Appendix C
Memory Tables
Chapter 1
Table 1-2 Evolution of Cisco Secure Firewall Management Center
Version | Solution Name | Management Platform Name |
|---|---|---|
Version 4.x | 3D System | Defense Center |
Version 5.x | FireSIGHT System | FireSIGHT Management Center |
Version 6.x | Firepower System | |
Version 7.x | Cisco Secure Firewall |
Chapter 2
Table 2-3 Secure Firewall Management Center Virtual Appliance Specifications
Component | FMCv25 | FMCv300 |
|---|---|---|
Processor | 4 vCPU–8 vCPU | 32 vCPU |
Memory | ||
Storage | 250 GB | 2.2 TB |
Maximum Number of Managed Threat Defense | ||
Maximum Network Map (Hosts/Users) | 50,000/50,000 | 150,000/150,000 |
Maximum Intrusion Events | 10 million | 60 million |
Table 2-4 Secure Firewall Threat Defense Virtual Appliance Specifications
Component | FTDv5 | FTDv10 | FTDv20 | FTDv30 | FTDv50 | FTDv100 |
|---|---|---|---|---|---|---|
Processor | 4 vCPU | 4 vCPU | 8 vCPU | 12 vCPU | ||
Memory | 8 GB | 8 GB | 16 GB | 24 GB | ||
Storage | 48 GB | 48 GB | 48 GB | 48 GB | 48 GB | 48 GB |
Throughput (1024 B) | 100 Mbps | 1 Gbps | 3 Gbps | 5.5 Gbps | 10 Gbps | 15.5 Gbps |
Throughput(450 B) | 100 Mbps | 1 Gbps | 1 Gbps | 2 Gbps | 3 Gbps | 7 Gbps |
Maximum New Connections per Second | 12,500 | 20,000 | 20,000 | 20,000 | 40,000 | 130,000 |
Maximum Concurrent Sessions | 100,000 | 100,000 | 100,000 | 250,000 | 500,000 | 2,000,000 |
Chapter 3
Table 3-4 Secure Firewall License Capabilities
License | It Allows You to |
|---|---|
Update the system Control applications and users Perform switching, routing, and NAT | |
Detect and prevent intrusion attempts Blacklist traffic based on intelligence Block transfer of certain types of files | |
Protect the network from malware, and enable malware defense feature (formerly AMP for networks and AMP Threat Grid) | |
Filter URLs based on reputation and category |
Table 3-6 High-Level Comparison of AnyConnect Licenses
License | Capabilities |
|---|---|
Provides basic VPN services and security features | |
Includes all capabilities offered by the AnyConnect Plus license and many more advanced services | |
AnyConnect VPN Only | Focuses on a high volume of remote users exclusively for RAVPN services |
Chapter 6
Table 6-2 Capability to Block Traffic in Various Modes
Deployment Mode | Interface Mode | Able to Block Traffic? |
|---|---|---|
Routed | Yes | |
Transparent | ||
Inline | Yes | |
Inline-tap | ||
Passive | No | |
Passive (ERSPAN) | No |
Chapter 9
Table 9-2 Types of Application Detector
Type of Detector | Functions |
|---|---|
Internal detector | Detects protocol, client, and web applications. Internal detectors are always turned ____; they are built in the software. |
Client detector | Detects client traffic. It also helps to infer an application protocol on a nonmonitored network. |
Web application detector |
Detects traffic based on the contents in a ______________________. |
Port-based application protocol detector | Detects traffic based on ________________. |
Firepower-based application protocol detector | Detects traffic based on ________________________________. |
Custom application detector | Detects traffic based on ________________________________. |
Table 9-3 Host Discovery Limitation on Management Center Virtual Models
Management Center Model | Host Limit |
|---|---|
FMCv25 | |
FMCv300 |
Chapter 12
Table 12-2 Security Intelligence Feed Versus Security Intelligence List
Feed | List | |
|---|---|---|
Provider | Created by the Cisco threat intelligence team | |
Maintenance | You can manually update an old list on demand. | |
File transfer | The update file is provided by Cisco over the Internet via a web service. | You can upload an update file using a local web browser. |
Chapter 13
Table 13-2 Intelligence Feed Versus Intelligence List
Feed | List | |
|---|---|---|
Provider | The Cisco threat intelligence team creates and manages the feed. The management center also supports the input of custom domains through an internal feed URL. | |
Update | You can manually update an old list on demand. |
Chapter 14
Table 14-2 Web Reputation Levels and Their Descriptions
Reputation Level | Version 6.5 and Higher | Version 6.4 and Lower | Descriptions |
|---|---|---|---|
1 | Untrusted | High risk | Sites pose a high risk; they are known to have exposed malicious data or malicious software to clients. |
2 | Suspicious | Sites are suspicious. The threat level is higher than average. | |
3 | Benign Sites with Security Risks | These are generally benign sites, but they can expose clients to risk due to the unsafe characteristics of the sites. | |
4 | Favorable | Benign Sites | Benign sites may occasionally expose clients to risk. However, exposures are rare. |
