This page was exported from Lead2pass New Updated Exam Questions [ https://www.getfreevce.com ] Export date:Sun Dec 22 12:42:21 2024 / +0000 GMT ___________________________________________________ Title: [2017 New] Pass 300-206 Exam By Training Lead2pass New VCE And PDF Dumps (26-50) --------------------------------------------------- 2017 July Cisco Official New Released 300-206 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Lead2pass 300-206 latest updated braindumps including all new added 300-206 exam questions from exam center which guarantees you can 100% success 300-206 exam in your first try! Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-206.html QUESTION 26Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525? A.    A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in the global inspection policyB.    A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policyC.    An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect optionD.    A class-map that matches port 2525 and applying it on an access-list using the inspect optionAnswer: A QUESTION 27A network administrator is creating an ASA-CX administrative user account with the following parameters: - The user will be responsible for configuring security policies on network devices.- The user needs read-write access to policies.- The account has no more rights than necessary for the job. What role will be assigned to the user? A.    AdministratorB.    Security administratorC.    System administratorD.    Root AdministratorE.    Exec administrator Answer: B QUESTION 28Which tool provides the necessary information to determine hardware lifecycle and compliance details for deployed network devices? A.    Prime InfrastructureB.    Prime AssuranceC.    Prime Network RegistrarD.    Prime Network Analysis Module Answer: A QUESTION 29Which three compliance and audit report types are available in Cisco Prime Infrastructure? (Choose three.) A.    ServiceB.    Change AuditC.    Vendor AdvisoryD.    TAC Service RequestE.    Validated DesignF.    Smart Business Architecture Answer: ABC QUESTION 30Which statement about the Cisco ASA botnet traffic filter is true? A.    The four threat levels are low, moderate, high, and very high.B.    By default, the dynamic-filter drop blacklist interface outside command drops traffic with a threat level of high or very high.C.    Static blacklist entries always have a very high threat level.D.    A static or dynamic blacklist entry always takes precedence over the static whitelist entry. Answer: C QUESTION 31Where in the Cisco ASA appliance CLI are Active/Active Failover configuration parameters configured? A.    admin contextB.    customer contextC.    system execution spaceD.    within the system execution space and admin contextE.    within each customer context and admin context Answer: C QUESTION 32Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols? A.    networkB.    ICMPC.    protocolD.    TCP-UDPE.    service Answer: E QUESTION 33Which Cisco ASA show command groups the xlates and connections information together in its output? A.    show connB.    show conn detailC.    show xlateD.    show aspE.    show local-host Answer: E QUESTION 34When a Cisco ASA is configured in multiple context mode, within which configuration are the interfaces allocated to the security contexts? A.    each security contextB.    system configurationC.    admin context (context with the "admin" role)D.    context startup configuration file (.cfg file) Answer: B QUESTION 35When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified? A.    The nameif configuration on the member physical interfaces are identical.B.    The MAC address configuration on the member physical interfaces are identical.C.    The active interface is sending periodic hellos to the standby interface.D.    The IP address configuration on the logical redundant interface is correct.E.    The duplex and speed configuration on the logical redundant interface are correct. Answer: D QUESTION 36On the Cisco ASA, where are the Layer 5-7 policy maps applied? A.    inside the Layer 3-4 policy mapB.    inside the Layer 3-4 class mapC.    inside the Layer 5-7 class mapD.    inside the Layer 3-4 service policyE.    inside the Layer 5-7 service policy Answer: A QUESTION 37A Cisco ASA requires an additional feature license to enable which feature? A.    transparent firewallB.    cut-thru proxyC.    threat detectionD.    botnet traffic filteringE.    TCP normalizer Answer: D QUESTION 38Which four are IPv6 First Hop Security technologies? (Choose four.) A.    SendB.    