Professional Documents
Culture Documents
html
2019 Latest pass4lead 300-206 PDF and VCE dumps Download
300-206Q&As
Implementing Cisco Edge Network Security Solutions
Free Download Real Questions & Answers PDF and VCE file from:
https://www.pass4lead.com/300-206.html
QUESTION 1
What are two security features at the access port level that can help mitigate Layer 2 attacks? (Choose two.)
A. DHCP snooping
B. IP Source Guard
C. Telnet
D. Secure Shell
E. SNMP
Correct Answer: AB
QUESTION 2
When will a Cisco ASA that is operating in transparent firewall mode perform a routing table lookup instead of a MAC
address table lookup to determine the outgoing interface of a packet?
C. if the destination is more than a hop away from the Cisco ASA
D. if NAT is configured
Correct Answer: D
QUESTION 3
Which two types of addresses can be blocked with BRF on the ASA? (Choose two)
A. instant messaging
B. ads
C. P2P
D. spyware
E. Games
Correct Answer: BD
Botnets are a collection of malicious software or "bots" covertly installed on endpoints and controlled by another entity
through a communications channel such as IRC, peer-to-peer (P2P), or HTTP. The dynamic database includes the
Ads - These are advertising networks that deliver banner ads, interstitials, rich media ads, pop- ups, and pop-unders for
websites, spyware and adware. Some of these networks send ad- oriented HTML emails and email verification
services.
Data Tracking - These are sources associated with companies and websites that offer data tracking and metrics
services to websites and other online entities. Some of these also run small advertising networks. Spyware - These are
sources
that distribute spyware, adware, greyware, and other potentially unwanted advertising software. Some of these also run
exploits to install such software. Malware - These are sources that use various exploits to deliver adware, spyware and
other malware to victim computers. Some of these are associated with rogue online vendors and distributors of dialers
which deceptively call premium-rate phone numbers.
Adult - These are sources associated with adult networks/services offering web hosting for adult content, advertising,
content aggregation, registration and billing, and age verification. These may be tied to distribution of adware, spyware,
and
dialers.
Bot and Threat Networks - These are rogue systems that control infected computers. They are either systems hosted on
threat networks or systems that are part of the botnet itself.
QUESTION 4
Refer to the exhibit. Which statement about the policy map named test is true?
C. both HTTP and FTP inspections will be applied to the TCP port 21 traffic.
D. No inspection will be applied to the TCP port 21 traffic, because the http class map configuration conflicts with the ftp
class map.
E. All FTP traffic will be denied, because the FTP traffic will fail the HTTP inspection.
Correct Answer: B
QUESTION 5
About User identity with domain (there is a screen), if user is not in domain, what identity will be?
A. local
B. default
Correct Answer: A
The default domain is used for all users and user groups when a domain has not been explicitly configured for those
users or groups. When a default domain is not specified, the default domain for users and groups is LOCAL.
Additionally, the
Identity Firewall uses the LOCAL domain for all locally defined user groups or locally defined users (users who log in
and authenticate by using a VPN or web portal).
QUESTION 6
Which statement about SNMP support on the Cisco ASA appliance is true?
C. The Cisco ASA appliance supports three built-in SNMPv3 groups in Cisco ASDM: Authentication and Encryption,
Authentication Only, and No Authentication, No Encryption.
D. The Cisco ASA appliance can send SNMP traps to the network management station only using SNMPv2.
Correct Answer: C
QUESTION 7
Within Cisco Prime Infrastructure, which configuration Archive task will allow you to specify when to copy the running
configuration to the startup configuration?
A. Schedule Deploy
B. Schedule Overwrite
C. Schedule Archive
D. Schedule Rollback
Correct Answer: B
QUESTION 8
A web server has been configured to operate on port 1521. The web server traffic is passing through an ASA with
default application inspection configured. Which application inspection affects the web server traffic?
