https://www.pass4lead.com/300-206.

html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

300-206Q&As
Implementing Cisco Edge Network Security Solutions

Pass Cisco 300-206 Exam with 100% Guarantee

Free Download Real Questions & Answers PDF and VCE file from:

https://www.pass4lead.com/300-206.html

100% Passing Guarantee

100% Money Back Assurance

Following Questions and Answers are all new published by Cisco

Official Exam Center

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 1 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

QUESTION 1

What are two security features at the access port level that can help mitigate Layer 2 attacks? (Choose two.)

A. DHCP snooping

B. IP Source Guard

C. Telnet

D. Secure Shell

E. SNMP

Correct Answer: AB

QUESTION 2

When will a Cisco ASA that is operating in transparent firewall mode perform a routing table lookup instead of a MAC
address table lookup to determine the outgoing interface of a packet?

A. if multiple context mode is configured

B. if the destination MAC address is unknown

C. if the destination is more than a hop away from the Cisco ASA

D. if NAT is configured

E. if dynamic ARP inspection is configured

Correct Answer: D

QUESTION 3

Which two types of addresses can be blocked with BRF on the ASA? (Choose two)

A. instant messaging

B. ads

C. P2P

D. spyware

E. Games

Correct Answer: BD

Botnets are a collection of malicious software or "bots" covertly installed on endpoints and controlled by another entity
through a communications channel such as IRC, peer-to-peer (P2P), or HTTP. The dynamic database includes the

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 2 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

following types of addresses:

Ads - These are advertising networks that deliver banner ads, interstitials, rich media ads, pop- ups, and pop-unders for
websites, spyware and adware. Some of these networks send ad- oriented HTML emails and email verification
services.

Data Tracking - These are sources associated with companies and websites that offer data tracking and metrics
services to websites and other online entities. Some of these also run small advertising networks. Spyware - These are
sources

that distribute spyware, adware, greyware, and other potentially unwanted advertising software. Some of these also run
exploits to install such software. Malware - These are sources that use various exploits to deliver adware, spyware and

other malware to victim computers. Some of these are associated with rogue online vendors and distributors of dialers
which deceptively call premium-rate phone numbers.

Adult - These are sources associated with adult networks/services offering web hosting for adult content, advertising,
content aggregation, registration and billing, and age verification. These may be tied to distribution of adware, spyware,
and

dialers.

Bot and Threat Networks - These are rogue systems that control infected computers. They are either systems hosted on
threat networks or systems that are part of the botnet itself.

QUESTION 4

Refer to the exhibit. Which statement about the policy map named test is true?

A. Only HTTP inspection will be applied to the TCP port 21 traffic.

B. Only FTP inspection will be applied to the TCP port 21 traffic.

C. both HTTP and FTP inspections will be applied to the TCP port 21 traffic.

D. No inspection will be applied to the TCP port 21 traffic, because the http class map configuration conflicts with the ftp
class map.

E. All FTP traffic will be denied, because the FTP traffic will fail the HTTP inspection.

Correct Answer: B

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 3 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

QUESTION 5

About User identity with domain (there is a screen), if user is not in domain, what identity will be?

A. local

B. default

Correct Answer: A

ASA Identity Firewal:

The default domain is used for all users and user groups when a domain has not been explicitly configured for those
users or groups. When a default domain is not specified, the default domain for users and groups is LOCAL.
Additionally, the

Identity Firewall uses the LOCAL domain for all locally defined user groups or locally defined users (users who log in
and authenticate by using a VPN or web portal).

QUESTION 6

Which statement about SNMP support on the Cisco ASA appliance is true?

A. The Cisco ASA appliance supports only SNMPv1 or SNMPv2c.

B. The Cisco ASA appliance supports read-only and read-write access.

C. The Cisco ASA appliance supports three built-in SNMPv3 groups in Cisco ASDM: Authentication and Encryption,
Authentication Only, and No Authentication, No Encryption.

D. The Cisco ASA appliance can send SNMP traps to the network management station only using SNMPv2.

Correct Answer: C

QUESTION 7

Within Cisco Prime Infrastructure, which configuration Archive task will allow you to specify when to copy the running
configuration to the startup configuration?

