This page was exported from Lead2pass New Updated Exam Questions [ https://www.getfreevce.com ] Export date:Sun Dec 22 12:46:18 2024 / +0000 GMT ___________________________________________________ Title: [2017 New] Pass 300-206 Exam By Training Lead2pass New VCE And PDF Dumps (51-75) --------------------------------------------------- 2017 July Cisco Official New Released 300-206 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Lead2pass updates Cisco 300-206 exam questions, adds some new changed questions from Cisco Official Exam Center. Want to know 2017 300-206 exam test points? Download the following free Lead2pass latest exam questions today! Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-206.html QUESTION 51Which three configurations are needed to enable SNMPv3 support on the Cisco ASA? (Choose three.) A.    SNMPv3 Local EngineIDB.    SNMPv3 Remote EngineIDC.    SNMP UsersD.    SNMP GroupsE.    SNMP Community StringsF.    SNMP HostsAnswer: CDF QUESTION 52Which two configurations are the minimum needed to enable EIGRP on the Cisco ASA appliance? (Choose two.) A.    Enable the EIGRP routing process and specify the AS number.B.    Define the EIGRP default-metric.C.    Configure the EIGRP router ID.D.    Use the neighbor command(s) to specify the EIGRP neighbors.E.    Use the network command(s) to enable EIGRP on the Cisco ASA interface(s). Answer: AE QUESTION 53All 30 users on a single floor of a building are complaining about network slowness. After investigating the access switch, the network administrator notices that the MAC address table is full (10,000 entries) and all traffic is being flooded out of every port. Which action can the administrator take to prevent this from occurring? A.    Configure port-security to limit the number of mac-addresses allowed on each portB.    Upgrade the switch to one that can handle 20,000 entriesC.    Configure private-vlans to prevent hosts from communicating with one anotherD.    Enable storm-control to limit the traffic rateE.    Configure a VACL to block all IP traffic except traffic to and from that subnet Answer: A QUESTION 54A network printer has a DHCP server service that cannot be disabled. How can a layer 2 switch be configured to prevent the printer from causing network issues? A.    Remove the ip helper-addressB.    Configure a Port-ACL to block outbound TCP port 68C.    Configure DHCP snoopingD.    Configure port-security Answer: C QUESTION 55A switch is being configured at a new location that uses statically assigned IP addresses. Which will ensure that ARP inspection works as expected? A.    Configure the 'no-dhcp' keyword at the end of the ip arp inspection commandB.    Enable static arp inspection using the command 'ip arp inspection static vlan vlan- numberC.    Configure an arp access-list and apply it to the ip arp inspection commandD.    Enable port security Answer: C QUESTION 56Which two voice protocols can the Cisco ASA inspect? (Choose two.) A.    MGCPB.    IAXC.    SkypeD.    CTIQBE Answer: AD QUESTION 57You have explicitly added the line deny ipv6 any log to the end of an IPv6 ACL on a router interface. Which two ICMPv6 packet types must you explicitly allow to enable traffic to traverse the interface? (Choose two.) A.    router solicitationB.    router advertisementC.    neighbor solicitationD.    neighbor advertisementE.    redirect Answer: CD QUESTION 58Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP? A.    MACsecB.    Flex VPNC.    Control Plane ProtectionD.    Dynamic Arp Inspection Answer: A QUESTION 59Which log level provides the most detail on the Cisco Web Security Appliance? A.    DebugB.    CriticalC.    TraceD.    Informational Answer: C QUESTION 60What is the lowest combination of ASA model and license providing 1 Gigabit Ethernet interfaces? A.    ASA 5505 with failover license optionB.    ASA 5510 Security+ license optionC.    ASA 5520 with any license optionD.    ASA 5540 with AnyConnect Essentials License option Answer: B QUESTION 61Which URL matches the regex statement "http"*/"www.cisco.com/"*[^E]"xe"? A.    https://www.cisco.com/ftp/ios/tftpserver.exeB.    https://cisco.com/ftp/ios/tftpserver.exeC.    http:/www.cisco.com/ftp/ios/tftpserver.ExeD.    https:/www.cisco.com/ftp/ios/tftpserver.EXE Answer: A QUESTION 62Which two statements about Cisco IOS Firewall are true? (Choose two.) A.    It provides stateful packet inspection.B.    It provides faster processing of packets than Cisco ASA devices provide.C.    It provides protocol-conformance checks against traffic.D.    It eliminates the need to secure routers and switches throughout the network.E.    