5 | Trusted | Trustworthy | Well-known trustworthy sites have very strong security features. |
Table 14-3 Available Memory Versus the Number of URLs in a Dataset
Available Memory | Number of URLs in the Dataset |
|---|---|
More than 3.4 GB | |
Less than or equal to 3.4 GB |
Chapter 15
Table 15-2 Types of Snort Rules and Their Identification Numbers
Type of Rule | Identification Number |
|---|---|
Standard text rule | _______. SID is _________________. |
Shared object rule | ______________. |
Preprocessor rule | GID can be anything other than 1–3. |
Local rule | ______________________________. |
Table 15-3 CVSS Scores of the System-Provided Policies
Intrusion Policy | CVSS Score | Age of Vulnerability |
|---|---|---|
Connectivity over Security | Current year plus two prior years | |
Balanced Security and Connectivity | Current year plus two prior years | |
Security over Connectivity | Current year plus three prior years | |
Maximum Detection | 7.5 or higher | All the years since 2005 |
Table 15-4 Intrusion Rule Recommendations Versus Enable Profile Update
Intrusion Rule Recommendations | Enable Profile Update |
|---|---|
Compares rule metadata with the applications and operating systems of a host and determines whether the threat defense should apply a certain rule to certain traffic from that host. | |
Can enable a disabled rule if the rule relates to a host and application in the network. | |
Configured within an access control policy. |
Chapter 16
Table 16-2 Differences Between a Threat License and a Malware License
When Only a Threat License Is Applied… | When a Malware License Is Also Applied… | |
|---|---|---|
A threat defense can block a file based on ________________. | A threat defense can block a file based on its malware dispositions. | |
A threat defense utilizes the file’s magic numbers to determine the file type. | A threat defense matches malware signatures to perform local malware analysis. | |
A threat defense does not require a connection to the cloud for file type detection. | A threat defense needs to connect to the cloud for various purposes—for example, to update the signature of the ______________, to send a file to the cloud to perform dynamic file analysis, and to perform an SHA-256 lookup. | |
You can apply only two rule actions: ______________ and ____________. | You can apply any rule actions available, including Malware Cloud Lookup and Block Malware. |
Chapter 17
Table 17-2 Private IP Addressing in Classes A, B, and C, as Defined in RFC 1918
Class | Range of IP Addresses | Number of Hosts |
|---|---|---|
Class A | 224 – 2 = 16,777,214 | |
Class B | 220 – 2 = 1,048,574 | |
Class C | 216 – 2 = 65,534 |
Chapter 19
Table 19-2 Three Major Security Protocols of the IPsec Framework
Protocol Name | Functions | Protocol/Port Number | References |
|---|---|---|---|
Integrity, authentication, anti-replay | RFC 4302 | ||
Encapsulating Security Payloads (ESP) | IP Protocol 50 | RFC 4303 | |
Key exchange |
Table 19-3 Cryptographic Algorithms and Their Strengths
Purpose | Cryptographic Algorithm | Reference | Key Strength |
|---|---|---|---|
Encryption | Advanced Encryption Standard (AES) | FIPS 197 | AES256 |
Data Encryption Standard (DES) | FIPS 46-3 | 3DES (Triple DES) | |
FIPS 180-4 | SHA-2 with 512-bit digest | ||
Message-Digest Algorithm | RFC 1321 | MD5 | |
RFC 3526 | DH Group 14 (2048-bit modulus) | ||
Elliptic-Curve Diffie-Hellman (ECDH) | RFC 5903 | DH Group 21 (521-bit random elliptic curve) |
Chapter 20
Table 20-2 Megabits per Second to Megabytes per Second Conversion Table
Megabits per Second (Mbps) | Megabytes per Second (MB/sec) |
|---|---|
1 Mbps | |
4 Mbps | 0.5 MB/sec |
8 Mbps | 1 MB/sec |
10 Mbps | |
16 Mbps | 2 MB/sec |
40 Mbps | 5 MB/sec |
80 Mbps | 10 MB/sec |
100 Mbps | 12.5 MB/sec |
Chapter 21
Table 21-3 Syslog Messages Severity Levels
Severity Level (0–7) | Messages That Describe… |
|---|---|
An emergency condition where the system is unusable | |
A condition where an action must be taken immediately to fix the issue | |
A critical condition that indicates a failure in the primary system | |
An error condition | |
A warning condition | |
A condition that does not indicate an error but may require special attention | |
An informational message | |
Debug-level information to help the developers of an application or system |
Table 21-4 Syslog Messages Facilities
Facility Level (0–23) | Messages That Are Associated With… |
|---|---|
Kernel | |
User-level process | |
Mail system | |
System daemon | |
Security/authentication subsystem | |
System logging daemon (syslogd) | |
Line printer subsystem | |
Network news subsystem | |
UUCP | |
CRON | |
AUTHPRIV | |
FTP | |
NTP | |
AUDIT | |
ALERT | |
CLOCK | |
LOCAL0–LOCAL7 |