[2017 New] 300-206 Exam Dumps Free Download In Lead2pass 100% 300-206 Exam Questions (126-150)

2017 July Cisco Official New Released 300-206 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

2017 timesaving comprehensive guides for Cisco 300-206 exam: Using latest released Lead2pass 300-206 exam questions, quickly pass 300-206 exam 100%! Following questions and answers are all new published by Cisco Official Exam Center!

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-206.html

QUESTION 126
In which two modes is zone-based firewall high availability available? (Choose two.)

A.    IPv4 only
B.    IPv6 only
C.    IPv4 and IPv6
D.    routed mode only
E.    transparent mode only
F.    both transparent and routed modes

Answer: CD

QUESTION 127
You are the administrator of a multicontext transparent-mode Cisco ASA that uses a shared interface that belongs to more than one context. Because the same interface will be used within all three contexts, which statement describes how you will ensure that return traffic will reach the correct context?

A.    Interfaces may not be shared between contexts in routed mode.
B.    Configure a unique MAC address per context with the no mac-address auto command.
C.    Configure a unique MAC address per context with the mac-address auto command.
D.    Use static routes on the Cisco ASA to ensure that traffic reaches the correct context.

Answer: C

QUESTION 128
A rogue device has connected to the network and has become the STP root bridge, which has caused a network availability issue.
Which two commands can protect against this problem? (Choose two.)

A.    switch(config)#spanning-tree portfast bpduguard default
B.    switch(config)#spanning-tree portfast bpdufilter default
C.    switch(config-if)#spanning-tree portfast
D.    switch(config-if)#spanning-tree portfast disable
E.    switch(config-if)#switchport port-security violation protect
F.    switch(config-if)#spanning-tree port-priority 0

Answer: AC

QUESTION 129
According to Cisco best practices, which two interface configuration commands help prevent VLAN hopping attacks? (Choose two.)

A.    switchport mode access
B.    switchport access vlan 2
C.    switchport mode trunk
D.    switchport access vlan 1
E.    switchport trunk native vlan 1
F.    switchport protected

Answer: AB

QUESTION 130
When it is configured in accordance to Cisco best practices, the switchport port-security maximum command can mitigate which two types of Layer 2 attacks? (Choose two.)

A.    rogue DHCP servers
B.    ARP attacks
C.    DHCP starvation
D.    MAC spoofing
E.    CAM attacks
F.    IP spoofing

Answer: CE

QUESTION 131
When configured in accordance to Cisco best practices, the ip verify source command can mitigate which two types of Layer 2 attacks? (Choose two.)

A.    rogue DHCP servers
B.    ARP attacks
C.    DHCP starvation
D.    MAC spoofing
E.    CAM attacks
F.    IP spoofing

Answer: DF

QUESTION 132
Lab Sim

 

 

 

Answer:
Please check the steps in explanation part below:

(1) Click on Service Policy Rules, then Edit the default inspection rule.
(2) Click on Rule Actions, then enable HTTP as shown here:

 

(3) Click on Configure, then add as shown here:

 

(4) Create the new map in ASDM like shown:

 

(5) Edit the policy as shown:

 

(6) Hit OK

QUESTION 133
You have installed a web server on a private network. Which type of NAT must you implement to enable access to the web server for public Internet users?

A.    static NAT
B.    dynamic NAT
C.    network object NAT
D.    twice NAT

Answer: A

QUESTION 134
Which type of object group will allow configuration for both TCP 80 and TCP 443?

A.    service
B.    network
C.    time range
D.    user group

Answer: A

QUESTION 135
When you configure a Botnet Traffic Filter on a Cisco firewall, what are two optional tasks? (Choose two.)

A.    Enable the use of dynamic databases.
B.    Add static entries to the database.
C.    Enable DNS snooping.
D.    Enable traffic classification and actions.
E.    Block traffic manually based on its syslog information.

Answer: BE

QUESTION 136
Refer to the exhibit. What is the effect of this configuration?

