Download New Latest (May) Cisco 300-206 Actual Tests 31-40

Ensurepass

 

QUESTION 31

You have explicitly added the line deny ipv6 any log to the end of an IPv6 ACL on a router interface. Which two ICMPv6 packet types must you explicitly allow to enable traffic to traverse the interface? (Choose two.)

 

A.

router solicitation

B.

router advertisement

C.

neighbor solicitation

D.

neighbor advertisement

E.

redirect

 

Answer: CD

 

 

QUESTION 32

All 30 users on a single floor of a building are complaining about network slowness. After investigating the access switch, the network administrator notices that the MAC address table is full (10,000 entries) and all traffic is being flooded out of every port. Which action can the administrator take to prevent this from occurring?

 

A.

Configure port-security to limit the number of mac-addresses allowed on each port

B.

Upgrade the switch to one that can handle 20,000 entries

C.

Configure private-vlans to prevent hosts from communicating with one another

D.

Enable storm-control to limit the traffic rate

E.

Configure a VACL to block all IP traffic except traffic to and from that subnet

< b> 

Answer: A

 

 

QUESTION 33

What is the CLI command to enable SNMPv3 on the Cisco Web Security Appliance?

 

A.

snmpconfig

B.

snmpenable

C.

configsnmp

D.

enablesnmp

 

Answer: A

 

 

QUESTION 34

Which two statements about Cisco IOS Firewall are true? (Choose two.)

 

A.

It provides stateful packet inspection.

B.

It provides faster processing of packets than Cisco ASA devices provide.

C.

It provides protocol-conformance checks against traffic.

D.

It eliminates the need to secure routers and switches throughout the network.

E.

It eliminates the need to secure host machines throughout the network.

 

Answer: AC

 

 

QUESTION 35

clip_image001

 

 

 

clip_image002

 

clip_image003

 

Which statement about how the Cisco ASA supports SNMP is true?

 

A.

All SNMFV3 traffic on the inside interface will be denied by the global ACL

B.

The Cisco ASA and ASASM provide support for network monitoring using SNMP Versions 1,2c, and 3, but do not support the use of all three versions simultaneously.

C.

The Cisco ASA and ASASM have an SNMP agent that notifies designated management ,. stations if events occur that are predefined to require a notification, for example, when a link in the network goes up or down.

D.

SNMPv3 is enabled by default and SNMP v1 and 2c are disabled by default.

E.

SNMPv3 is more secure because it uses SSH as the transport mechanism.

 

Answer: C

Explanation:This can be verified by this ASDM screen shot:

 

 

 

Free VCE & PDF File for Cisco 300-206 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

 

C:UsersKamranDesktop2.png

 

 

QUESTION 36

If the Cisco ASA 1000V has too few licenses, what is its behavior?

 

A.

It drops all traffic.

B.

It drops all outside-to-inside packets.

C.

It drops all inside-to-outside packets.

D.

It passes the first outside-to-inside packet and drops all remaining packets.

 

Answer: D

 

 

QUESTION 37

Which two options are two purposes of the packet-tracer command? (Choose two.)

 

A.

to filter and monitor ingress traffic to a switch

B.

to configure an interface-specific packet trace

C.

to inject virtual packets into the data path

D.

to debug packet drops in a production network

E.

to correct dropped packets in a production network

 

Answer: CD

 

 

QUESTION 38

What is the lowest combination of ASA model and license providing 1 Gigabit Ethernet interfaces?

 

A.

ASA 5505 with failover license option

B.

ASA 5510 Security+ license option

C.

ASA 5520 with any license option

D.

ASA 5540 with AnyConnect Essentials License option

 

Answer: B

 

 

QUESTION 39

What is the default behavior of an access list on the Cisco ASA security appliance?

 

A.

It will permit or deny traffic based on the access-list criteria.

B.

It will permit or deny all traffic on a specified interface.

C.

An access group must be configured before the access list will take effect for traffic control.

D.

It will allow all traffic.

 

Answer: C

 

 

QUESTION 40

Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance?

 

A.

a DES or 3DES license

B.

a NAT policy server

C.

a SQL database

D.

a Kerberos key

E.

a digital certificate

 

Answer: A

 

Posted in Uncategorized