web analytics

[23-Nov-2018] New 300-206 Dumps with VCE and PDF from PassLeader (Update Questions)

New 300-206 exam questions from PassLeader 300-206 dumps! Welcome to download the newest PassLeader 300-206 VCE and PDF dumps: https://www.passleader.com/300-206.html (413 Q&As –> 456 Q&As –> 486 Q&As –> 501 Q&As)

P.S. New 300-206 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpflBDRGVtd3JJR2k3ZF9sOTAyOHQ0bW1fdlJsZjFwS2xxZmx1TGVrOEdraTA

NEW QUESTION 362
When you enable IP source Guard on private VLAN ports, which additional action must you take for IP Source Guard to be effective?

A.    Enable DHCP snooping on the isolated VLAN.
B.    Enable BPDU guard on the isolated VLAN.
C.    Enable BPDU guard on the primary VLAN.
D.    Enable DHCP snooping on the primary VLAN.

Answer: D

NEW QUESTION 363
A network engineer wants to add new view to an IOS device configured with RBAC. Which privilege is required for that task?

A.    Level 16
B.    Level 15
C.    root view
D.    admin view

Answer: B

NEW QUESTION 364
After a session has been secured with MACsec, which two types of traffic can be sent and received unencrypted? (Choose two.)

A.    EAPOL-Start
B.    DHCP offer
C.    Cisco Discovery Protocol
D.    DHCP discover
E.    EAPOL-Logoff

Answer: AC

NEW QUESTION 365
Which two main functions for application inspection on ASA are true? (Choose two.)

A.    When services use dynamically assigned ports, the application inspection identifies dynamic port and permits data on these ports.
B.    When services embed IP addresses in the packet, the application inspection translates embedded addresses and updates the checksum.
C.    When services are operating on nonstandard ports, the application inspection identifies the nonstandard port and allows the service to run normally.
D.    When services need IP options to function, the application inspection keeps IP options during the packet transition through the appliance.
E.    When services use load balancing, the application inspection ensures that connections are load blanaced across the servers equally.

Answer: AB

NEW QUESTION 366
An engineer suspects that client workstations are experiencing extremely poor response time due to a man in middle attack. Which feature must be enabled and configured to provide relief from this type of attack?

A.    Internet Key Exchange
B.    Link Aggregation
C.    Reverse ARP
D.    Dynamic ARP Inspection
E.    private VLANs

Answer: D

NEW QUESTION 367
Which option is a consequence when an engineer changes the snmp server local engineID in router?

A.    The SNMP configuration that was created previously is invalid.
B.    The users that were created previously are invalid.
C.    The community that was created previously is invalid.
D.    The groups that were created previously are invalid.

Answer: B

NEW QUESTION 368
HTTPS server is configured on a router for management. Which command will change the router’s listening port from 433 to 444?

A.    ip https secure-port 444
B.    ip http secure-server 444
C.    ip http server-secure-port 444
D.    ip http secure-port 444

Answer: D

NEW QUESTION 369
A security engineer is troubleshooting traffic across a Cisco ASA firewall using a packet tracer. When configuring the packet tracer, which option must be used first?

A.    interface
B.    protocol
C.    source
D.    destination

Answer: A

NEW QUESTION 370
Which two statements about the utilization of IPv4 and IPv6 addresses in the Cisco ASA 9.x firewall access list configuration are true? (Choose two.)

A.    Mixed IPv4 and IPv6 addresses cannot be used in the same access list entry.
B.    Mixed IPv4 and IPv6 addresses can be used in the same access list entry.
C.    Mixed IPv4 and IPv6 addresses can be used in the same access list for network object group.
D.    Mixed IPv4 and IPv6 addresses cannot be used in the same access list.
E.    Mixed IPv4 and IPv6 addresses cannot be used in the same access list for network object group.

Answer: BC

NEW QUESTION 371
A user is having trouble connecting to websites on the Internet. The network engineer proposes configuring a packet capture that captures only the HTTP response traffic on the Cisco Adaptive Security Appliance between the user’s workstation and Internet. If the user’s workstation IP address is 10.0.0.101, which ACE is needed to achieve this capture?

A.    access-list capture permit tcp host 10.0.0.101 eq 80 any
B.    access-list capture permit tcp host 10.0.0.101 any eq 80
C.    access-list capture permit tcp any eq 80 host 10.0.0.101
D.    access-list capture permit tcp any host 10.0.0.101 eq 80

Answer: D

NEW QUESTION 372
Which two mandatory policies are needed to support a regular IPsec VPN in a Cisco Security Manager environment? (Choose two.)

