300-206 | Cisco 300-206 Faq 2021

NEW QUESTION 1
What are three of the RBAC views within Cisco IOS Software? (Choose three.)

• A. Admin
• B. CLI
• C. Root
• D. Super Admin
• E. Guest
• F. Super

Answer: BCF

NEW QUESTION 2
Which option is the Cisco ASA on-box graphical management solution?

• A. SSH
• B. ASDM
• C. Console
• D. CSM

Answer: B

NEW QUESTION 3
You are a network security engineer for the Secure-X network. You have been tasked with implementing dynamic network object NAT with PAT on a Cisco AS

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
First, click on Add – Network Objects on the Network Objects/Groups tab and fill in the information as shown below:

Then, use the advanced tab and configure it as shown below:

Then hit OK, OK again, Apply, and then Send when prompted. You can verify using the instructions provided in the question

NEW QUESTION 4
DRAG DROP
Drag and drop the Cisco Prime Security Manager available reports on the left onto the correct report examples on the right.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 5
Which option is a valid action for a port security violation ?

• A. Restrict
• B. Reject
• C. Disable
• D. Reset

Answer: A

NEW QUESTION 6
An engineer is configuring Cisco ASA 1000V Cloud Firewall. Which element allows for application of a
security policy based on a class of VMs instead of based on IP addresses?

• A. port profiles
• B. port groups
• C. security groups
• D. security profiles

Answer: A

NEW QUESTION 7
It has been reported that an application is not working where an ASA is inline with the data path.
Which command can be used to confirm or deny if the ASA is responsible for this issue?

• A. test
• B. packet-tracer
• C. capture
• D. verify

Answer: B

Explanation:
In addition to capturing packets, it is possible to trace the lifespan of a packet through the ASA to see if it is behaving as expected. The packet-tracer command enables you to do the following:
Debug all packet drops in production network. Verify the configuration is working as intended.
Show all rules applicable to a packet along with the CLI lines that caused the rule addition. Show a time line of packet changes in a data-path.
Inject tracer packets into the data-path.
Search for an IPv4 or IPv6 address based on the user identity and the FQDN.
The packet-tracer command provides detailed information about the packets and how they are processed by the ASA. Packet-tracer allows a firewall administrator to inject a virtual packet into the security appliance and track the flow from ingress to egress. Along the way, the packet is evaluated against flow and route lookups, ACLs, protocol inspection, NAT, and IDS. The power of the utility comes from the ability to simulate real-world traffic by specifying source and destination addresses with protocol and port information.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/p1.html

NEW QUESTION 8
A switch is being configured at a new location that uses statically assigned IP addresses. Which will
ensure that ARP inspection works as expected?

• A. Configure the 'no-dhcp' keyword at the end of the ip arp inspection command
• B. Enable static arp inspection using the command 'ip arp inspection static vlan vlan- number
• C. Configure an arp access-list and apply it to the ip arp inspection command
• D. Enable port security

Answer: C

NEW QUESTION 9
Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the
debug output to syslog? (Choose three.)

• A. logging list test message 711001
• B. logging debug-trace
• C. logging trap debugging
• D. logging message 711001 level 7
• E. logging trap test

Answer: ABE

NEW QUESTION 10
Which statement describes what the arp outside 1.1.1.1 0192.7gid.0020 command accomplishes?

• A. enable ARP inspection for host 1.1.1.1
• B. configures proxy ARP for host 1.1.1.1
• C. assigns virtual MAC address for host 1.1.1.1
• D. creates static ARP entry for host 1.1.1.1 .

Answer: D

Explanation:
That command adds a static ARP entry to allow ARP responses from the host at 1.1.1.1 with the MAC address 0009.7cbe.2100 on the outside interface http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/fwmode.html#wp1224694

NEW QUESTION 11
An engineering team is working diligently to achieve the fastest possible throughput on a Cisco ASA deployment within the data center without sacrificing high availability or flexibility. Which type of architecture accomplishes this goal?

• A. multiple mode, transparent contexts
• B. single mode, transparent contexts
• C. multiple mode, routed contexts
• D. single mode, routed contexts

Answer: C

NEW QUESTION 12
Which two voice protocols can the Cisco ASA inspect? (Choose two.)

