New 300-206 exam questions from PassLeader 300-206 dumps! Welcome to download the newest PassLeader 300-206 VCE and PDF dumps: http://www.passleader.com/300-206.html (413 Q&As –> 456 Q&As –> 486 Q&As –> 501 Q&As)
P.S. Free 300-206 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpflBDRGVtd3JJR2k3ZF9sOTAyOHQ0bW1fdlJsZjFwS2xxZmx1TGVrOEdraTA
QUESTION 101
Which two statements about zone-based firewalls are true? (Choose two.)
A. More than one interface can be assigned to the same zone.
B. Only one interface can be in a given zone.
C. An interface can only be in one zone.
D. An interface can be a member of multiple zones.
E. Every device interface must be a member of a zone.
Answer: AC
QUESTION 102
An attacker has gained physical access to a password protected router. Which command will prevent access to the startup-config in NVRAM?
A. no service password-recovery
B. no service startup-config
C. service password-encryption
D. no confreg 0x2142
Answer: A
QUESTION 103
Which command tests authentication with SSH and shows a generated key?
A. show key mypubkey rsa
B. show crypto key mypubkey rsa
C. show crypto key
D. show key mypubkey
Answer: B
QUESTION 104
Which configuration keyword will configure SNMPv3 with authentication but no encryption?
A. Auth
B. Priv
C. No auth
D. Auth priv
Answer: A
QUESTION 105
In IOS routers, what configuration can ensure both prevention of ntp spoofing and accurate time ensured?
A. ACL permitting udp 123 from ntp server
B. ntp authentication
C. multiple ntp servers
D. local system clock
Answer: B
QUESTION 106
Which product can manage licenses, updates, and a single signature policy for 15 separate IPS appliances?
A. Cisco Security Manager
B. Cisco IPS Manager Express
C. Cisco IPS Device Manager
D. Cisco Adaptive Security Device Manager
Answer: A
QUESTION 107
Which three statements about private VLANs are true? (Choose three.)
A. Isolated ports can talk to promiscuous and community ports.
B. Promiscuous ports can talk to isolated and community ports.
C. Private VLANs run over VLAN Trunking Protocol in client mode.
D. Private VLANS run over VLAN Trunking Protocol in transparent mode.
E. Community ports can talk to each other as well as the promiscuous port.
F. Primary, secondary, and tertiary VLANs are required for private VLAN implementation.
Answer: BDE
QUESTION 108
When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of the remote peer when you set the SSH server to perform RSA-based authentication?
A. router(config-ssh-pubkey-user)#key
B. router(conf-ssh-pubkey-user)#key-string
C. router(config-ssh-pubkey)#key-string
D. router(conf-ssh-pubkey-user)#key-string enable ssh
Answer: B
QUESTION 109
Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP via a man-in-the-middle attack?
A. MACsec
B. Flex VPN
C. Control Plane Protection
D. Dynamic Arp Inspection
Answer: A
QUESTION 110
On an ASA running version 9.0, which command is used to nest objects in a pre-existing group?
A. object-group
B. network group-object
C. object-group network
D. group-object
Answer: D
QUESTION 111
Which ASA feature is used to keep track of suspected attackers who create connections to too many hosts or ports?
A. complex threat detection
B. scanning threat detection
C. basic threat detection
D. advanced threat detection
Answer: B
QUESTION 112
What is the default behavior of an access list on a Cisco ASA?
A. It will permit or deny traffic based on the access list criteria.
B. It will permit or deny all traffic on a specified interface.
C. It will have no affect until applied to an interface, tunnel-group or other traffic flow.
D. It will allow all traffic.
Answer: C
QUESTION 113
When configuring a new context on a Cisco ASA device, which command creates a domain for the context?
A. domain config name
B. domain-name
C. changeto/domain name change
D. domain context 2
Answer: B
QUESTION 114
Which statement describes the correct steps to enable Botnet Traffic Filtering on a Cisco ASA version 9.0 transparent-mode firewall with an active Botnet Traffic Filtering license?
A. Enable DNS snooping, traffic classification, and actions.
B. Botnet Traffic Filtering is not supported in transparent mode.
C. Enable the use of the dynamic database, enable DNS snooping, traffic classification, and actions.
D. Enable the use of dynamic database, enable traffic classification and actions.
Answer: C
QUESTION 115
Which Cisco switch technology prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast flood on a port?
A. port security
B. storm control
C. dynamic ARP inspection
D. BPDU guard
E. root guard
F. dot1x
Answer: B
New 300-206 exam questions from PassLeader 300-206 dumps! Welcome to download the newest PassLeader 300-206 VCE and PDF dumps: http://www.passleader.com/300-206.html (413 Q&As –> 456 Q&As –> 486 Q&As –> 501 Q&As)
P.S. Free 300-206 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpflBDRGVtd3JJR2k3ZF9sOTAyOHQ0bW1fdlJsZjFwS2xxZmx1TGVrOEdraTA