A.    GRE modes
B.    IKE proposal
C.    group encryption
D.    server load balance

Answer: BC

NEW QUESTION 373
Which option is a Cisco best practice when configuring traffic storm control?

A.    Configure 100 percent level to suppress all traffic.
B.    Configure on the port channel interface of an EtherChannel.
C.    Configure traffic storm control on ports that are members of an EtherChannel.
D.    Configure additional capacity as port speed increase.

Answer: B

NEW QUESTION 374
Which statement about Cisco ASA botnet filtering is true?

A.    BTF takes the MD5 value and compares it against the dynamic database.
B.    BTF checks if the domain name in a DNS reply matches a name in the BTF database.
C.    BTF can rate-limit traffic to known botnet addresses.
D.    BTF redirects DNS queries to a BTF server for further analysis.

Answer: C

NEW QUESTION 375
Which threat level is the default used in the Botnet Traffic Filter?

A.    high
B.    moderate to very-high
C.    high to very-high
D.    very-high

Answer: B

NEW QUESTION 376
An engineer has successfully captured data on an ASA (ip address 10.10.10.1) and wants to download the file to analyze offline. The filename is capin. Which option must the engineer enter to accomplish this task?

A.    https://10.10.10.1/admin/capture/capin
B.    http://10.10.10.1/admin/capture/capin/pcap
C.    https://10.10.10.1/admin/capture/capin/pcap
D.    http://10.10.10.1/admin/capture/capin

Answer: C

NEW QUESTION 377
An engineer has downloaded the database files for botnet traffic filtering on an ASA. Where are these database files stored?

A.    flash memory
B.    SSD drive
C.    ROMMON
D.    running memory

Answer: A

NEW QUESTION 378
Which benefit of using centralized management to manage a Cisco IronPort ESA is true?

A.    It reduces licensing cost.
B.    It requires no initial setup.
C.    It requires a light client on managed devices.
D.    It reduces administration time.

Answer: D

NEW QUESTION 379
A company is concerned with valid time sources and has asked for NTP authentication to be configured. Multiple NTP sources are on the network. Which configuration is required on the client device to authenticate and synchronize with an NTP source?

A.    trusted key
B.    stratum hash
C.    SSL
D.    certificate preshared key

Answer: A

NEW QUESTION 380
Which statement about the behavior of the Cisco ASA firewall is true?

A.    The Cisco ASA is not seen as a router hop to connect devices in routed mode.
B.    All Cisco ASA interfaces are on different subnets in transparent mode.
C.    The Cisco ASA clears the running configuration when changing firewall modes.
D.    The Cisco ASA blocks ARP inspection packets in transparent mode.

Answer: C

NEW QUESTION 381
An engineering team is working diligently to achieve the fastest possible throughput on a Cisco ASA deployment within the data center without sacrificing high availability or flexibility. Which type of architecture accomplishes this goal?

A.    multiple mode, transparent contexts
B.    single mode, transparent contexts
C.    multiple mode, routed contexts
D.    single mode, routed contexts

Answer: C

NEW QUESTION 382
Which action can be taken as a preventive measure against VLAN hopping attacks?

A.    Configure an uplink to another switch as access port.
B.    Set an unused VLAN as native VLAN on a trunk port.
C.    Limit number of MAC addresses on a trunk port.
D.    Configure port security on all switch ports.

Answer: B

NEW QUESTION 383
An engineer is asked to configure SNMP Version 3 with authentication and encryption of each SNMP packet. Which SNMP V3 mode must be configured to meet that requirement?

A.    priv
B.    auth
C.    pub
D.    encr

Answer: A

NEW QUESTION 384
Which characteristic of community ports in a PVLAN is true?

A.    They can communicate with isolated ports.
B.    They cannot communicate with other community ports in the same community.
C.    They can communicate with promiscuous ports.
D.    They are separated at Layer 3 from all other ports.

Answer: C

NEW QUESTION 385
……


New 300-206 exam questions from PassLeader 300-206 dumps! Welcome to download the newest PassLeader 300-206 VCE and PDF dumps: https://www.passleader.com/300-206.html (413 Q&As –> 456 Q&As –> 486 Q&As –> 501 Q&As)

P.S. New 300-206 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpflBDRGVtd3JJR2k3ZF9sOTAyOHQ0bW1fdlJsZjFwS2xxZmx1TGVrOEdraTA