Top 50 Firewall Support Interview Questions You Must Prepare 19.Mar.2024

NAT trlation table, TCP connection states, The ARP table, The Layer 2 bridge table (when running in trparent firewall mode), ICMP connection state etc.

Rules for packet filters (typically routers) that define which packets to pass and which to block.

Data encryption ensures data safety and very important for confidential or critical data. It protect data from being read, altered or forged while trmission.

How long audit logs are retained and maintained.

A firewall is a hardware or software installed to provide security to the private networks connected to the internet. They can be implemented in both hardware and A firewall is a hardware or software installed to provide security to the private networks connected to the internet. They can be implemented in both hardware and software, or a combination of both. All data entering or leaving the Intranet passes through the firewall which allows only the data meeting the administrators’ rules to pass through it.software, or a combination of both. All data entering or leaving the Intranet passes through the firewall which allows only the data meeting the administrators’ rules to pass through it.

A system that has been hardened to resist attack, and which is installed on a network in such a way that it is expected to potentially come under attack. Bastion hosts are often components of firewalls, or may be ``outside'' web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., Unix, VMS, NT, etc.) rather than a ROM-based or firmware operating system.

The technique of securing a network by controlling access to all entry and exit points of the network.

A standalone program that, when run, copies itself from one host to another, and then runs itself on each newly infected host. The widely reported 'Internet Virus' of 1988 was not a virus at all, but actually a worm.

ASA does not decrement the TTL value in traceroute because it does not want to give its information to others for security purpose. It forwards it without decrementing the TTL Value.

Packet Filtering Firewall: This type of Firewall detects packets and block unnecessary packets and makes network traffic release.

Screening Router Firewalls: It's a software base firewall available in Router provides only light filtering.

Computer-based Firewall: It's a firewall stored in server with an existing Operating System like Windows and UNIX.

Hardware base Firewall: Its device like box allows strong security from public network. Mostly used by big networks.

Proxy Server: Proxy server allows all clients to access Internet with different access limits. Proxy server has its own firewall which filters the all packet from web server.

Stateful firewall maintains following information in its State table:-

  1. Source IP address.
  2. Destination IP address.
  3. IP protocol like TCP, UDP.
  4. IP protocol information such as TCP/UDP Port Numbers, TCP Sequence Numbers, and TCP Flags.

How audit logs are processed, searched for key events, or summarized.

Designing operational aspects of a system to operate with a minimum amount of system privilege. This reduces the authorization level at which various actions are performed and decreases the chance that a process or user with high privileges may be caused to perform unauthorized activity resulting in a security breach.

A host on a network behind a screening router. The degree to which a screened host may be accessed depends on the screening rules in the router.

The security approach whereby each system on the network is secured to the greatest possible degree. May be used in conjunction with firewalls.

If we want to deploy a new firewall into an existing network it can be a complicated process due to various issues like IP address reconfiguration, network topology changes, current firewall etc. We can easily insert a trparent firewall in an existing segment and control traffic between two sides without having to readdress or reconfigure the devices.

An attack whereby a system attempts to illicitly impersonate another system by using its IP network address.

In computer networking, the term IP address spoofing or IP spoofing refers to the creation of Internet Protocol (IP) packets with a forged source IP address, called spoofing, with the purpose of concealing the identity of the sender or impersonating another computing system.

It will be applied on all interfaces towards inbound. Global option is only in ASA 8.4 not in ASA 8.2

Stateful firewall - A Stateful firewall is aware of the connections that pass through it. It adds and maintains information about users connections in state table, referred to as a connection table. It than uses this connection table to implement the security policies for users connections. Example of stateful firewall are PIX, ASA, Checkpoint.

Stateless firewall - (Packet Filtering) Stateless firewalls on the other hand, does not look at the state of connections but just at the packets themselves. Example of a packet filtering firewall is the Extended Access Control Lists on Cisco IOS Routers.

A one-way function applied to a file to produce a unique ``fingerprint'' of the file for later reference. Checksum systems are a primary me of detecting filesystem tampering on Unix.

