02 March, 2020

Implementing Cisco Edge Network Security Solutions 300-206 Courses

Exam Code: 300-206 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Edge Network Security Solutions
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300-206 Exam.

Check 300-206 free dumps before getting the full version:

Page: 1 / 34

Total 411 questions Full Exam Access

Question 1

An administrator is deploying port-security to restrict traffic from certain ports to specific MAC
addresses. Which two considerations must an administrator take into account when using the switchport port-security macaddress sticky command? (Choose two.)

The configuration will be updated with MAC addresses from traffic seen ingressing the port.The configuration will automatically be saved to NVRAM if no other changes to the configuration have been made.

The configuration will be updated with MAC addresses from traffic seen ingressing the por

The configuration will not automatically be saved to NVRAM.

Only MAC addresses with the 5th most significant bit of the address (the \'sticky\' bit) set to 1 will be learned.

If configured on a trunk port without the \'vlan\' keyword, it will apply to all vlans.

If configured on a trunk port without the \'vlan\' keyword, it will apply only to the native vlan.

Question 2

Which Cisco switch technology prevents traffic on a LAN from being disrupted by a broadcast,
multicast, or unicast flood on a port?

port security

storm control

dynamic ARP inspection

BPDU guard

root guard

dot1x

Question 3

Refer to the exhibit.
300-206 dumps exhibit

To protect Host A and Host B from communicating with each other, which type of PVLAN port should be used for each host?

Host A on a promiscuous port and Host B on a community port

Host A on a community port and Host B on a promiscuous port

Host A on an isolated port and Host B on a promiscuous port

Host A on a promiscuous port and Host B on a promiscuous port

Host A on an isolated port and host B on an isolated port

Host A on a community port and Host B on a community port

Question 4

An administrator installed a Cisco ASA that runs version 9.1. You are asked to configure the firewall
through Cisco ASDM.
When you attempt to connect to a Cisco ASA with a default configuration, which username and password grants you full access?

admin / admin

asaAdmin / (no password)

It is not possible to use Cisco ASDM until a username and password are created via the usernameusernamepassword password CLI command.

enable_15 / (no password)

cisco / cisco

Question 5

Which type of object group will allow configuration for both TCP 80 and TCP 443?

service

network

time range

user group

Question 6

Which three options are default settings for NTP parameters on a Cisco ASA? (Choose three.)

NTP authentication is enabled.

NTP authentication is disabled.

NTP logging is enabled.

NTP logging is disabled.

NTP traffic is not restricted.

NTP traffic is restricted.

Question 7

DRAG DROP
Drag and drop the Cisco Prime Security Manager available reports on the left onto the correct report examples on the right.
300-206 dumps exhibit

Solution:
300-206 dumps exhibit

Does this meet the goal?

Yes

Question 8

When access rule properties are configured within ASDM, which traffic direction type is required by
global and management access rule?

Any

Both in and out

Out

Question 9

Which command configures the SNMP server group1 to enable authentication for members of the
access list east?

snmp-server group group1 v3 auth access east

snmp-server group1 v3 auth access east

snmp-server group group1 v3 east

snmp-server group1 v3 east access

Question 10

An engineer is using Cisco Security Manager and is using default ports configuration. What port must
be open to connect the Cisco Security Manager Client to an ASA?

443

Question 11

Which two SNMPv3 features ensure that SNMP packets have been sent securely?" Choose two.

host authorization

authentication

encryption

compression

Question 12

Which command change secure HTTP port from 443 to 444?

IP http secure-port 444

IP http secure-server

http server enable 444

IP http server-secure

Question 13

How much storage is allotted to maintain system, configuration, and image files on the Cisco ASA 1000V during OVF template file deployment?

1GB

5GB

2GB

10GB

Question 14

When a Cisco ASA is configured in multicontext mode, which command is used to change between
contexts?

changeto config context

changeto context

changeto/config context change

changeto/config context 2

Question 15

What is the default behavior of an access list on a Cisco ASA?

It will permit or deny traffic based on the access list criteria.

It will permit or deny all traffic on a specified interface.

It will have no affect until applied to an interface, tunnel-group or other traffic flow.

It will allow all traffic.

Question 16

A switch is being configured at a new location that uses statically assigned IP addresses. Which will
ensure that ARP inspection works as expected?

Configure the \'no-dhcp\' keyword at the end of the ip arp inspection command

Enable static arp inspection using the command \'ip arp inspection static vlan vlan- number

Configure an arp access-list and apply it to the ip arp inspection command

Enable port security

Question 17

To which port does a firewall send secure logging messages?

TCP/1500

UDP/1500

TCP/500

UDP/500

Question 18

In the default global policy, which traffic is matched for inspections by default?

match any

match default-inspection-traffic

match access-list

match port

match class-default

Question 19

Which URL downloads a copy of packet-capture named "security" residing on a Cisco ASA adaptive security appliance with IP 10.10.100.11?

https://10.10.10.11/security .pcap/download

https://10.10.10.11/asa/security/pcap

https://10.10.10.11/capture/security.pcap

https://10.10.10.11/capture/security/pcap

Question 20

Refer to the exhibit.
300-206 dumps exhibit

What traffic is being captured by the Cisco ASA adaptive security appliance?

UDP traffic sourced from host 10.10.0.12 on port 80

TCP traffic destined to host 10.10.0.12 on port 80

TCP traffic sourced from host 10.10.0.12 on port 80

UDP traffic destined to host 10.10.0.12 on port 80

Question 21

Which statement about traffic storm control behavior is true?

Traffic storm control cannot determine if the packet is unicast or broadcast.

If you enable broadcast and multicast traffic storm control and the combined broadcast and multicast traffic exceeds the level within a 1 second traffic storm interval, storm control drops all broadcast and multicast traffic until the end of the storm interval

Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet isunicast or broadcast.

Traffic storm control monitors incoming traffic levels over a 10 second traffic storm control interval

Question 22

In which way are management packets classified on a firewall that operates in multiple context
mode?

by their interface IP address

by the routing table

by NAT

by their MAC addresses

Question 23

Which two statements about zone-based firewalls are true? (Choose two.)

More than one interface can be assigned to the same zone.

Only one interface can be in a given zone.

An interface can only be in one zone.

An interface can be a member of multiple zones.

Every device interface must be a member of a zone.

Question 24

What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS sessions
and HTTPS access?

sslconfig

sslciphers

tlsconifg

certconfig

Question 25

You have explicitly added the line deny ipv6 any log to the end of an IPv6 ACL on a router interface. Which two ICMPv6 packet types must you explicitly allow to enable traffic to traverse the interface? (Choose two.)

router solicitation

router advertisement

neighbor solicitation

neighbor advertisement

redirect

Question 26

Which cloud characteristic is used to describes the sharing of physical resource between various entities ?

Elasticity

Ubiquitous access

Multitenancy

Resiliency

Question 27

Best practices for hardening of management plane have been implemented on an ASA (or IOS router). Which protocols will be affected?

BGP

ICMP

ARP

HTTP

Question 28

Which utility can you use to troubleshoot and determine the timeline of packet changes in a data path within a Cisco firewall?

packet tracer

ping

traceroute

SNMP walk

Question 29

An engineer is trying to configure Dynamic ARP Inspection. Which feature must be enabled first?

DHCP snooping

Cisco Discovery Protocol

port security

IP Source Guard

Page: 1 / 34

Total 411 questions Full Exam Access