A. Schedule Deploy

B. Schedule Overwrite

C. Schedule Archive

D. Schedule Rollback

Correct Answer: B

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 4 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

QUESTION 8

A web server has been configured to operate on port 1521. The web server traffic is passing through an ASA with
default application inspection configured. Which application inspection affects the web server traffic?

A. HTTP

B. MSCP

C. HTTPS

D. SQL *Net

Correct Answer: D

QUESTION 9

Which three tasks are required when configuring secure SSH access on O Cisco ASA 5500 Series? (Choose three)

A. Set the TCP port.

B. Specify the subnet from which an SSH connection is permitted.

C. Generate an RSA key pair.

D. Set the SSH version.

E. Add the username to a local database.

F. Set the timeout value

Correct Answer: BCE

QUESTION 10

According to Cisco best practices, which two interface configuration commands help prevent VLAN hopping attacks?
(Choose two.)

A. switchport mode access

B. switchport access vlan 2

C. switchport mode trunk

D. switchport access vlan 1

E. switchport trunk native vlan 1

F. switchport protected

Correct Answer: AB

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 5 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

QUESTION 11

Which two statements about Cisco IDS are true? (Choose two.)

A. It is preferred for detection-only deployment.

B. It is used for installations that require strong network-based protection and that include sensor tuning.

C. It is used to boost sensor sensitivity at the expense of false positives.

D. It is used to monitor critical systems and to avoid false positives that block traffic.

E. It is used primarily to inspect egress traffic, to filter outgoing threats.

Correct Answer: AD

QUESTION 12

Which product can centrally manage a VPN policy that can be deployed to multiple firewalls?

A. Cisco Configuration Professional

B. Cisco prime LMS

C. Cisco Security Manager

D. Cisco Adaptive Security Device Manager

Correct Answer: C

QUESTION 13

Best practices for hardening of management plane have been implemented on an ASA (or IOS router). Which protocols
will be affected?

A. BGP

B. ICMP

C. ARP

Correct Answer: B

I chose ICMP as its used in the management plane for monitoring etc. It could have been BGP but BGP runs in the
control plane and the question specifically mentioned management plane.

QUESTION 14

What is a required attribute to configure NTP authentication on a Cisco ASA?

A. Key ID

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 6 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

B. IPsec

C. AAA

D. IKEv2

Correct Answer: A

QUESTION 15

Which Cisco ASA command authenticates the Cisco ASDM client that accesses the security appliance using HTTPS
with local user database?

A. aaa authentication ssh console LOCAL

B. aaa authentication serial console LOCAL

C. aaa authentication telnet console LOCAL

D. aaa authentication http console LOCAL

Correct Answer: A

QUESTION 16

Which Cisco ASA feature is implemented by the ip verify reverse-path interface interface_name command?

A. uRPF

B. TCP intercept

C. botnet traffic filter

D. scanning threat detection

E. IPS (IP audit)

Correct Answer: A

There is only strict uRPF in ASA (source network must be routable via input interface). There is no default option in ASA
implementation.

QUESTION 17

What is the default behavior of an access list on a Cisco ASA?

A. It will permit or deny traffic based on the access list criteria.

B. It will permit or deny all traffic on a specified interface.

C. It will have no affect until applied to an interface, tunnel-group or other traffic flow.

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 7 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

D. It will allow all traffic.

Correct Answer: C

QUESTION 18

An engineer is configuring MACsec encryption. Which two components does Cisco TrustSec NDAC MACsec support?
(Choose two.)

A. user-facing downlink port

B. switch-to-switch connection

C. switch-to-host connection

D. host-facing links

E. switch ports connected to other switches

Correct Answer: BE

QUESTION 19

What is the primary purpose of stateful pattern recognition in Cisco IPS networks?

A. mitigating man-in-the-middle attacks

B. using multipacket inspection across all protocols to identify vulnerability-based attacks and to thwart attacks that hide
within a data stream

C. detecting and preventing MAC address spoofing in switched environments

D. identifying Layer 2 ARP attacks

Correct Answer: B

QUESTION 20

Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance?