• A. MGCP
• B. IAX
• C. Skype
• D. CTIQBE

Answer: AD

NEW QUESTION 13
Which statement describes the correct steps to enable Botnet Traffic Filtering on a Cisco ASA version
9.0 transparent-mode firewall with an active Botnet Traffic Filtering license?

• A. Enable DNS snooping, traffic classification, and actions.
• B. Botnet Traffic Filtering is not supported in transparent mode.
• C. Enable the use of the dynamic database, enable DNS snooping, traffic classification, and actions.
• D. Enable the use of dynamic database, enable traffic classification and actions.

Answer: C

NEW QUESTION 14
What is the CLI command to enable SNMPv3 on the Cisco Web Security Appliance?

• A. snmpconfig
• B. snmpenable
• C. configsnmp
• D. enablesnmp

Answer: A

NEW QUESTION 15
Which three configurations are needed to enable SNMPv3 support on the Cisco ASA? (Choose three.)

• A. SNMPv3 Local EngineID
• B. SNMPv3 Remote EngineID
• C. SNMP Users
• D. SNMP Groups
• E. SNMP Community Strings
• F. SNMP Hosts

Answer: CDF

NEW QUESTION 16
What are two high-level task areas in a Cisco Prime Infrastructure life-cycle workflow? (Choose two.)

• A. Design
• B. Operate
• C. Maintain
• D. Log
• E. Evaluate

Answer: AB

NEW QUESTION 17
Refer to the exhibit.

To protect Host A and Host B from communicating with each other, which type of PVLAN port should be used for each host?

• A. Host A on a promiscuous port and Host B on a community port
• B. Host A on a community port and Host B on a promiscuous port
• C. Host A on an isolated port and Host B on a promiscuous port
• D. Host A on a promiscuous port and Host B on a promiscuous port
• E. Host A on an isolated port and host B on an isolated port
• F. Host A on a community port and Host B on a community port

Answer: E

NEW QUESTION 18
Which VTP mode supports private VLANs on a switch?

• A. transparent
• B. server
• C. client
• D. off

Answer: A

NEW QUESTION 19
An engineer must implement secure device management on a Cisco ASA. Which two actions are required? (Choose two)

• A. enable logging
• B. enable Telnet
• C. enable SSH
• D. disable login timeouts
• E. configure SNMPv3

Answer: CE

Explanation:
Management plane: The management plane manages traffic that is sent to the Cisco firewall device and is composed of applications and protocols such as SSH and Simple Network Management Protocol (SNMP), the more secure version for SNMP is SNMPv3. http://www.cisco.com/c/en/us/about/security-center/firewall-best-practices.html

NEW QUESTION 20
An attacker has gained physical access to a password protected router. Which command will prevent access to the startup-config in NVRAM?

• A. no service password-recovery
• B. no service startup-config
• C. service password-encryption
• D. no confreg 0x2142

Answer: A

NEW QUESTION 21
A Cisco ASA is configured for TLS proxy. When should the security appliance force remote IP phones
connecting to the phone proxy through the internet to be in secured mode?

• A. When the Cisco Unified Communications Manager cluster is in non-secure mode
• B. When the Cisco Unified Communications Manager cluster is in secure mode only
• C. When the Cisco Unified Communications Manager is not part of a cluster
• D. When the Cisco ASA is configured for IPSec VPN

Answer: A

NEW QUESTION 22
On the Cisco ASA, where are the Layer 5-7 policy maps applied?

• A. inside the Layer 3-4 policy map
• B. inside the Layer 3-4 class map
• C. inside the Layer 5-7 class map
• D. inside the Layer 3-4 service policy
• E. inside the Layer 5-7 service policy

Answer: A

NEW QUESTION 23
Which Layer 2 security feature prevents traffic on a LAN from being disrupted by a broadcast,multicat, or unicast storm on one physical interface?

• A. Bridge protocol Data Unit Guard
• B. Storm Control
• C. Embedded event monitoring
• D. Access control lists

Answer: B

NEW QUESTION 24
An engineer is asked to configure SNMP Version 3 with authentication and encryption of each SNMP
packet.
Which SNMP V3 mode must be configured to meet that requirement?

• A. priv
• B. auth
• C. pub
• D. encr

Answer: A

NEW QUESTION 25
To which port does a firewall send secure logging messages?

• A. TCP/1500
• B. UDP/1500
• C. TCP/500
• D. UDP/500

Answer: A

NEW QUESTION 26
......