[PDF&VCE] 300-206 New Questions For Passing The 300-206 Certification Exam (21-40)

2016 October Cisco Official New Released 300-206 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Are you worrying about the 300-206 exam? Lead2pass provides the latest 300-206 braindumps and guarantees you passing 300-206 exam beyond any doubt.

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/300-206.html

QUESTION 21
Which technology provides forwarding-plane abstraction to support Layer 2 to Layer 7 network services in Cisco Nexus 1000V?

A.    Virtual Service Node
B.    Virtual Service Gateway
C.    Virtual Service Data Path
D.    Virtual Service Agent

Answer: C

QUESTION 22
To which interface on a Cisco ASA 1000V firewall should a security profile be applied when a VM sits behind it?

A.    outside
B.    inside
C.    management
D.    DMZ

Answer: B

QUESTION 23
You are configuring a Cisco IOS Firewall on a WAN router that is operating as a Trusted Relay Point (TRP) in a voice network. Which feature must you configure to open data- channel pinholes for voice packets that are sourced from a TRP within the WAN?

A.    CAC
B.    ACL
C.    CBAC
D.    STUN

Answer: D

QUESTION 24
If you encounter problems logging in to the Cisco Security Manager 4.4 web server or client or backing up its databases, which account has most likely been improperly modified?

A.    admin (the default administrator account)
B.    casuser (the default service account)
C.    guest (the default guest account)
D.    user (the default user account)

Answer: B

QUESTION 25
Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance?

A.    a DES or 3DES license
B.    a NAT policy server
C.    a SQL database
D.    a Kerberos key
E.    a digital certificate

Answer: A

QUESTION 26
Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525?

A.    A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in
the global inspection policy
B.    A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy
C.    An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect option
D.    A class-map that matches port 2525 and applying it on an access-list using the inspect option

Answer: A

QUESTION 27
A network administrator is creating an ASA-CX administrative user account with the following parameters:
– The user will be responsible for configuring security policies on network devices.
– The user needs read-write access to policies.
– The account has no more rights than necessary for the job.
What role will be assigned to the user?

A.    Administrator
B.    Security administrator
C.    System administrator
D.    Root Administrator
E.    Exec administrator

Answer: B

QUESTION 28
Which tool provides the necessary information to determine hardware lifecycle and compliance details for deployed network devices?

A.    Prime Infrastructure
B.    Prime Assurance
C.    Prime Network Registrar
D.    Prime Network Analysis Module

Answer: A

QUESTION 29
Which three compliance and audit report types are available in Cisco Prime Infrastructure? (Choose three.)

A.    Service
B.    Change Audit
C.    Vendor Advisory
D.    TAC Service Request
E.    Validated Design
F.    Smart Business Architecture

Answer: ABC

QUESTION 30
Which statement about the Cisco ASA botnet traffic filter is true?

A.    The four threat levels are low, moderate, high, and very high.
B.    By default, the dynamic-filter drop blacklist interface outside command drops traffic with a threat
level of high or very high.
C.    Static blacklist entries always have a very high threat level.
D.    A static or dynamic blacklist entry always takes precedence over the static whitelist entry.

Answer: C

QUESTION 31
Where in the Cisco ASA appliance CLI are Active/Active Failover configuration parameters configured?

A.    admin context
B.    customer context
C.    system execution space
D.    within the system execution space and admin context
E.    within each customer context and admin context

Answer: C

QUESTION 32
Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols?

A.    network
B.    ICMP
C.    protocol
D.    TCP-UDP
E.    service

Answer: E

QUESTION 33
Which Cisco ASA show command groups the xlates and connections information together in its output?

A.    show conn
B.    show conn detail
C.    show xlate
D.    show asp
E.    show local-host

Answer: E

QUESTION 34
When a Cisco ASA is configured in multiple context mode, within which configuration are the interfaces allocated to the security contexts?

A.    each security context
B.    system configuration
C.    admin context (context with the “admin” role)
D.    context startup configuration file (.cfg file)

Answer: B

QUESTION 35
When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified?

A.    The nameif configuration on the member physical interfaces are identical.
B.    The MAC address configuration on the member physical interfaces are identical.
C.    The active interface is sending periodic hellos to the standby interface.
D.    The IP address configuration on the logical redundant interface is correct.
E.    The duplex and speed configuration on the logical redundant interface are correct.

Answer: D

QUESTION 36
On the Cisco ASA, where are the Layer 5-7 policy maps applied?

A.    inside the Layer 3-4 policy map
B.    inside the Layer 3-4 class map
C.    inside the Layer 5-7 class map
D.    inside the Layer 3-4 service policy
E.    inside the Layer 5-7 service policy

Answer: A

QUESTION 37
A Cisco ASA requires an additional feature license to enable which feature?

A.    transparent firewall
B.    cut-thru proxy
C.    threat detection
D.    botnet traffic filtering
E.    TCP normalizer

Answer: D

QUESTION 38
Which four are IPv6 First Hop Security technologies? (Choose four.)

A.    Send
B.    Dynamic ARP Inspection
C.    Router Advertisement Guard
D.    Neighbor Discovery Inspection
E.    Traffic Storm Control
F.    Port Security
G.    DHCPv6 Guard

Answer: ACDG

QUESTION 39
IPv6 addresses in an organization’s network are assigned using Stateless Address
Autoconfiguration. What is a security concern of using SLAAC for IPv6 address assignment?

A.    Man-In-The-Middle attacks or traffic interception using spoofed IPv6 Router Advertisements
B.    Smurf or amplification attacks using spoofed IPv6 ICMP Neighbor Solicitations
C.    Denial of service attacks using TCP SYN floods
D.    Denial of Service attacks using spoofed IPv6 Router Solicitations

Answer: A

QUESTION 40
Which two parameters must be configured before you enable SCP on a router? (Choose two.)

A.    SSH
B.    authorization
C.    ACLs
D.    NTP
E.    TACACS+

Answer: AB

Lead2pass offers the latest 300-206 PDF and VCE dumps with new version VCE player for free download, and the new 300-206 dump ensures your exam 100% pass.

300-206 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDWFY3cWxuWnJKQ28

2016 Cisco 300-206 exam dumps (All 223 Q&As) from Lead2pass:

http://www.lead2pass.com/300-206.html [100% Exam Pass Guaranteed]

Lead2pass Testking Pass4sure Actualtests Others
$99.99 $124.99 $125.99 $189 $29.99-$49.99
Up-to-Dated
Real Questions
Error Correction
Printable PDF
Premium VCE
VCE Simulator
One Time Purchase
Instant Download
Unlimited Install
100% Pass Guarantee
100% Money Back