300-206 Exam Questions - Online Test

300-206 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

Act now and download your Cisco cisco 300 206 test today! Do not waste time for the worthless Cisco 300 206 dumps tutorials. Download Regenerate Cisco Implementing Cisco Edge Network Security Solutions exam with real questions and answers and begin to learn Cisco 300 206 senss pdf with a classic professional.

Q21. An SNMP host is an IP address to which SNMP notifications and traps are sent. To configure SNMFV3 hosts, which option must you configure in addition to the target IP address? 

A. the Cisco ASA as a DHCP server, so the SNMFV3 host can obtain an IP address 

B. a username, because traps are only sent to a configured user 

C. SSH, so the user can connect to the Cisco ASA 

D. the Cisco ASA with a dedicated interface only for SNMP, to process the SNMP host traffic. 

Answer: B 

Explanation: The username can be seen here on the ASDM simulator screen shot: 

Q22. Where do you apply a control plane service policy to implement Management Plane Protection on a Cisco router? 

A. Control-plane interface management 0/0 

B. Control-plane service policy 

C. Control-plane router 

D. Control-plane host 

Answer: D 

Explanation: http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htsecmpp.html 

Q23. When you configure a Botnet Traffic Filter on a Cisco firewall, what are two optional tasks? (Choose two.) 

A. Enable the use of dynamic databases. 

B. Add static entries to the database. 

C. Enable DNS snooping. 

D. Enable traffic classification and actions. 

E. Block traffic manually based on its syslog information. 

Answer: B,E 

Q24. Which Layer 2 security feature validates ARP packets? 

A. DAI 

B. DHCP server 

C. BPDU guard 

D. BPDU filtering 

Answer: A 

Q25. Where on a firewall does an administrator assign interfaces to contexts? 

A. in the system execution space 

B. in the admin context 

C. in a user-defined context 

D. in the console 

Answer: A 

Q26. In your role as network security administrator, you have installed syslog server software on a server whose IP address is 10.10.2.40. According to the exhibits, why isn’t the syslog server receiving any syslog messages? 

A. Logging is not enabled globally on the Cisco ASA. 

B. The syslog server has failed. 

C. There have not been any events with a severity level of seven. 

D. The Cisco ASA is not configured to log messages to the syslog server at that IP address. 

Answer: B 

Explanation: By process of elimination, we know that the other answers choices are not correct so that only leaves us with the server must have failed. We can see from the following screen shots, that events are being generated with severity level of debugging and below, The 10.10.2.40 IP address has been configured as a syslog server, and that logging has been enabled globally: 

\\psf\Home\.Trash\Screen Shot 2015-06-11 at 8.38.59 PM.png 

Q27. At which firewall severity level will debugs appear on a Cisco ASA? 

A. 7 

B. 6 

C. 5 

D. 4 

Answer: A 

Q28. Which two parameters must be configured before you enable SCP on a router? (Choose two.) 

A. SSH 

B. authorization 

C. ACLs 

D. NTP 

E. TACACS+ 

Answer: A,B 

Q29. Which statement about the Cisco Security Manager 4.4 NAT Rediscovery feature is true? 

A. It provides NAT policies to existing clients that connect from a new switch port. 

B. It can update shared policies even when the NAT server is offline. 

C. It enables NAT policy discovery as it updates shared polices. 

D. It enables NAT policy rediscovery while leaving existing shared polices unchanged. 

Answer: D 

Q30. In which way are management packets classified on a firewall that operates in multiple context mode? 

A. by their interface IP address 

B. by the routing table 

C. by NAT 

D. by their MAC addresses 

Answer: A