This page was exported from Offering New Exam PDF And Exam VCE Dumps For Free Downloading [ ] Export date:Thu Apr 9 9:27:22 2020 / +0000 GMT ___________________________________________________ Title: [2017 New] Easily Pass Cisco 300-206 Exam With Lead2pass Latest Cisco 300-206 Brain Dumps (101-125) --------------------------------------------------- 2017 July Cisco Official New Released 300-206 Dumps in! 100% Free Download! 100% Pass Guaranteed! Are you interested in successfully completing the Cisco 300-206 Certification Then start to earning Salary? Lead2pass has leading edge developed Cisco exam questions that will ensure you pass this 300-206 exam! Lead2pass delivers you the most accurate, current and latest updated 300-206 Certification exam questions and available with a 100% money back guarantee promise! Following questions and answers are all new published by Cisco Official Exam Center: QUESTION 101Which two statements about zone-based firewalls are true? (Choose two.) A.    More than one interface can be assigned to the same zone.B.    Only one interface can be in a given zone.C.    An interface can only be in one zone.D.    An interface can be a member of multiple zones.E.    Every device interface must be a member of a zone.Answer: AC QUESTION 102An attacker has gained physical access to a password protected router. Which command will prevent access to the startup-config in NVRAM? A.    no service password-recoveryB.    no service startup-configC.    service password-encryptionD.    no confreg 0x2142 Answer: A QUESTION 103Which command tests authentication with SSH and shows a generated key? A.    show key mypubkey rsaB.    show crypto key mypubkey rsaC.    show crypto keyD.    show key mypubkey Answer: B QUESTION 104Which configuration keyword will configure SNMPv3 with authentication but no encryption? A.    AuthB.    PrivC.    No authD.    Auth priv Answer: A QUESTION 105In IOS routers, what configuration can ensure both prevention of ntp spoofing and accurate time ensured? A.    ACL permitting udp 123 from ntp serverB.    ntp authenticationC.    multiple ntp serversD.    local system clock Answer: B QUESTION 106Which product can manage licenses, updates, and a single signature policy for 15 separate IPS appliances? A.    Cisco Security ManagerB.    Cisco IPS Manager ExpressC.    Cisco IPS Device ManagerD.    Cisco Adaptive Security Device Manager Answer: A QUESTION 107Which three statements about private VLANs are true? (Choose three.) A.    Isolated ports can talk to promiscuous and community ports.B.    Promiscuous ports can talk to isolated and community ports.C.    Private VLANs run over VLAN Trunking Protocol in client mode.D.    Private VLANS run over VLAN Trunking Protocol in transparent mode.E.    Community ports can talk to each other as well as the promiscuous port.F.    Primary, secondary, and tertiary VLANs are required for private VLAN implementation. Answer: BDE QUESTION 108When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of the remote peer when you set the SSH server to perform RSA-based authentication? A.    router(config-ssh-pubkey-user)#keyB.    router(conf-ssh-pubkey-user)#key-stringC.    router(config-ssh-pubkey)#key-stringD.    router(conf-ssh-pubkey-user)#key-string enable ssh Answer: B QUESTION 109Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP via a man-in-the-middle attack? A.    MACsecB.    Flex VPNC.    Control Plane ProtectionD.    Dynamic Arp Inspection Answer: A QUESTION 110On an ASA running version 9.0, which command is used to nest objects in a pre-existing group? A.    object-groupB.    network group-objectC.    object-group networkD.    group-object Answer: D QUESTION 11Which ASA feature is used to keep track of suspected attackers who create connections to too many hosts or ports? A.    complex threat detectionB.    scanning threat detectionC.    basic threat detectionD.    advanced threat detection Answer: B QUESTION 112What is the default behavior of an access list on a Cisco ASA? A.    It will permit or deny traffic based on the access list criteria.B.    It will permit or deny all traffic on a specified interface.C.    It will have no affect until applied to an interface, tunnel-group or other traffic flow.D.    It will allow all traffic. Answer: C QUESTION 113When configuring a new context on a Cisco ASA device, which command creates a domain for the context? A.    domain config nameB.    domain-nameC.    changeto/domain name changeD.    domain context 2 Answer: B QUESTION 114Which statement describes the correct steps to enable Botnet Traffic Filtering on a Cisco ASA version 9.0 transparent-mode firewall with an active Botnet Traffic Filtering license? A.    Enable DNS snooping, traffic classification, and actions.B.    Botnet Traffic Filtering is not supported in transparent mode.C.    Enable the use of the dynamic database, enable DNS snooping, traffic classification, and actions.D.    Enable the use of dynamic database, enable traffic classification and actions. Answer: C QUESTION 115Which Cisco switch technology prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast flood on a port? A.    port securityB.    storm controlC.    dynamic ARP inspectionD.    BPDU guardE.    root guardF.    dot1x Answer: B QUESTION 116You are a security engineer at a large multinational retailer. Your Chief Information Officer recently attended a security conference and has asked you to secure the network infrastructure from VLAN hopping.Which statement describes how VLAN hopping can be avoided? A.    There is no such thing as VLAN hopping because VLANs are completely isolated.B.    VLAN hopping can be avoided by using IEEE 802.1X to dynamically assign the access VLAN to all endpoints and setting the default access VLAN to an unused VLAN ID.C.    VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an ISL trunk to an unused VLAN ID.D.    VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an IEEE 802.1Q trunk to an unused VLAN ID. Answer: D QUESTION 117You are the administrator of a Cisco ASA 9.0 firewall and have been tasked with ensuring that the Firewall Admins Active Directory group has full access to the ASA configuration. The Firewall Operators Active Directory group should have a more limited level of access.Which statement describes how to set these access levels? A.    Use Cisco Directory Agent to configure the Firewall Admins group to have privilege level 15 access. Also configure the Firewall Operators group to have privilege level 6 access.B.    Use TACACS+ for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group.Configure level 15 access to be assigned to members of the Firewall Admins group.C.    Use RADIUS for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group.Configure level 15 access to be assigned to members of the Firewall Admins group.D.    Active Directory Group membership cannot be used as a determining factor for accessing the Cisco ASA CLI. Answer: B QUESTION 118A router is being enabled for SSH command line access.The following steps have been taken: - The vty ports have been configured with transport input SSH and login local.- Local user accounts have been created.- The enable password has been configured. What additional step must be taken if users receive a 'connection refused' error when attempting to access the router via SSH? A.    A RSA keypair must be generated on the routerB.    An access list permitting SSH inbound must be configured and applied to the vty portsC.    An access list permitting SSH outbound must be configured and applied to the vty portsD.    SSH v2.0 must be enabled on the router Answer: A QUESTION 119Which two configurations are necessary to enable password-less SSH login to an IOS router? (Choose two.) A.    Enter a copy of the administrator's public key within the SSH key-chainB.    Enter a copy of the administrator's private key within the SSH key-chainC.    Generate a 512-bit RSA key to enable SSH on the routerD.    Generate an RSA key of at least 768 bits to enable SSH on the routerE.    Generate a 512-bit ECDSA key to enable SSH on the routerF.    Generate a ECDSA key of at least 768 bits to enable SSH on the router Answer: AD QUESTION 120Which two features does Cisco Security Manager provide? (Choose two.) A.    Configuration and policy deployment before device discoveryB.    Health and performance monitoringC.    Event management and alertingD.    Command line menu for troubleshootingE.    Ticketing management and tracking Answer: BC QUESTION 121An administrator installed a Cisco ASA that runs version 9.1. You are asked to configure the firewall through Cisco ASDM.When you attempt to connect to a Cisco ASA with a default configuration, which username and password grants you full access? A.    admin / adminB.    asaAdmin / (no password)C.    It is not possible to use Cisco ASDM until a username and password are created via the username usernamepassword password CLI command.D.    enable_15 / (no password)E.    cisco / cisco Answer: D QUESTION 122Which three options are default settings for NTP parameters on a Cisco ASA? (Choose three.) A.    NTP authentication is enabled.B.    NTP authentication is disabled.C.    NTP logging is enabled.D.    NTP logging is disabled.E.    NTP traffic is not restricted.F.    NTP traffic is restricted. Answer: BDE QUESTION 123Which two options are purposes of the packet-tracer command? (Choose two.) A.    to filter and monitor ingress traffic to a switchB.    to configure an interface-specific packet traceC.    to simulate network traffic through a data pathD.    to debug packet drops in a production networkE.    to automatically correct an ACL entry in an ASA Answer: CD QUESTION 124Refer to the exhibit. Server A is a busy server that offers these services: - World Wide Web- DNS Which command captures http traffic from Host A to Server A?   A.    capture traffic match udp host host    capture traffic match 80 host host    capture traffic match ip host    capture traffic match tcp host host    capture traffic match tcp host host eq 80 Answer: D QUESTION 125Your company is replacing a high-availability pair of Cisco ASA 5550 firewalls with the newer Cisco ASA 5555-X models. Due to budget constraints, one Cisco ASA 5550 will be replaced at a time.Which statement about the minimum requirements to set up stateful failover between these two firewalls is true? A.    You must install the USB failover cable between the two Cisco ASAs and provide a 1 Gigabit Ethernet interface for state exchange.B.    It is not possible to use failover between different Cisco ASA models.C.    You must have at least 1 Gigabit Ethernet interface between the two Cisco ASAs for state exchange.D.    You must use two dedicated interfaces. One link is dedicated to state exchange and the other link is for heartbeats. Answer: B All Cisco 300-206 exam questions are the new checked and updated! In recent years, the 300-206 certification has become a global standard for many successful IT companies. Want to become a certified Cisco professional? Download Lead2pass 2017 latest released 300-206 exam dumps full version and pass 300-206 100%! 300-206 new questions on Google Drive: 2017 Cisco 300-206 exam dumps (All 251 Q&As) from Lead2pass: [100% Exam Pass Guaranteed] --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2017-07-12 02:55:36 Post date GMT: 2017-07-12 02:55:36 Post modified date: 2017-07-12 02:55:36 Post modified date GMT: 2017-07-12 02:55:36 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from