A. HTTP
B. MSCP
C. HTTPS
D. SQL *Net
Correct Answer: D
QUESTION 9
Which three tasks are required when configuring secure SSH access on O Cisco ASA 5500 Series? (Choose three)
QUESTION 10
According to Cisco best practices, which two interface configuration commands help prevent VLAN hopping attacks?
(Choose two.)
F. switchport protected
Correct Answer: AB
QUESTION 11
Which two statements about Cisco IDS are true? (Choose two.)
B. It is used for installations that require strong network-based protection and that include sensor tuning.
D. It is used to monitor critical systems and to avoid false positives that block traffic.
Correct Answer: AD
QUESTION 12
Which product can centrally manage a VPN policy that can be deployed to multiple firewalls?
Correct Answer: C
QUESTION 13
Best practices for hardening of management plane have been implemented on an ASA (or IOS router). Which protocols
will be affected?
A. BGP
B. ICMP
C. ARP
Correct Answer: B
I chose ICMP as its used in the management plane for monitoring etc. It could have been BGP but BGP runs in the
control plane and the question specifically mentioned management plane.
QUESTION 14
A. Key ID
B. IPsec
C. AAA
D. IKEv2
Correct Answer: A
QUESTION 15
Which Cisco ASA command authenticates the Cisco ASDM client that accesses the security appliance using HTTPS
with local user database?
Correct Answer: A
QUESTION 16
Which Cisco ASA feature is implemented by the ip verify reverse-path interface interface_name command?
A. uRPF
B. TCP intercept
Correct Answer: A
There is only strict uRPF in ASA (source network must be routable via input interface). There is no default option in ASA
implementation.
QUESTION 17
C. It will have no affect until applied to an interface, tunnel-group or other traffic flow.
Correct Answer: C
QUESTION 18
An engineer is configuring MACsec encryption. Which two components does Cisco TrustSec NDAC MACsec support?
(Choose two.)
B. switch-to-switch connection
C. switch-to-host connection
D. host-facing links
Correct Answer: BE
QUESTION 19
What is the primary purpose of stateful pattern recognition in Cisco IPS networks?
B. using multipacket inspection across all protocols to identify vulnerability-based attacks and to thwart attacks that hide
within a data stream
Correct Answer: B
QUESTION 20
Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance?
C. a SQL database
D. a Kerberos key
E. a digital certificate
Correct Answer: A
QUESTION 21
When a Cisco ASA is configured in multiple context mode, within which configuration are the interfaces allocated to the
security contexts?
B. system configuration
Correct Answer: B
QUESTION 22
Which two commands can be used to create a Cisco Unified ACL within the ASA CLI? (Choose two.)
A. ipv6 access-list
B. object-group network
D. access-list extended
Correct Answer: BD
https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/acl_extended.pdf
QUESTION 23
Which two mandatory policies are needed to support a regular IPsec VPN in a Cisco Security Manager environment?
(Choose two.)
A. GRE modes
B. IKE proposal
C. group encryption
Correct Answer: BC
QUESTION 24
Your company is replacing a high-availability pair of Cisco ASA 5550 firewalls with the newer Cisco ASA 5555-X
models. Due to budget constraints, one Cisco ASA 5550 will be replaced at a time. Which statement about the minimum
requirements to set up stateful failover between these two firewalls is true?
A. You must install the USB failover cable between the two Cisco ASAs and provide a 1 Gigabit Ethernet interface for
state exchange.
C. You must have at least 1 Gigabit Ethernet interface between the two Cisco ASAs for state exchange.
D. You must use two dedicated interfaces. One link is dedicated to state exchange and the other link is for heartbeats.
Correct Answer: B
QUESTION 25
An administrator installed a Cisco ASA that runs version 9.1. You are asked to configure the firewall through Cisco
ASDM.
When you attempt to connect to a Cisco ASA with a default configuration, which username and password grants you full
access?
A. admin / admin
C. It is not possible to use Cisco ASDM until a username and password are created via the username
usernamepassword password CLI command.
