This page was exported from Free Download Lead2pass VCE And PDF Dumps [ https://www.pass4sureshared.com ] Export date:Fri Mar 29 5:30:43 2024 / +0000 GMT ___________________________________________________ Title: [2017 New] Easily Pass 300-206 Exam By Training Lead2pass New Cisco VCE Dumps (76-100) --------------------------------------------------- 2017 July Cisco Official New Released 300-206 Dumps in Lead2pass.com! 100% Free Download! 100% Pass Guaranteed! The Cisco 300-206 exam is a very hard exam to successfully pass. Here you will find free Lead2pass Cisco practice sample exam test questions that will help you prepare in passing the 300-206 exam. Lead2pass Guarantees you 100% pass exam 300-206. Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-206.html QUESTION 76Which Cisco product provides a GUI-based device management tool to configure Cisco access routers? A.    Cisco ASDMB.    Cisco CP ExpressC.    Cisco ASA 5500D.    Cisco CP Answer: D QUESTION 77Which statement about Cisco IPS Manager Express is true? A.    It provides basic device management for large-scale deployments.B.    It provides a GUI for configuring IPS sensors and security modules.C.    It enables communication with Cisco ASA devices that have no administrative access.D.    It provides greater security than simple ACLs. Answer: B QUESTION 78Which three options describe how SNMPv3 traps can be securely configured to be sent by IOS? (Choose three.) A.    An SNMPv3 group is defined to configure the read and write views of the group.B.    An SNMPv3 user is assigned to SNMPv3 group and defines the encryption and authentication credentials.C.    An SNMPv3 host is configured to define where the SNMPv3 traps will be sent.D.    An SNMPv3 host is used to configure the encryption and authentication credentials for SNMPv3 traps.E.    An SNMPv3 view is defined to configure the address of where the traps will be sent.F.    An SNMPv3 group is used to configure the OIDs that will be reported. Answer: ABC QUESTION 79Cisco Security Manager can manage which three products? (Choose three.) A.    Cisco IOSB.    Cisco ASAC.    Cisco IPSD.    Cisco WLCE.    Cisco Web Security ApplianceF.    Cisco Email Security ApplianceG.    Cisco ASA CXH.    Cisco CRS Answer: ABC QUESTION 80When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled? A.    By enabling ARP inspection; however, it cannot be controlled by an ACLB.    By enabling ARP inspection or by configuring ACLsC.    By configuring ACLs; however, ARP inspection is not supportedD.    By configuring NAT and ARP inspection Answer: A QUESTION 81What are two primary purposes of Layer 2 detection in Cisco IPS networks? (Choose two.) A.    identifying Layer 2 ARP attacksB.    detecting spoofed MAC addresses and tracking 802.1X actions and data communication after asuccessful client associationC.    detecting and preventing MAC address spoofing in switched environmentsD.    mitigating man-in-the-middle attacks Answer: AD QUESTION 82What is the primary purpose of stateful pattern recognition in Cisco IPS networks? A.    mitigating man-in-the-middle attacksB.    using multipacket inspection across all protocols to identify vulnerability-based attacks and tothwart attacks that hide within a data streamC.    detecting and preventing MAC address spoofing in switched environmentsD.    identifying Layer 2 ARP attacks Answer: B QUESTION 83What are two reasons to implement Cisco IOS MPLS Bandwidth-Assured Layer 2 Services? (Choose two.) A.    guaranteed bandwidth and peak rates as well as low cycle periods, regardless of which systems accessthe deviceB.    increased resiliency through MPLS FRR for AToM circuits and better bandwidth utilization through MPLS TEC.    enabled services over an IP/MPLS infrastructure, for enhanced MPLS Layer 2 functionalityD.    provided complete proactive protection against frame and device spoofing Answer: BC QUESTION 84What is the maximum jumbo frame size for IPS standalone appliances with 1G and 10G fixed or add-on interfaces? A.    1024 bytesB.    1518 bytesC.    2156 bytesD.    9216 bytes Answer: D QUESTION 85Which two statements about Cisco IDS are true? (Choose two.) A.    It is preferred for detection-only deployment.B.    It is used for installations that require strong network-based protection and that include sensor tuning.C.    It is used to boost sensor sensitivity at the expense of false positives.D.    It is used to monitor critical systems and to avoid false positives that block traffic.E.    It is used primarily to inspect egress traffic, to filter outgoing threats. Answer: AD QUESTION 86What are two reasons for implementing NIPS at enterprise Internet edges? (Choose two.) A.    Internet edges typically have a lower volume of traffic and threats are easier to detect.B.    Internet edges typically have a higher volume of traffic and threats are more difficult to detect.C.    Internet edges provide connectivity to the Internet and other external networks.D.    Internet edges are exposed to a larger array of threats.E.    NIPS is more optimally designed for enterprise Internet edges than for internal network configurations. Answer: CD QUESTION 87Which statement about the Cisco ASA configuration is true? A.    All input traffic on the inside interface is denied by the global ACL.B.    All input and output traffic on the outside interface is denied by the global ACL.C.    ICMP echo-request traffic is permitted from the inside to the outside, and ICMP echo-reply will bepermitted from the outside back to inside.D.    HTTP inspection is enabled in the global policy.E.    Traffic between two hosts connected to the same interface is permitted. Answer: B QUESTION 88In the default global policy, which traffic is matched for inspections by default? A.    match anyB.    match default-inspection-trafficC.    match access-listD.    match portE.    match class-default Answer: B QUESTION 89Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security device? A.    logging list critical_messages level 2console logging critical_messagesB.    logging list critical_messages level 2logging console critical_messagesC.    