2017 July Cisco Official New Released 300-206 Dumps in Lead2pass.com!
100% Free Download! 100% Pass Guaranteed!
We never believe in second chances and Lead2pass brings you the best 300-206 Exam Questions which will make you pass in the first attempt. We guarantee all questions and answers in our 300-206 Dumps are the latest released, we check all exam dumps questions from time to time according to Cisco Official Center, in order to guarantee you can read the latest questions!
Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-206.html
QUESTION 1
Which three commands can be used to harden a switch? (Choose three.)
A. switch(config-if)# spanning-tree bpdufilter enable
B. switch(config)# ip dhcp snooping
C. switch(config)# errdisable recovery interval 900
D. switch(config-if)# spanning-tree guard root
E. switch(config-if)# spanning-tree bpduguard disable
F. switch(config-if)# no cdp enable
Answer: BDF
QUESTION 2
What are three features of the Cisco ASA 1000V? (Choose three.)
A. cloning the Cisco ASA 1000V
B. dynamic routing
C. the Cisco VNMC policy agent
D. IPv6
E. active/standby failover
F. QoS
Answer: ACE
QUESTION 3
If the Cisco ASA 1000V has too few licenses, what is its behavior?
A. It drops all traffic.
B. It drops all outside-to-inside packets.
C. It drops all inside-to-outside packets.
D. It passes the first outside-to-inside packet and drops all remaining packets.
Answer: D
QUESTION 4
A network administrator is creating an ASA-CX administrative user account with the following parameters:
– The user will be responsible for configuring security policies on network devices.
– The user needs read-write access to policies.
– The account has no more rights than necessary for the job.
What role will the administrator assign to the user?
A. Administrator
B. Security administrator
C. System administrator
D. Root Administrator
E. Exec administrator
Answer: B
QUESTION 5
Which two web browsers are supported for the Cisco ISE GUI? (Choose two.)
A. HTTPS-enabled Mozilla Firefox version 3.x
B. Netscape Navigator version 9
C. Microsoft Internet Explorer version 8 in Internet Explorer 8-only mode
D. Microsoft Internet Explorer version 8 in all Internet Explorer modes
E. Google Chrome (all versions)
Answer: AC
QUESTION 6
With Cisco ASA active/standby failover, by default, how many monitored interface failures will cause failover to occur?
A. 1
B. 2
C. 3
D. 4
E. 5
Answer: A
QUESTION 7
Which statement about SNMP support on the Cisco ASA appliance is true?
A. The Cisco ASA appliance supports only SNMPv1 or SNMPv2c.
B. The Cisco ASA appliance supports read-only and read-write access.
C. The Cisco ASA appliance supports three built-in SNMPv3 groups in Cisco ASDM:
Authentication and Encryption, Authentication Only, and No Authentication, No Encryption.
D. The Cisco ASA appliance can send SNMP traps to the network management station only using SNMPv2.
Answer: C
QUESTION 8
Which statement about Cisco ASA multicast routing support is true?
A. The Cisco ASA appliance supports PIM dense mode, sparse mode, and BIDIR-PIM.
B. The Cisco ASA appliance supports only stub multicast routing by forwarding IGMP messages from
multicast receivers to the upstream multicast router.
C. The Cisco ASA appliance supports DVMRP and PIM.
D. The Cisco ASA appliance supports either stub multicast routing or PIM, but both cannot be enabled
at the same time.
E. The Cisco ASA appliance supports only IGMP v1.
Answer: D
QUESTION 9
How many interfaces can a Cisco ASA bridge group support and how many bridge groups can a Cisco ASA appliance support?
A. up to 2 interfaces per bridge group and up to 4 bridge groups per Cisco ASA appliance
B. up to 2 interfaces per bridge group and up to 8 bridge groups per Cisco ASA appliance
C. up to 4 interfaces per bridge group and up to 4 bridge groups per Cisco ASA appliance
D. up to 4 interfaces per bridge group and up to 8 bridge groups per Cisco ASA appliance
E. up to 8 interfaces per bridge group and up to 4 bridge groups per Cisco ASA appliance
F. up to 8 interfaces per bridge group and up to 8 bridge groups per Cisco ASA appliance
Answer: D
QUESTION 10
Which addresses are considered “ambiguous addresses” and are put on the greylist by the Cisco ASA botnet traffic filter feature?
A. addresses that are unknown
B. addresses that are on the greylist identified by the dynamic database
C. addresses that are blacklisted by the dynamic database but also are identified by the static whitelist
D. addresses that are associated with multiple domain names, but not all of these domain names are
on the blacklist
Answer: D
QUESTION 11
For which purpose is the Cisco ASA CLI command aaa authentication match used?