E. cisco / cisco
Correct Answer: D
QUESTION 26
A. PortFast
B. BPDU guard
D. storm control
Correct Answer: D
QUESTION 27
Which option is the default logging buffer size In memory of the Cisco ASA adaptive security appliance?
A. 8KB
B. 32KB
C. 2KB
D. 16KB
E. 4KB
Correct Answer: E
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/monitor_syslog.h
tml
QUESTION 28
Choose correct statements about mixed ACLs and object groups? (Choose two)
A. You can mix IPv4 and IPv6 addresses in the same ACE
B. You can mix IPv4 and IPv6 entries in a network object group, but you cannot use a mixed object group for NAT
C. You cannot mix IPv4 and IPv6 addresses in the same ACL.
D. You cannot mix IPv4 and IPv6 addresses in the same ACE but you can mix IPv4 and IPv6 addresses in different
ACEs of common ACL.
Correct Answer: AB
QUESTION 29
Which of the following that Cisco engineer must secure a current monitoring environment? (Choose Two)
A. RSA-SIG
B. MD5
C. AES
D. 3DES
E. DES
Correct Answer: CD
QUESTION 30
When a traffic storm threshold occurs on a port, into which state can traffic storm control put the port?
A. Disabled
B. Err-disabled
C. Disconnected
D. Blocked
E. Connected
Correct Answer: B
QUESTION 31
Which type of authentication and encryption does SNMPv3 use at the authNoPriv sec rity level?
Correct Answer: F
QUESTION 32
When access rule properties are configured within ASDM, which traffic direction type is required by global and
management access rule?
A. Any
C. In
D. Out
Correct Answer: C
QUESTION 33
Which three configurations tasks do you perform to allow Not Flow on a Cisco ASA G500 Series firewall? (Choose
three)
QUESTION 34
Which configuration step is the first to enable PIM-SM on the Cisco ASA appliance?
E. Configure the Cisco ASA appliance to join the required multicast groups.
Correct Answer: D
QUESTION 35
Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security
device?
Correct Answer: B
QUESTION 36
Refer to the exhibit. Which statement about this access list is true?
D. This access list is not valid and does not work at all
Correct Answer: A
ASA 9.0(1) code introduced the Unified ACL for IPv4 and IPv6. ACLs now support IPv4 and IPv6 addresses. You can
even specify a mix of IPv4 and IPv6 addresses for the source and destination. The any keyword was changed to
represent IPv4 and IPv6 traffic. The any4 and any6 keywords were added to represent IPv4-only and IPv6-only traffic,
respectively. The IPv6-specific ACLs are deprecated. Existing IPv6 ACLs are migrated to extended ACLs.
QUESTION 37
What is the maximum jumbo frame size for IPS standalone appliances with 1G and 10G fixed or add-on interfaces?
A. 1024 bytes
B. 1518 bytes
C. 2156 bytes
D. 9216 bytes
Correct Answer: D
QUESTION 38
Correct Answer: DE
QUESTION 39
Which feature do you enable to restrict the interface on which mgmt traffic can be received by the routes on your
network?
A. MPP
C. AAA
Correct Answer: A
QUESTION 40
An engineer is using Cisco Security Manager and is using default ports configuration. What port must be open to
connect the Cisco Security Manager Client to an ASA?
A. 22
B. 23
C. 80
D. 443
Correct Answer: D
To Read the Whole Q&As, please purchase the Complete Version from Our website.
We provide exam PDF and VCE of Cisco, Microsoft, IBM, CompTIA, Oracle and other IT Certifications.
You can view Vendor list of All Certification Exams offered:
https://www.pass4lead.com/allproducts
Need Help
Please provide as much detail as possible so we can best assist you.
To update a previously submitted ticket:
Any charges made through this site will appear as Global Simulators Limited.
All trademarks are the property of their respective owners.
Copyright © pass4lead, All Rights Reserved.