logging list critical_messages level 2logging console enable critical_messagesD.    logging list enable critical_messages level 2 console logging critical_messages Answer: B QUESTION 90An administrator is deploying port-security to restrict traffic from certain ports to specific MAC addresses. Which two considerations must an administrator take into account when using the switchport port-security mac-address sticky command? (Choose two.) A.    The configuration will be updated with MAC addresses from traffic seen ingressing the port.The configuration will automatically be saved to NVRAM if no other changes to the configuration havebeen made.B.    The configuration will be updated with MAC addresses from traffic seen ingressing the port.The configuration will not automatically be saved to NVRAM.C.    Only MAC addresses with the 5th most significant bit of the address (the 'sticky' bit) set to 1 will be learned.D.    If configured on a trunk port without the 'vlan' keyword, it will apply to all vlans.E.    If configured on a trunk port without the 'vlan' keyword, it will apply only to the native vlan. Answer: BE QUESTION 91Which command configures the SNMP server group1 to enable authentication for members of the access list east? A.    snmp-server group group1 v3 auth access eastB.    snmp-server group1 v3 auth access eastC.    snmp-server group group1 v3 eastD.    snmp-server group1 v3 east access Answer: A QUESTION 92Lab Simulation Answer:Please check the steps in explanation part below:(1) Click on Service Policy Rules, then Edit the default inspection rule.(2) Click on Rule Actions, then enable HTTP as shown here: (3) Click on Configure, then add as shown here: (4) Create the new map in ASDM like shown: (5) Edit the policy as shown: (6) Hit OK QUESTION 93Hotspot Questions Which statement about how the Cisco ASA supports SNMP is true? A.    All SNMFV3 traffic on the inside interface will be denied by the global ACLB.    The Cisco ASA and ASASM provide support for network monitoring using SNMP Versions 1,2c,and 3, but do not support the use of all three versions simultaneously.C.    The Cisco ASA and ASASM have an SNMP agent that notifies designated management ,.stations if events occur that are predefined to require a notification, for example, when a link inthe network goes up or down.D.    SNMPv3 is enabled by default and SNMP v1 and 2c are disabled by default.E.    SNMPv3 is more secure because it uses SSH as the transport mechanism. Answer: CExplanation:This can be verified by this ASDM screen shot: QUESTION 94Hotspot Questions SNMP users have a specified username, a group to which the user belongs, authentication password, encryption password, and authentication and encryption algorithms to use. The authentication algorithm options are MD5 and SHA. The encryption algorithm options are DES, 3DES, andAES (which is available in 128,192, and 256 versions). When you create a user, with which option must you associate it? A.    an SNMP groupB.    at least one interfaceC.    the SNMP inspection in the global_policyD.    at least two interfaces Answer: AExplanation:This can be verified via the ASDM screen shot shown here: QUESTION 95Hotspot Questions An SNMP host is an IP address to which SNMP notifications and traps are sent. To configure SNMFV3 hosts, which option must you configure in addition to the target IP address? A.    the Cisco ASA as a DHCP server, so the SNMFV3 host can obtain an IP addressB.    a username, because traps are only sent to a configured userC.    SSH, so the user can connect to the Cisco ASAD.    the Cisco ASA with a dedicated interface only for SNMP, to process the SNMP host traffic. Answer: BExplanation:The username can be seen here on the ASDM simulator screen shot: QUESTION 96Refer to the exhibit. To protect Host A and Host B from communicating with each other, which type of PVLAN port should be used for each host? A.    Host A on a promiscuous port and Host B on a community portB.    Host A on a community port and Host B on a promiscuous portC.    Host A on an isolated port and Host B on a promiscuous portD.    Host A on a promiscuous port and Host B on a promiscuous portE.    Host A on an isolated port and host B on an isolated portF.    Host A on a community port and Host B on a community port Answer: E QUESTION 97Which security operations management best practice should be followed to enable appropriate network access for administrators? A.    Provide full network access from dedicated network administration systemsB.    Configure the same management account on every network deviceC.    Dedicate a separate physical or logical plane for management trafficD.    Configure switches as terminal servers for secure device access Answer: C QUESTION 98Which two features block traffic that is sourced from non-topological IPv6 addresses? (Choose two.) A.    DHCPv6 GuardB.    IPv6 Prefix GuardC.    IPv6 RA GuardD.    IPv6 Source Guard Answer: BD QUESTION 99Which three options correctly identify the Cisco ASA1000V Cloud Firewall? (Choose three.) A.    operates at Layer 2B.    operates at Layer 3C.    secures tenant edge trafficD.    secures intraswitch trafficE.    secures data center edge trafficF.    replaces Cisco VSGG.    complements Cisco VSGH.    requires Cisco VSG Answer: BCG QUESTION 100Which two options are private-VLAN secondary VLAN types? (Choose two) A.    IsolatedB.    SecuredC.    CommunityD.    CommonE.    Segregated Answer: ACExplanation:http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/ CLIConfigurationGuide/PrivateVLANs.html Lead2pass new released premium 300-206 exam dumps guarantee you a 100% exam success or we promise full money back! Download Cisco 300-206 exam dumps full version from Lead2pass instantly! 300-206 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDQ3hFS2lmMTdVb3c 2017 Cisco 300-206 exam dumps (All 251 Q&As) from Lead2pass: https://www.lead2pass.com/300-206.html [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-07-12 01:48:25 Post date GMT: 2017-07-12 01:48:25 Post modified date: 2017-07-12 01:48:25 Post modified date GMT: 2017-07-12 01:48:25 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com