Download New Latest (May) Cisco 300-206 Actual Tests 1-10

Ensurepass

 

 

QUESTION 1

Which two statements about Cisco IDS are true? (Choose two.)

 

A.

It is preferred for detection-only deployment.

B.

It is used for installations that require strong network-based protection and that include sensor tuning.

C.

It is used to boost sensor sensitivity at the expense of false positives.

D.

It is used to monitor critical systems and to avoid false positives that block traffic.

E.

It is used primarily to inspect egress traffic, to filter outgoing threats.

 

Answer: BC

 

 

QUESTION 2

Which statement about the Cisco Security Manager 4.4 NAT Rediscovery feature is true?

 

A.

It provides NAT policies to existing clients that connect from a new switch port.

B.

It can update shared policies even when the NAT server is offline.

C.

It enables NAT policy discovery as it updates shared polices.

D.

It enables NAT policy rediscovery while leaving existing shared polices unchanged.

 

Answer: D

 

 

QUESTION 3

Which set of commands enables logging and displays the log buffer on a Cisco ASA?

 

A.

enable logging

show logging

B.

logging enable

show logging

C.

enable logging int e0/1

view logging

D.

logging enable

logging view config

 

Answer: B

 

 

QUESTION 4

Cisco Security Manager can manage which three products? (Choose three.)

 

A.

Cisco IOS

B.

Cisco ASA

C.

Cisco IPS

D.

Cisco WLC

E.

Cisco Web Security Appliance

F.

Cisco Email Security Appliance

G.

Cisco ASA CX

H.

Cisco CRS

 

Answer: ABC

 

 

QUESTION 5

Which Cisco product provides a GUI-based device management tool to configure Cisco access routers?

 

A.

Cisco ASDM

B.

Cisco CP Express

C.

Cisco ASA 5500

D.

Cisco CP

 

Answer: D

 

 

QUESTION 6

A switch is being configured at a new location that uses statically assigned IP addresses. Which will ensure that ARP inspection works as expected?

 

A.

Configure the ‘no-dhcp’ keyword at the end of the ip arp inspection command

B.

Enable static arp inspection using the command ‘ip arp inspection static vlan vlan- number

C.

Configure an arp access-list and apply it to the ip arp inspection command

D.

Enable port security

 

Answer: C

 

 

QUESTION 7

An administrator is deploying port-security to restrict traffic from certain ports to specific MAC addresses. Which two considerations must an administrator take into account when using the switchport port-security mac-address sticky command? (Choose two.)

 

A.

The configuration will be updated with MAC addresses from traffic seen ingressing the port. The configuration will automatically be saved to NVRAM if no other changes to the configuration have been made.

B.

The configuration will be updated with MAC addresses from traffic seen ingressing the port. The configuration will not automatically be saved to NVRAM.

C.

Only MAC addresses with the 5th most significant bit of the address (the ‘sticky’ bit) set to 1 will be learned.

D.

If configured on a trunk port without the ‘vlan’ keyword, it will apply to all vlans.

E.

If configured on a trunk port without the ‘vlan’ keyword, it will apply only to the native vlan.

 

Answer: BE

 

 

QUESTION 8

CORRECT TEXT

 

clip_image001

 

 

 

clip_image002

 

clip_image003

 

A.

 

B.

 

C.

 

D.

 

 

Answer:

 

 

QUESTION 9

A network administrator is creating an ASA-CX administrative user account with the following parameters:

 

The user will be responsible for configuring security policies on network devices.

The user needs read-write access to policies.

The account has no more rights than necessary for the job.

 

What role will the administrator assign t
o the user?

 

A.

Administrator

B.

Security administrator

C.

System administrator

D.

Root Administrator

E.

Exec administrator

 

Answer: B

 

 

QUESTION 10

Which command sets the source IP address of the NetFlow exports of a device?

 

A.

ip source flow-export

B.

ip source netflow-export

C.

ip flow-export source

D.

ip netflow-export source

 

Answer: C

Free VCE & PDF File for Cisco 300-206 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

 

Posted in Uncategorized