[PDF&VCE] Lead2pass New Updated 300-206 Braindump Free Get (21-40)
2016 October Cisco Official New Released 300-206 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! Are you worrying about the 300-206 exam? Lead2pass provides the latest 300-206 braindumps and guarantees you passing 300-206 exam beyond any doubt.
Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/300-206.html 2 1 QUESTION 21 Which technology provides forwarding-plane abstraction to support Layer 2 to Layer 7 network services in Cisco Nexus 1000V? A. Virtual Service Node B. Virtual Service Gateway C. Virtual Service Data Path D. Virtual Service Agent Answer: C QUESTION 22 To which interface on a Cisco ASA 1000V firewall should a security profile be applied when a VM sits behind it? A. outside B. inside C. management D. DMZ Answer: B QUESTION 23 You are configuring a Cisco IOS Firewall on a WAN router that is operating as a Trusted Relay Point (TRP) in a voice network. Which feature must you configure to open data- channel pinholes for voice packets that are sourced from a TRP within the WAN? A. CAC B. ACL C. CBAC D. STUN Answer: D QUESTION 24 If you encounter problems logging in to the Cisco Security Manager 4.4 web server or client or backing up its databases, which account has most likely been improperly modified? A. admin (the default administrator account) B. casuser (the default service account) C. guest (the default guest account) D. user (the default user account) Answer: B QUESTION 25 Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance? A. a DES or 3DES license B. a NAT policy server C. a SQL database D. a Kerberos key E. a digital certificate Answer: A QUESTION 26 Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525? A. A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in the global inspection policy B. A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy C. An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect option D. A class-map that matches port 2525 and applying it on an access-list using the inspect option Answer: A QUESTION 27 A network administrator is creating an ASA-CX administrative user account with the following parameters: - The user will be responsible for configuring security policies on network devices. - The user needs read-write access to policies. - The account has no more rights than necessary for the job. What role will be assigned to the user? A. Administrator B. Security administrator C. System administrator D. Root Administrator E. Exec administrator Answer: B QUESTION 28 Which tool provides the necessary information to determine hardware lifecycle and compliance details for deployed network devices? A. Prime Infrastructure B. Prime Assurance C. Prime Network Registrar D. Prime Network Analysis Module Answer: A QUESTION 29 Which three compliance and audit report types are available in Cisco Prime Infrastructure? (Choose three.) A. Service B. Change Audit C. Vendor Advisory D. TAC Service Request E. Validated Design F. Smart Business Architecture Answer: ABC QUESTION 30 Which statement about the Cisco ASA botnet traffic filter is true? A. The four threat levels are low, moderate, high, and very high. B. By default, the dynamic-filter drop blacklist interface outside command drops traffic with a threat level of high or very high. C. Static blacklist entries always have a very high threat level. D. A static or dynamic blacklist entry always takes precedence over the static whitelist entry. Answer: C QUESTION 31 Where in the Cisco ASA appliance CLI are Active/Active Failover configuration parameters configured? A. admin context B. customer context C. system execution space D. within the system execution space and admin context E. within each customer context and admin context Answer: C QUESTION 32 Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols? A. network B. ICMP C. protocol D. TCP-UDP E. service Answer: E QUESTION 33 Which Cisco ASA show command groups the xlates and connections information together in its output? A. show conn B. show conn detail C. show xlate D. show asp E. show local-host Answer: E QUESTION 34 When a Cisco ASA is configured in multiple context mode, within which configuration are the interfaces allocated to the security contexts? A. each security context B. system configuration C. admin context (context with the "admin" role) D. context startup configuration file (.cfg file) Answer: B QUESTION 35 When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified? A. The nameif configuration on the member physical interfaces are identical. B. The MAC address configuration on the member physical interfaces are identical. C. The active interface is sending periodic hellos to the standby interface. D. The IP address configuration on the logical redundant interface is correct. E. The duplex and speed configuration on the logical redundant interface are correct. Answer: D QUESTION 36 On the Cisco ASA, where are the Layer 5-7 policy maps applied? A. inside the Layer 3-4 policy map B. inside the Layer 3-4 class map C. inside the Layer 5-7 class map D. inside the Layer 3-4 service policy E. inside the Layer 5-7 service policy Answer: A QUESTION 37 A Cisco ASA requires an additional feature license to enable which feature? A. transparent firewall B. cut-thru proxy C. threat detection D. botnet traffic filtering E. TCP normalizer Answer: D QUESTION 38 Which four are IPv6 First Hop Security technologies? (Choose four.) A. Send B. Dynamic ARP Inspection C. Router Advertisement Guard D. Neighbor Discovery Inspection E. Traffic Storm Control F. Port Security G. DHCPv6 Guard Answer: ACDG QUESTION 39 IPv6 addresses in an organization's network are assigned using Stateless Address Autoconfiguration. What is a security concern of using SLAAC for IPv6 address assignment? A. Man-In-The-Middle attacks or traffic interception using spoofed IPv6 Router Advertisements B. Smurf or amplification attacks using spoofed IPv6 ICMP Neighbor Solicitations C. Denial of service attacks using TCP SYN floods D. Denial of Service attacks using spoofed IPv6 Router Solicitations Answer: A QUESTION 40 Which two parameters must be configured before you enable SCP on a router? (Choose two.) A. SSH B. authorization C. ACLs D. NTP E. TACACS+ Answer: AB
Lead2pass offers the latest 300-206 PDF and VCE dumps with new version VCE player for free download, and the new 300-206 dump ensures your exam 100% pass.
300-206 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDWFY3cWxuWnJKQ28 2016 Cisco 300-206 exam dumps (All 223 Q&As) from Lead2pass: http://www.lead2pass.com/300-206.html 2 1 [100% Exam Pass Guaranteed]
|