[2017 New] Free Download Of Lead2pass 300-206 Real Exam Questions (151-175)

2017 August Cisco Official New Released 300-206 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

2017 get prepared with fully updated Cisco 300-206 real exam questions and accurate answers for 300-206 exam. Lead2pass IT experts review the 300-206 newly added questions and offer correct Cisco 300-206 exam questions answers. 100% pass easily!

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-206.html

Which two TCP ports must be open on the Cisco Security Manager server to allow the server to communicate with the Cisco Security Manager client? (Choose two.)

A.    1741
B.    443
C.    80
D.    1740
E.    8080

Answer: AB

Which command enables the HTTP server daemon for Cisco ASDM access?

A.    http server enable
B.    http server enable 443
C.    crypto key generate rsa modulus 1024
D.    no http server enable

Answer: A

Which function in the Cisco ADSM ACL Manager pane allows an administrator to search for a specfic element?

A.    Find
B.    Device Management
C.    Search
D.    Device Setup

Answer: A

Which two router commands enable NetFlow on an interface? (Choose two.)

A.    ip flow ingress
B.    ip flow egress
C.    ip route-cache flow infer-fields
D.    ip flow ingress infer-fields
E.    ip flow-export version 9

Answer: AB

Refer to the exhibit. Which two statements about the SNMP configuration are true? (Choose two.)


A.    The router’s IP address is
B.    The SNMP server’s IP address is
C.    Only the local SNMP engine is configured.
D.    Both the local and remote SNMP engines are configured.
E.    The router is connected to the SNMP server via port 162.

Answer: BD

To which port does a firewall send secure logging messages?

A.    TCP/1500
B.    UDP/1500
C.    TCP/500
D.    UDP/500

Answer: A

What is a required attribute to configure NTP authentication on a Cisco ASA?

A.    Key ID
B.    IPsec
C.    AAA
D.    IKEv2

Answer: A

Which function does DNSSEC provide in a DNS infrastructure?

A.    It authenticates stored information.
B.    It authorizes stored information.
C.    It encrypts stored information.
D.    It logs stored security information.

Answer: A

Refer to the exhibit. Which two statements about this firewall output are true? (Choose two.)


A.    The output is from a packet tracer debug.
B.    All packets are allowed to
C.    All packets are allowed to
D.    All packets are denied.
E.    The output is from a debug all command.

Answer: AC

Which utility can you use to troubleshoot and determine the timeline of packet changes in a data path within a Cisco firewall?

A.    packet tracer
B.    ping
C.    traceroute
D.    SNMP walk

Answer: A

What can an administrator do to simultaneously capture and trace packets in a Cisco ASA?

A.    Install a Cisco ASA virtual appliance.
B.    Use the trace option of the capture command.
C.    Use the trace option of the packet-tracer command.
D.    Install a switch with a code that supports capturing, and configure a trunk to the Cisco ASA.

Answer: B

Refer to the exhibit. Which command can produce this packet tracer output on a firewall?


A.    packet-tracer input INSIDE tcp 88 3028
B.    packet-tracer output INSIDE tcp 88 3028
C.    packet-tracer input INSIDE tcp 3028 88
D.    packet-tracer output INSIDE tcp 3028 88

Answer: A

At which firewall severity level will debugs appear on a Cisco ASA?

A.    7
B.    6
C.    5
D.    4

Answer: A

A Cisco ASA is configured in multiple context mode and has two user-defined contexts–Context_A and Context_B. From which context are device logging messages sent?

A.    Admin
B.    Context_A
C.    Context_B
D.    System

Answer: A

Which three statements about the software requirements for a firewall failover configuration are true? (Choose three.)

A.    The firewalls must be in the same operating mode.
B.    The firewalls must have the same major and minor software version.
C.    The firewalls must be in the same context mode.
D.    The firewalls must have the same major software version but can have different minor versions.
E.    The firewalls can be in different context modes.
F.    The firewalls can have different Cisco AnyConnect images.

Answer: ABC

What can you do to enable inter-interface firewall communication for traffic that flows between two interfaces of the same security level?

A.    Run the command same-security-traffic permit inter-interface globally.
B.    Run the command same-security-traffic permit intra-interface globally.
C.    Configure both interfaces to have the same security level.
D.    Run the command same-security-traffic permit inter-interface on the interface with the highest security level.

Answer: A

How many bridge groups are supported on a firewall that operate in transparent mode?

A.    8
B.    16
C.    10
D.    6

Answer: A

In which way are management packets classified on a firewall that operates in multiple context mode?

A.    by their interface IP address
B.    by the routing table
C.    by NAT
D.    by their MAC addresses

Answer: A

Where on a firewall does an administrator assign interfaces to contexts?

A.    in the system execution space
B.    in the admin context
C.    in a user-defined context
D.    in the console

Answer: A

Which kind of Layer 2 attack targets the STP root bridge election process and allows an attacker to control the flow of traffic?

A.    man-in-the-middle
B.    denial of service
C.    distributed denial of service
D.    CAM overflow

Answer: A

Which Layer 2 security feature validates ARP packets?

A.    DAI
B.    DHCP server
C.    BPDU guard
D.    BPDU filtering

Answer: A

If you disable PortFast on switch ports that are connected to a Cisco ASA and globally turn on BPDU filtering, what is the effect on the switch ports?

A.    The switch ports are prevented from going into an err-disable state if a BPDU is received.
B.    The switch ports are prevented from going into an err-disable state if a BPDU is sent.
C.    The switch ports are prevented from going into an err-disable state if a BPDU is received and sent.
D.    The switch ports are prevented from forming a trunk.

Answer: C

In a Cisco ASAv failover deployment, which interface is preconfigured as the failover interface?

A.    GigabitEthernet0/2
B.    GigabitEthernet0/4
C.    GigabitEthernet0/6
D.    GigabitEthernet0/8

Answer: D

What are the three types of private VLAN ports? (Choose three.)

A.    promiscuous
B.    isolated
C.    community
D.    primary
E.    secondary
F.    trunk

Answer: ABC

Which VTP mode supports private VLANs on a switch?

A.    transparent
B.    server
C.    client
D.    off

Answer: A

Latest 300-206 questions and answers from Cisco Exam Center offered by Lead2pass for free share now! Read and remember all real questions answers, Guarantee pass 300-206 real test 100% or full money back!

300-206 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDQ3hFS2lmMTdVb3c

2017 Cisco 300-206 exam dumps (All 251 Q&As) from Lead2pass:

https://www.lead2pass.com/300-206.html [100% Exam Pass Guaranteed]

Lead2pass Testking Pass4sure Actualtests Others
$99.99 $124.99 $125.99 $189 $29.99-$49.99
Real Questions
Error Correction
Printable PDF
Premium VCE
VCE Simulator
One Time Purchase
Instant Download
Unlimited Install
100% Pass Guarantee
100% Money Back