A. a DES or 3DES license

B. a NAT policy server

C. a SQL database

D. a Kerberos key

E. a digital certificate

Correct Answer: A

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 8 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

QUESTION 21

When a Cisco ASA is configured in multiple context mode, within which configuration are the interfaces allocated to the
security contexts?

A. each security context

B. system configuration

C. admin context (context with the "admin" role)

D. context startup configuration file (.cfg file)

Correct Answer: B

QUESTION 22

Which two commands can be used to create a Cisco Unified ACL within the ASA CLI? (Choose two.)

A. ipv6 access-list

B. object-group network

C. ipv6 access-list webtype

D. access-list extended

E. object-group network nat-pat-grp

Correct Answer: BD

https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/acl_extended.pdf

QUESTION 23

Which two mandatory policies are needed to support a regular IPsec VPN in a Cisco Security Manager environment?
(Choose two.)

A. GRE modes

B. IKE proposal

C. group encryption

D. server load balance

Correct Answer: BC

QUESTION 24

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 9 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

Your company is replacing a high-availability pair of Cisco ASA 5550 firewalls with the newer Cisco ASA 5555-X
models. Due to budget constraints, one Cisco ASA 5550 will be replaced at a time. Which statement about the minimum
requirements to set up stateful failover between these two firewalls is true?

A. You must install the USB failover cable between the two Cisco ASAs and provide a 1 Gigabit Ethernet interface for
state exchange.

B. It is not possible to use failover between different Cisco ASA models.

C. You must have at least 1 Gigabit Ethernet interface between the two Cisco ASAs for state exchange.

D. You must use two dedicated interfaces. One link is dedicated to state exchange and the other link is for heartbeats.

Correct Answer: B

QUESTION 25

An administrator installed a Cisco ASA that runs version 9.1. You are asked to configure the firewall through Cisco
ASDM.

When you attempt to connect to a Cisco ASA with a default configuration, which username and password grants you full
access?

A. admin / admin

B. asaAdmin / (no password)

C. It is not possible to use Cisco ASDM until a username and password are created via the username
usernamepassword password CLI command.

D. enable_15 / (no password)

E. cisco / cisco

Correct Answer: D

QUESTION 26

Which feature can suppress packet flooding in a network?

A. PortFast

B. BPDU guard

C. Dynamic ARP Inspection

D. storm control

Correct Answer: D

QUESTION 27

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 10 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

Which option is the default logging buffer size In memory of the Cisco ASA adaptive security appliance?

A. 8KB

B. 32KB

C. 2KB

D. 16KB

E. 4KB

Correct Answer: E

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/monitor_syslog.h
tml

QUESTION 28

Choose correct statements about mixed ACLs and object groups? (Choose two)

A. You can mix IPv4 and IPv6 addresses in the same ACE

B. You can mix IPv4 and IPv6 entries in a network object group, but you cannot use a mixed object group for NAT

C. You cannot mix IPv4 and IPv6 addresses in the same ACL.

D. You cannot mix IPv4 and IPv6 addresses in the same ACE but you can mix IPv4 and IPv6 addresses in different
ACEs of common ACL.

Correct Answer: AB

QUESTION 29

Which of the following that Cisco engineer must secure a current monitoring environment? (Choose Two)

A. RSA-SIG

B. MD5

C. AES

D. 3DES

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 11 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

E. DES

Correct Answer: CD

QUESTION 30

When a traffic storm threshold occurs on a port, into which state can traffic storm control put the port?

A. Disabled

B. Err-disabled

C. Disconnected

D. Blocked

E. Connected

Correct Answer: B

QUESTION 31

Which type of authentication and encryption does SNMPv3 use at the authNoPriv sec rity level?

A. username authentication with MD5 or SIIA encryption

B. DES authentication with MD5 or SHA encryption

C. MD5 or SHA authentication with DES encryption

D. username authentication without encryption

E. username authentication it ion with DES, encryption

F. MDG or SHA authentication without encryption

Correct Answer: F

QUESTION 32

When access rule properties are configured within ASDM, which traffic direction type is required by global and
management access rule?

