfaces allocated to the security contexts?
A.
each security context
B.
system configuration
C.
admin context (context with the “admin” role)
D.
context startup configuration file (.cfg file)
Explanation:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/
products_configuration_example09186a00808d2b63.shtml
In order to specify the interfaces that you can use in the context, enter the command appropriate
for a physical interface or for one or more subinterfaces.
In order to allocate a physical interface, enter this command:
hostname(config-ctx)# allocate-interface <physical_interface> [mapped_name]
[visible | invisible]
Context Configurations
The security appliance includes a configuration for each context that identifies the security policy,
interfaces, and almost all the options you can configure on a standalone device. You can store
context configurations on the internal Flash memory or the external Flash memory card, or you
can download them from a TFTP, FTP, or HTTP(S) server.System Configuration
The system administrator adds and manages contexts by configuring each context configuration
location, allocated interfaces, and other context operating parameters in the system configuration,
which, like a single mode configuration, is the startup configuration. The system configuration
identifies basic settings for the security appliance. The system configuration does not include any
network interfaces or network settings for itself; rather, when the system needs to access network
resources (such as downloading the contexts from the server), it uses one of the contexts that is
designated as the admin context. The system configuration does include a specialized failover
interface for failover traffic only.
Admin Context Configuration
The admin context is just like any other context, except that when a user logs in to the admin
context, then that user has system administrator rights and can access the system and all other
contexts. The admin context is not restricted in any way, and can be used as a regular context.
However, because logging into the admin context grants you administrator privileges over all
contexts, you might need to restrict access to the admin context to appropriate users. The admin
context must reside on Flash memory, and not remotely.
If your system is already in multiple context mode, or if you convert from single mode, the admin
context is created automatically as a file on the internal Flash memory called admin.cfg. This
context is named “admin.” If you do not want to use admin.cfg as the admin context, you can
change the admin context.