Dynamic ARP InspectionC.    Router Advertisement GuardD.    Neighbor Discovery InspectionE.    Traffic Storm ControlF.    Port SecurityG.    DHCPv6 Guard Answer: ACDG QUESTION 39IPv6 addresses in an organization's network are assigned using Stateless AddressAutoconfiguration. What is a security concern of using SLAAC for IPv6 address assignment? A.    Man-In-The-Middle attacks or traffic interception using spoofed IPv6 Router AdvertisementsB.    Smurf or amplification attacks using spoofed IPv6 ICMP Neighbor SolicitationsC.    Denial of service attacks using TCP SYN floodsD.    Denial of Service attacks using spoofed IPv6 Router Solicitations Answer: A QUESTION 40Which two parameters must be configured before you enable SCP on a router? (Choose two.) A.    SSHB.    authorizationC.    ACLsD.    NTPE.    TACACS+ Answer: AB QUESTION 41A network engineer is troubleshooting and configures the ASA logging level to debugging.The logging-buffer is dominated by %ASA-6-305009 log messages. Which command suppresses those syslog messages while maintaining ability to troubleshoot? A.    no logging buffered 305009B.    message 305009 disableC.    no message 305009 loggingD.    no logging message 305009 Answer: D QUESTION 42Which option describes the purpose of the input parameter when you use the packet-tracer command on a Cisco device? A.    to provide detailed packet-trace informationB.    to specify the source interface for the packet traceC.    to display the trace capture in XML formatD.    to specify the protocol type for the packet trace Answer: B QUESTION 43Which two options are two purposes of the packet-tracer command? (Choose two.) A.    to filter and monitor ingress traffic to a switchB.    to configure an interface-specific packet traceC.    to inject virtual packets into the data pathD.    to debug packet drops in a production networkE.    to correct dropped packets in a production network Answer: CD QUESTION 44Which set of commands enables logging and displays the log buffer on a Cisco ASA? A.    enable loggingshow loggingB.    logging enableshow loggingC.    enable logging int e0/1view loggingD.    logging enablelogging view config Answer: B QUESTION 45By default, not all services in the default inspection class are inspected. Which Cisco ASA CLI command do you use to determine which inspect actions are applied to the default inspection class? A.    show policy-map global_policyB.    show policy-map inspection_defaultC.    show class-map inspection_defaultD.    show class-map default-inspection-trafficE.    show service-policy global Answer: E QUESTION 46Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.) A.    logging list test message 711001B.    logging debug-traceC.    logging trap debuggingD.    logging message 711001 level 7E.    logging trap test Answer: ABE QUESTION 47Which five options are valid logging destinations for the Cisco ASA? (Choose five.) A.    AAA serverB.    Cisco ASDMC.    bufferD.    SNMP trapsE.    LDAP serverF.    emailG.    TCP-based secure syslog server Answer: BCDFG QUESTION 48When configuring security contexts on the Cisco ASA, which three resource class limits can be set using a rate limit? (Choose three.) A.    address translation rateB.    Cisco ASDM session rateC.    connections rateD.    MAC-address learning rate (when in transparent mode)E.    syslog messages rateF.    stateful packet inspections rate Answer: CEF QUESTION 49The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three Cisco ASA options will not support these requirements? (Choose three.) A.    transparent modeB.    multiple context modeC.    active/standby failover modeD.    active/active failover modeE.    routed modeF.    no NAT-control Answer: ABD QUESTION 50Which command displays syslog messages on the Cisco ASA console as they occur? A.    Console logging <level>B.    Logging console <level>C.    Logging trap <level>D.    Terminal monitorE.    Logging monitor <level> Answer: B Lead2pass regular updates of Cisco 300-206 dumps, with accurate answers, keeps the members one step ahead in the real 300-206 exam. The experts with more than 10 years experience in Certification Field work with us. 300-206 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDQ3hFS2lmMTdVb3c 2017 Cisco 300-206 exam dumps (All 251 Q&As) from Lead2pass: https://www.lead2pass.com/300-206.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-07-11 07:56:34 Post date GMT: 2017-07-11 07:56:34 Post modified date: 2017-07-11 07:56:34 Post modified date GMT: 2017-07-11 07:56:34 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com