Scenario: To access Cisco ASDM, click the PC icon in the Topology window, ASDM and answer the following question as:
The Cisco ASA administration must enable the Cisco ASA to automatically drop suspicious botnet traffic. After the Cisco ASA administrator entered the initial configuration, the Cisco ASA is not automatically dropping the suspicious botnet traffic. What else must be enabled in order to make it work?
Which Cisco ASA platform should be selected if the requirements are to support 35,000 connections per second, 600,000 maximum connections, and traffic shaping?
the Cisco ASA 5505 configurations to
enable Advanced HTTP Application inspection by completing the following tasks:
1. Enable HTTP inspection globally on the Cisco ASA
2. Create a new HTTP inspect Map named: http-inspect-map to:
a. Enable the dropping of any HTTP connections that encounter HTTP protocol violations
b. Enable the dropping and logging of any HTTP connections when the content type in the HTTP response does not match one of the MIME types in the accept filed
of the HTTP request
Note: In the simulation, you will not be able to test the HTTP inspection policy after you complete your configuration. Not all Cisco ASDM screens are fully functional.
After you complete the configuration, you do not need to save the running configuration to the start-up config, you will not be able to test the HTTP inspection policy
that is created after you complete your configuration. Also not all the ASDM screens are filly functional.
Correct Answer: Answer: Here are the step by step Solution for this:
Section: (none)
Explanation
Explanation/Reference:
Explanation:
1.>Go to Configuration>>Firewall>>Objects>>Inspect Maps>>HTTP>>Add>>Add name "http-inspect-map">>click on detail>>
a. select "check for protocol violations"
b. Action: Drop connection
c. Log: Enable
d. Click on Inspection: Click Add
e. Select Single Match>>Match type: No Match
f. Criterion: response header field
g. Field: Predefined: Content type
h. value: Content type
i. Action: Drop connection
j. Log: Enable
h. ok>>>ok>>>Apply
HTTP inspection is disabled in global policy by default - we need to enable and use this Inspect Map
Achieve this through command line:
policy-map type inspect http http-inspect-map
parameters
protocol-violation action drop-connection
match req-resp content-type mismatch
drop-connection log
policy-map global_policy
class inspaection_default
inspect http http-inspect-map
also you have to edit the global policy to apply this inspection into it.
Add/Edit HTTP Map
The Add/Edit HTTP Map dialog box is accessible as follows:
Configuration > Global Objects > Inspect Maps > HTTP > HTTP Inspect Map > Advanced View > Add/Edit
HTTP Inspect
The Add/Edit HTTP Inspect dialog box lets you define the match criterion and value for the HTTP inspect map.
Fields