Term
|
Definition
| A device that enforces an access control policy between multiple security domains. |
|
|
Term
|
Definition
A 'trusted' portion of a network.
E.G. the 'outside' security domain
E.G. the 'inside' security domain |
|
|
Term
Chapter 1
Demilitarized Zone
(DMZ) |
|
Definition
| A network area between the 'inside' trusted network and the 'outside' untrusted network. |
|
|
Term
Chapter 1
Network Layer Access Control |
|
Definition
| Security functions that use decisions based on information found in the Layer 2-4 headers. |
|
|
Term
Chapter 1
Application Layer Access Control |
|
Definition
| Security policies based on information found in the Layer 5-7 headers and packet content. |
|
|
Term
Chapter 1
Permissive Access Control |
|
Definition
| Allow all traffic to pass through a firewall unless it is explicitly blocked. |
|
|
Term
Chapter 1
Restrictive Access Control |
|
Definition
| Deny all traffic to pass through a firewall unless it is specifically allowed. |
|
|
Term
Chapter 1
Stateless Packet Filtering |
|
Definition
| Decisions to forward or block a packet are made on each packet independently, with no concept of connection state. |
|
|
Term
Chapter 1
Stateful Packet Filtering
(SPF) |
|
Definition
| Decisions to forward or block are based on a dynamic state table for each active connection |
|
|
Term
Chapter 1
Application Inspection and Control (AIC) filtering |
|
Definition
| Security policies that are based on information inside the application layer protocols |
|
|
Term
Chapter 1
Deep Pack Inspection
(DPI) |
|
Definition
| Examination beyond simple UDP/TCP headers, looks into packet payloads to understand their content |
|
|
Term
Chapter 1
Network Intrusion Prevention System
(NIPS) |
|
Definition
| A strategy that examines and analyzes network traffic and compares it to a database of known malicious activity |
|
|
Term
Chapter 1
Network Behavior Analysis System
(NBA) |
|
Definition
| A system that examines network traffic over time to build statistical models of normal, baseline activity |
|
|
Term
Chapter 1
Application Layer Gateway
(ALG) |
|
Definition
| Also referred to as a proxy; a device that acts as a gateway or intermediary between clients and servers |
|
|
Term
Chapter 1
Security Context |
|
Definition
| Virtual instance of a firewall. A firewall hardware platform can run multiple contexts, acting as independent firewalls |
|
|
Term
|
Definition
| default CLI mode, offers a limited set of commands |
|
|
Term
Chapter 2
privileged-EXEC mode |
|
Definition
| Highest-level CLI Mode; offers full access to all commands and information |
|
|
Term
Chapter 2
Global Configuration Mode |
|
Definition
| CLI mode to enter commands to configure features that affect the entire device. Only reachable from privileged-EXEC mode |
|
|
Term
Chapter 2
Specific Configuration Mode |
|
Definition
| CLI mode where specific device features can be configured. These modes are only reachable from global configuration mode |
|
|
Term
Chapter 2
ROMMON (ROM Monitor) mode |
|
Definition
| CLI mode available while the device is booting, by escaping the normal boot sequence. Limited set of commands available |
|
|
Term
Chapter 2
Running Configuration |
|
Definition
| Configuration commands that the device uses while it is running. Stored in RAM |
|
|
Term
Chapter 2
Startup Configuration |
|
Definition
| Configuration commands that the device applies when starting. Is permanent and stored in nonvolatile flash memory |
|
|
Term
|
Definition
| Interface hardware type, module, and port number that uniquely identifies a physical interface |
|
|
Term
|
Definition
Logical name used to reference an ASA interface from a security perspective
E.G. 'inside' or 'outside' |
|
|
Term
|
Definition
| Number between 0-100 that denotes trust or security of an interface. Higher number indicates higher trust |
|
|
Term
Chapter 3
Physical Interface |
|
Definition
| Device interface that has physical hardware and connect to a network through physical cabling |
|
|
Term
Chapter 3
Redundant Interface |
|
Definition
| A Logical interface that comprises two physical interfaces in a pair |
|
|
Term
Chapter 3
Member Interface |
|
Definition
| Physical interface that has been configured to be a member of a redundant interface pair |
|
|
Term
|
Definition
| Logical interface that connects to a virtual LAN, either internally or externally through a VLAN trunk link |
|
|
Term
|
Definition
| Physical itnerface this is configured as a IEEE 802.1Q trunk link |
|
|
Term
Chapter 3
Maximum Transmission Unit
(MTU) |
|
Definition
| Maximum size packet that can be transmitted on an interface without fragmentation |
|
|
Term
|
Definition
| ASA feature that relays DHCP requests received on one interface to a DHCP server found on another interface via UDP 69 |
|
|
Term
|
Definition
| ASA feature that provides IP addresses and parameters dynamically to requesting clients |
|
|
Term
|
Definition
| Route that is manually configured and does not change |
|
|
Term
|
Definition
| Routing Information Protocol Version 2, a dynamic distance vector routing protocol used to exchange routing information with other layer 3 devices |
|
|
Term
|
Definition
| Enhanced Interior Gateway Routing Protocol, Cisco Proprietary dynamic routing protocol that uses a complex routing metric and exchanges routing information to neighboring layer 3 devices |
|
|
Term
|
Definition
| Open Shortest Path First, standards-based link-state routing protocol that can partition a network into a hierarchy of distinct numbered areas |
|
|
Term
Chapter 4
Administrative Distance |
|
Definition
| index from 0 to 255 that reflects the trustworthiness, distance, of a routing source |
|
|
Term
|
Definition
| Process that monitors the reach-ability of a target device to implement a conditional static route |
|
|
