[2017 New] 2017 New 300-206 Exam PDF Ensure 300-206 Certification Exam Pass Successfully (26-50)
2017 July Cisco Official New Released 300-206 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
Lead2pass 300-206 latest updated braindumps including all new added 300-206 exam questions from exam center which guarantees you can 100% success 300-206 exam in your first try!
Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-206.html
QUESTION 26
Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525?
A. A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in
the global inspection policy
B. A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy
C. An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect option
D. A class-map that matches port 2525 and applying it on an access-list using the inspect option
Answer: A
QUESTION 27
A network administrator is creating an ASA-CX administrative user account with the following parameters:
– The user will be responsible for configuring security policies on network devices.
– The user needs read-write access to policies.
– The account has no more rights than necessary for the job.
What role will be assigned to the user?
A. Administrator
B. Security administrator
C. System administrator
D. Root Administrator
E. Exec administrator
Answer: B
QUESTION 28
Which tool provides the necessary information to determine hardware lifecycle and compliance details for deployed network devices?
A. Prime Infrastructure
B. Prime Assurance
C. Prime Network Registrar
D. Prime Network Analysis Module
Answer: A
QUESTION 29
Which three compliance and audit report types are available in Cisco Prime Infrastructure? (Choose three.)
A. Service
B. Change Audit
C. Vendor Advisory
D. TAC Service Request
E. Validated Design
F. Smart Business Architecture
Answer: ABC
QUESTION 30
Which statement about the Cisco ASA botnet traffic filter is true?
A. The four threat levels are low, moderate, high, and very high.
B. By default, the dynamic-filter drop blacklist interface outside command drops traffic with a threat
level of high or very high.
C. Static blacklist entries always have a very high threat level.
D. A static or dynamic blacklist entry always takes precedence over the static whitelist entry.
Answer: C
QUESTION 31
Where in the Cisco ASA appliance CLI are Active/Active Failover configuration parameters configured?
A. admin context
B. customer context
C. system execution space
D. within the system execution space and admin context
E. within each customer context and admin context
Answer: C
QUESTION 32
Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols?
A. network
B. ICMP
C. protocol
D. TCP-UDP
E. service
Answer: E
QUESTION 33
Which Cisco ASA show command groups the xlates and connections information together in its output?
A. show conn
B. show conn detail
C. show xlate
D. show asp
E. show local-host
Answer: E
QUESTION 34
When a Cisco ASA is configured in multiple context mode, within which configuration are the interfaces allocated to the security contexts?
A. each security context
B. system configuration
C. admin context (context with the “admin” role)
D. context startup configuration file (.cfg file)
Answer: B
QUESTION 35
When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified?
A. The nameif configuration on the member physical interfaces are identical.
B. The MAC address configuration on the member physical interfaces are identical.
C. The active interface is sending periodic hellos to the standby interface.
D. The IP address configuration on the logical redundant interface is correct.
E. The duplex and speed configuration on the logical redundant interface are correct.
Answer: D
QUESTION 36
On the Cisco ASA, where are the Layer 5-7 policy maps applied?
A. inside the Layer 3-4 policy map
B. inside the Layer 3-4 class map
C. inside the Layer 5-7 class map
D. inside the Layer 3-4 service policy
E. inside the Layer 5-7 service policy
Answer: A
QUESTION 37
A Cisco ASA requires an additional feature license to enable which feature?
A. transparent firewall
B. cut-thru proxy
C. threat detection
D. botnet traffic filtering
E. TCP normalizer
Answer: D
QUESTION 38
Which four are IPv6 First Hop Security technologies? (Choose four.)
A. Send
B. Dynamic ARP Inspection
C. Router Advertisement Guard
D. Neighbor Discovery Inspection
E. Traffic Storm Control
F. Port Security
G. DHCPv6 Guard
Answer: ACDG
QUESTION 39
IPv6 addresses in an organization’s network are assigned using Stateless Address
Autoconfiguration. What is a security concern of using SLAAC for IPv6 address assignment?
A. Man-In-The-Middle attacks or traffic interception using spoofed IPv6 Router Advertisements
B. Smurf or amplification attacks using spoofed IPv6 ICMP Neighbor Solicitations
C. Denial of service attacks using TCP SYN floods
D. Denial of Service attacks using spoofed IPv6 Router Solicitations
Answer: A
QUESTION 40
Which two parameters must be configured before you enable SCP on a router? (Choose two.)
A. SSH
B. authorization
C. ACLs
D. NTP
E. TACACS+
Answer: AB
QUESTION 41
A network engineer is troubleshooting and configures the ASA logging level to debugging.
The logging-buffer is dominated by %ASA-6-305009 log messages. Which command suppresses those syslog messages while maintaining ability to troubleshoot?
A. no logging buffered 305009
B. message 305009 disable
C. no message 305009 logging
D. no logging message 305009
Answer: D
QUESTION 42
Which option describes the purpose of the input parameter when you use the packet-tracer command on a Cisco device?
A. to provide detailed packet-trace information
B. to specify the source interface for the packet trace
C. to display the trace capture in XML format
D. to specify the protocol type for the packet trace
Answer: B
QUESTION 43
Which two options are two purposes of the packet-tracer command? (Choose two.)
A. to filter and monitor ingress traffic to a switch
B. to configure an interface-specific packet trace
C. to inject virtual packets into the data path
D. to debug packet drops in a production network
E. to correct dropped packets in a production network
Answer: CD
QUESTION 44
Which set of commands enables logging and displays the log buffer on a Cisco ASA?
A. enable logging
show logging
B. logging enable
show logging
C. enable logging int e0/1
view logging
D. logging enable
logging view config
Answer: B
QUESTION 45
By default, not all services in the default inspection class are inspected. Which Cisco ASA CLI command do you use to determine which inspect actions are applied to the default inspection class?
A. show policy-map global_policy
B. show policy-map inspection_default
C. show class-map inspection_default
D. show class-map default-inspection-traffic
E. show service-policy global
Answer: E
QUESTION 46
Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.)
A. logging list test message 711001
B. logging debug-trace
C. logging trap debugging
D. logging message 711001 level 7
E. logging trap test
Answer: ABE
QUESTION 47
Which five options are valid logging destinations for the Cisco ASA? (Choose five.)
A. AAA server
B. Cisco ASDM
C. buffer
D. SNMP traps
E. LDAP server
F. email
G. TCP-based secure syslog server
Answer: BCDFG
QUESTION 48
When configuring security contexts on the Cisco ASA, which three resource class limits can be set using a rate limit? (Choose three.)
A. address translation rate
B. Cisco ASDM session rate
C. connections rate
D. MAC-address learning rate (when in transparent mode)
E. syslog messages rate
F. stateful packet inspections rate
Answer: CEF
QUESTION 49
The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three Cisco ASA options will not support these requirements? (Choose three.)
A. transparent mode
B. multiple context mode
C. active/standby failover mode
D. active/active failover mode
E. routed mode
F. no NAT-control
Answer: ABD
QUESTION 50
Which command displays syslog messages on the Cisco ASA console as they occur?
A. Console logging <level>
B. Logging console <level>
C. Logging trap <level>
D. Terminal monitor
E. Logging monitor <level>
Answer: B
Lead2pass regular updates of Cisco 300-206 dumps, with accurate answers, keeps the members one step ahead in the real 300-206 exam. The experts with more than 10 years experience in Certification Field work with us.
300-206 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDQ3hFS2lmMTdVb3c
2017 Cisco 300-206 exam dumps (All 251 Q&As) from Lead2pass:
https://www.lead2pass.com/300-206.html [100% Exam Pass Guaranteed]