A. Enable authentication for SSH and Telnet connections to the Cisco ASA appliance.
B. Enable authentication for console connections to the Cisco ASA appliance.
C. Enable authentication for connections through the Cisco ASA appliance.
D. Enable authentication for IPsec VPN connections to the Cisco ASA appliance.
E. Enable authentication for SSL VPN connections to the Cisco ASA appliance.
F. Enable authentication for Cisco ASDM connections to the Cisco ASA appliance.
Answer: C
QUESTION 12
A network engineer is asked to configure NetFlow to sample one of every 100 packets on a router’s fa0/0 interface. Which configuration enables sampling, assuming that NetFlow is already configured and running on the router’s fa0/0 interface?
A. flow-sampler-map flow1
mode random one-out-of 100
interface fas0/0
flow-sampler flow1
B. flow monitor flow1
mode random one-out-of 100
interface fas0/0
ip flow monitor flow1
C. flow-sampler-map flow1
one-out-of 100
interface fas0/0
flow-sampler flow1
D. ip flow-export source fas0/0 one-out-of 100
Answer: A
QUESTION 13
What is the default log level on the Cisco Web Security Appliance?
A. Trace
B. Debug
C. Informational
D. Critical
Answer: C
QUESTION 14
Which command sets the source IP address of the NetFlow exports of a device?
A. ip source flow-export
B. ip source netflow-export
C. ip flow-export source
D. ip netflow-export source
Answer: C
QUESTION 15
Which two SNMPv3 features ensure that SNMP packets have been sent securely?” Choose two.
A. host authorization
B. authentication
C. encryption
D. compression
Answer: BC
QUESTION 16
Which three logging methods are supported by Cisco routers? (Choose three.)
A. console logging
B. TACACS+ logging
C. terminal logging
D. syslog logging
E. ACL logging
F. RADIUS logging
Answer: ACD
QUESTION 17
Which three options are default settings for NTP parameters on a Cisco device? (Choose three.)
A. NTP authentication is enabled.
B. NTP authentication is disabled.
C. NTP logging is enabled.
D. NTP logging is disabled.
E. NTP access is enabled.
F. NTP access is disabled.
Answer: BDE
QUESTION 18
A Cisco ASA is configured for TLS proxy. When should the security appliance force remote IP phones connecting to the phone proxy through the internet to be in secured mode?
A. When the Cisco Unified Communications Manager cluster is in non-secure mode
B. When the Cisco Unified Communications Manager cluster is in secure mode only
C. When the Cisco Unified Communications Manager is not part of a cluster
D. When the Cisco ASA is configured for IPSec VPN
Answer: A
QUESTION 19
Which two features are supported when configuring clustering of multiple Cisco ASA appliances? (Choose two.)
A. NAT
B. dynamic routing
C. SSL remote access VPN
D. IPSec remote access VPN
Answer: AB
QUESTION 20
Which two device types can Cisco Prime Security Manager manage in Multiple Device mode? (Choose two.)
A. Cisco ESA
B. Cisco ASA
C. Cisco WSA
D. Cisco ASA CX
Answer: BD
QUESTION 21
Which technology provides forwarding-plane abstraction to support Layer 2 to Layer 7 network services in Cisco Nexus 1000V?
A. Virtual Service Node
B. Virtual Service Gateway
C. Virtual Service Data Path
D. Virtual Service Agent
Answer: C
QUESTION 22
To which interface on a Cisco ASA 1000V firewall should a security profile be applied when a VM sits behind it?
A. outside
B. inside
C. management
D. DMZ
Answer: B
QUESTION 23
You are configuring a Cisco IOS Firewall on a WAN router that is operating as a Trusted Relay Point (TRP) in a voice network. Which feature must you configure to open data- channel pinholes for voice packets that are sourced from a TRP within the WAN?
A. CAC
B. ACL
C. CBAC
D. STUN
Answer: D
QUESTION 24
If you encounter problems logging in to the Cisco Security Manager 4.4 web server or client or backing up its databases, which account has most likely been improperly modified?
A. admin (the default administrator account)
B. casuser (the default service account)
C. guest (the default guest account)
D. user (the default user account)
Answer: B
QUESTION 25
Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance?
A. a DES or 3DES license
B. a NAT policy server
C. a SQL database
D. a Kerberos key
E. a digital certificate
Answer: A
Lead2pass new released 300-206 PDF are now for free download, download it right now and pass your exam 100%.
300-206 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDQ3hFS2lmMTdVb3c
2017 Cisco 300-206 exam dumps (All 251 Q&As) from Lead2pass:
https://www.lead2pass.com/300-206.html [100% Exam Pass Guaranteed]