A. Any

B. Both in and out

C. In

D. Out

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 12 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

Correct Answer: C

QUESTION 33

Which three configurations tasks do you perform to allow Not Flow on a Cisco ASA G500 Series firewall? (Choose
three)

A. Apply the newly created class map to the global policy.

B. Enable NetFlow Version 9.

C. Create a class map match interesting traffic.

D. Create an ACL to allow UDP traffic on port 9996.

E. Define a NetFlow collector by using the flow-export command.

F. Apply NetFlow Exporter to the outside interface in the inbound direction

Correct Answer: ACE

QUESTION 34

Which configuration step is the first to enable PIM-SM on the Cisco ASA appliance?

A. Configure the static RP IP address.

B. Enable IGMP forwarding on the required interface(s).

C. Add the required static mroute(s).

D. Enable multicast routing globally on the Cisco ASA appliance.

E. Configure the Cisco ASA appliance to join the required multicast groups.

Correct Answer: D

QUESTION 35

Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security
device?

A. logging list critical_messages level 2 console logging critical_messages

B. logging list critical_messages level 2 logging console critical_messages

C. logging list critical_messages level 2 logging console enable critical_messages

D. logging list enable critical_messages level 2 console logging critical_messages

Correct Answer: B

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 13 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

QUESTION 36

Refer to the exhibit. Which statement about this access list is true?

A. This access list does not work without 6to4 NAT

B. IPv6 to IPv4 traffic permitted on the Cisco ASA by default

C. This access list is valid and works without additional configuration

D. This access list is not valid and does not work at all

E. We can pass only IPv6 to IPv6 and IPv4 to IPv4 traffic

Correct Answer: A

ASA 9.0(1) code introduced the Unified ACL for IPv4 and IPv6. ACLs now support IPv4 and IPv6 addresses. You can
even specify a mix of IPv4 and IPv6 addresses for the source and destination. The any keyword was changed to
represent IPv4 and IPv6 traffic. The any4 and any6 keywords were added to represent IPv4-only and IPv6-only traffic,
respectively. The IPv6-specific ACLs are deprecated. Existing IPv6 ACLs are migrated to extended ACLs.

QUESTION 37

What is the maximum jumbo frame size for IPS standalone appliances with 1G and 10G fixed or add-on interfaces?

A. 1024 bytes

B. 1518 bytes

C. 2156 bytes

D. 9216 bytes

Correct Answer: D

QUESTION 38

Which two capabilities of cisco security manager are true?

A. it adds a device that does not exist on the network

B. it manages the certificates of a user

C. it rolls back a configuration to a previous configuration

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 14 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

D. it reports the events of an fwsm device

E. it manages cisco acs servers

Correct Answer: DE

QUESTION 39

Which feature do you enable to restrict the interface on which mgmt traffic can be received by the routes on your
network?

A. MPP

B. CPP with a port xxx

C. AAA

D. extended ACL on all int

Correct Answer: A

control-plane host management-interface G0/0 allow ssh https snmp

QUESTION 40

An engineer is using Cisco Security Manager and is using default ports configuration. What port must be open to
connect the Cisco Security Manager Client to an ASA?

A. 22

B. 23

C. 80

D. 443

Correct Answer: D

300-206 VCE Dumps 300-206 Exam Questions 300-206 Braindumps

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 15 / 16

 https://www.pass4lead.com/300-206.html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download

To Read the Whole Q&As, please purchase the Complete Version from Our website.

Try our product !

100% Guaranteed Success

100% Money Back Guarantee
365 Days Free Update
Instant Download After Purchase
24x7 Customer Support
Average 99.9% Success Rate
More than 800,000 Satisfied Customers Worldwide
Multi-Platform capabilities - Windows, Mac, Android, iPhone, iPod, iPad, Kindle

We provide exam PDF and VCE of Cisco, Microsoft, IBM, CompTIA, Oracle and other IT Certifications.
You can view Vendor list of All Certification Exams offered:

https://www.pass4lead.com/allproducts

Need Help
Please provide as much detail as possible so we can best assist you.
To update a previously submitted ticket:

Any charges made through this site will appear as Global Simulators Limited.
All trademarks are the property of their respective owners.
Copyright © pass4lead, All Rights Reserved.

300-206 VCE Dumps | 300-206 Exam Questions | 300-206 Braindumps 16 / 16

Powered by TCPDF (www.tcpdf.org)