The process of determining the identity of a user that is attempting to access a system.
authentication is a process that can verify pc identity(user name and pass etc)

Routing tables, Firewall features, IPS, and Management.

Digital signature is an attachment to an electronic message used for security purpose. It is used to verify the authenticity of the sender.

A Gateway joins two networks together and a network firewall protects a network against unauthorized incoming or outgoing access. Network firewalls may be hardware devices or software programs.

Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain.

An attack whereby an active, established, session is intercepted and co-opted by the attacker. IP Splicing attacks may occur after an authentication has been made, permitting the attacker to assume the role of an already authorized user. Primary protections against IP Splicing rely on encryption at the session or network layer.

You are currently designing your own Desktop Publishing application, as you have not found any that do exactly what you want with existing applications. As part of the design you are using a Controller to which you send all GUI requests. Not all objects can process the same commands. For example you can?t select the spell check tool when an image has the focus. To stop any possible errors you would like to filter out some of the messages as they are passed from these objects to.

A router or system capable of routing traffic by encrypting it and encapsulating it for trmission across an untrusted network, for eventual de-encapsulation and decryption.

A subnet behind a screening router. The degree to which the subnet may be accessed depends on the screening rules in the router.

When a user performs an action that they should not have, according to organizational policy or law.

A dual homed gateway is a system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks.

Failover is a cisco proprietary feature. It is used to provide redundancy. It requires two identical ASAs to be connected to each other through a dedicated failover link. Health of active interfaces and units are monitored to determine if failover has occurred or not.

IP and trport layer headers for information related to source and destination IP addresses, port numbers etc.

1.Standard ACL
2.Extended ACL
3.Ethertype ACL (Trparent Firewall)
4.Webtype ACL (SSL VPN)

Public key encryption use public and private key for encryption and decryption. In this mechanism, public key is used to encrypt messages and only the corresponding private key can be used to decrypt them. To encrypt a message, a sender has to know recipient’s public key.

In Active/Standby Failover, one unit is the active unit which passes traffic. The standby unit does not actively pass traffic. When Failover occurs, the active unit fails over to the standby unit, which then becomes active. We can use Active/Standby Failover for ASAs in both single or multiple context mode.

Hardware Requirements: The two units in a failover configuration must be the same model, should have same number and types of interfaces.

Software Requirements: The two units in a failover configuration must be in the same operating modes (routed or trparent single or multiple context). They must have the same software version.

Firewalls work at layer 3, 4 & 7.

We can partition a Single ASA into multiple virtual devices, known as Security Contexts. Each Context acts as an independent device, with its own security policy, interfaces, and administrators. Multiple contexts are similar to having multiple standalone devices.

If we need some network resources such as a Web server or FTP server to be available to outside users we place these resources on a separate network behind the firewall called a demilitarized zone (DMZ). The firewall allows limited access to the DMZ, but because the DMZ only includes the public servers, an attack there only affects the servers and does not affect the inside network.

In Trparent mode, unlike TCP/IP traffic for which security levels are used to permit or deny traffic all non-IP traffic is denied by default. We create Ether-Type ACL to allow NON-IP traffic. We can control traffic like BPDU, IPX etc with Ether-Type ACL.

In router, if we delete one access-control entry whole ACL will be deleted. In ASA, if we will delete one access-control entry whole ACL will not be deleted.

A portable device used for authenticating a user. Authentication tokens operate by challenge/response, time-based code sequences, or other techniques. This may include paper-based lists of one-time passwords.

A web application firewall or a layer 7 firewall can be used for the purpose.

In Trparent Mode, ASA acts as a Layer 2 device like a bridge or switch and forwards Ethernet frames based on destination MAC-address.

Stateless Failover: When failover occurs all active connections are dropped. Clients need to re-establish connections when the new active unit takes over.

Stateful Failover: The active unit continually passes per-connection state information to the standby unit. After a failover occurs, the same connection information is available at the new active unit. Clients are not required to reconnect to keep the same communication session.