It eliminates the need to secure host machines throughout the network. Answer: AC QUESTION 63Which two VPN types can you monitor and control with Cisco Prime Security Manager? (Choose two.) A.    AnyConnect SSLB.    site-to-siteC.    clientless SSLD.    IPsec remote-access Answer: ADExplanation: http://www.cisco.com/c/en/us/td/docs/security/asacx/9-1/user/guide/b_User_Guide_for_ASA_CX_and_PRSM_9_1.pdf QUESTION 64What are three attributes that can be applied to a user account with RBAC? (Choose three.) A.    domainB.    passwordC.    ACE tagD.    user rolesE.    VDC group tagF.    expiry date Answer: BDF QUESTION 65Which command is used to nest objects in a pre-existing group? A.    object-groupB.    network group-objectC.    object-group networkD.    group-object Answer: D QUESTION 66Which threat-detection feature is used to keep track of suspected attackers who create connections to too many hosts or ports? A.    complex threat detectionB.    scanning threat detectionC.    basic threat detectionD.    advanced threat detection Answer: B QUESTION 67What is the default behavior of an access list on the Cisco ASA security appliance? A.    It will permit or deny traffic based on the access-list criteria.B.    It will permit or deny all traffic on a specified interface.C.    An access group must be configured before the access list will take effect for traffic control.D.    It will allow all traffic. Answer: C QUESTION 68What is the default behavior of NAT control on Cisco ASA Software Version 8.3? A.    NAT control has been deprecated on Cisco ASA Software Version 8.3.B.    It will prevent traffic from traversing from one enclave to the next without proper access configuration.C.    It will allow traffic to traverse from one enclave to the next without proper access configuration.D.    It will deny all traffic. Answer: A QUESTION 69Which three options are hardening techniques for Cisco IOS routers? (Choose three.) A.    limiting access to infrastructure with access control listsB.    enabling service password recoveryC.    using SSH whenever possibleD.    encrypting the service passwordE.    using Telnet whenever possibleF.    enabling DHCP snooping Answer: ACD QUESTION 70What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS sessions and HTTPS access? A.    sslconfigB.    sslciphersC.    tlsconifgD.    certconfig Answer: A QUESTION 71What is the CLI command to enable SNMPv3 on the Cisco Web Security Appliance? A.    snmpconfigB.    snmpenableC.    configsnmpD.    enablesnmp Answer: A QUESTION 72The Cisco Email Security Appliance can be managed with both local and external users of different privilege levels. What three external modes of authentication are supported? (Choose three.) A.    LDAP authenticationB.    RADIUS AuthenticationC.    TACASD.    SSH host keysE.    Common Access Card AuthenticationF.    RSA Single use tokens Answer: ABD QUESTION 73When a Cisco ASA is configured in multicontext mode, which command is used to change between contexts? A.    changeto config contextB.    changeto contextC.    changeto/config context changeD.    changeto/config context 2 Answer: B QUESTION 74Which statement about the Cisco Security Manager 4.4 NAT Rediscovery feature is true? A.    It provides NAT policies to existing clients that connect from a new switch port.B.    It can update shared policies even when the NAT server is offline.C.    It enables NAT policy discovery as it updates shared polices.D.    It enables NAT policy rediscovery while leaving existing shared polices unchanged. Answer: D QUESTION 75When you install a Cisco ASA AIP-SSM, which statement about the main Cisco ASDM home page is true? A.    It is replaced by the Cisco AIP-SSM home page.B.    It must reconnect to the NAT policies database.C.    The administrator can manually update the page.D.    It displays a new Intrusion Prevention panel. Answer: D Lead2pass promise that all 300-206 exam questions are the latest updated, we aim to provide latest and guaranteed questions for all certifications. You just need to be braved in trying then we will help you arrange all later things! 100% pass all exams you want or full money back! Do you want to have a try on passing 300-206? 300-206 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDQ3hFS2lmMTdVb3c 2017 Cisco 300-206 exam dumps (All 251 Q&As) from Lead2pass: https://www.lead2pass.com/300-206.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-07-11 09:10:23 Post date GMT: 2017-07-11 09:10:23 Post modified date: 2017-07-11 09:10:23 Post modified date GMT: 2017-07-11 09:10:23 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com