 

A.    The firewall will inspect IP traffic only between networks 192.168.1.0 and 192.168.2.0.
B.    The firewall will inspect all IP traffic except traffic to 192.168.1.0 and 192.168.2.0.
C.    The firewall will inspect traffic only if it is defined within a standard ACL.
D.    The firewall will inspect all IP traffic.

Answer: A

QUESTION 137
When you configure a Cisco firewall in multiple context mode, where do you allocate interfaces?

A.    in the system execution space
B.    in the admin context
C.    in a user-defined context
D.    in the global configuration

Answer: A

QUESTION 138
At which layer does Dynamic ARP Inspection validate packets?

A.    Layer 2
B.    Layer 3
C.    Layer 4
D.    Layer 7

Answer: A

QUESTION 139
Which feature can suppress packet flooding in a network?

A.    PortFast
B.    BPDU guard
C.    Dynamic ARP Inspection
D.    storm control

Answer: D

QUESTION 140
What is the default violation mode that is applied by port security?

A.    restrict
B.    protect
C.    shutdown
D.    shutdown VLAN

Answer: C

QUESTION 141
What are two security features at the access port level that can help mitigate Layer 2 attacks? (Choose two.)

A.    DHCP snooping
B.    IP Source Guard
C.    Telnet
D.    Secure Shell
E.    SNMP

Answer: AB

QUESTION 142
At which layer does MACsec provide encryption?

A.    Layer 1
B.    Layer 2
C.    Layer 3
D.    Layer 4

Answer: B

QUESTION 143
What are two enhancements of SSHv2 over SSHv1? (Choose two.)

A.    VRF-aware SSH support
B.    DH group exchange support
C.    RSA support
D.    keyboard-interactive authentication
E.    SHA support

Answer: AB

QUESTION 144
What is the result of the default ip ssh server authenticate user command?

A.    It enables the public key, keyboard, and password authentication methods.
B.    It enables the public key authentication method only.
C.    It enables the keyboard authentication method only.
D.    It enables the password authentication method only.

Answer: A

QUESTION 145
What are three of the RBAC views within Cisco IOS Software? (Choose three.)

A.    Admin
B.    CLI
C.    Root
D.    Super Admin
E.    Guest
F.    Super

Answer: BCF

QUESTION 146
Which Cisco TrustSec role does a Cisco ASA firewall serve within an identity architecture?

A.    Access Requester
B.    Policy Decision Point
C.    Policy Information Point
D.    Policy Administration Point
E.    Policy Enforcement Point

Answer: E

QUESTION 147
What are two high-level task areas in a Cisco Prime Infrastructure life-cycle workflow? (Choose two.)

A.    Design
B.    Operate
C.    Maintain
D.    Log
E.    Evaluate

Answer: AB

QUESTION 148
What are three ways to add devices in Cisco Prime Infrastructure? (Choose three.)

A.    Use an automated process.
B.    Import devices from a CSV file.
C.    Add devices manually.
D.    Use RADIUS.
E.    Use the Access Control Server.
F.    Use Cisco Security Manager.

Answer: ABC

QUESTION 149
Which statement about Cisco Security Manager form factors is true?

A.    Cisco Security Manager Professional and Cisco Security Manager UCS Server Bundles support FWSMs.
B.    Cisco Security Manager Standard and Cisco Security Manager Professional support FWSMs.
C.    Only Cisco Security Manager Professional supports FWSMs.
D.    Only Cisco Security Manager Standard supports FWSMs.

Answer: A

QUESTION 150
Which Cisco Security Manager form factor is recommended for deployments with fewer than 25 devices?

A.    only Cisco Security Manager Standard
B.    only Cisco Security Manager Professional
C.    only Cisco Security Manager UCS Server Bundle
D.    both Cisco Security Manager Standard and Cisco Security Manager Professional

Answer: A

Lead2pass is confident that our NEW UPDATED 300-206 exam questions and answers are changed with Cisco Official Exam Center. If you cannot pass 300-206 exam, never mind, we will return your full money back! Visit Lead2pass exam dumps collection website now and download 300-206 exam dumps instantly today!

300-206 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDQ3hFS2lmMTdVb3c

2017 Cisco 300-206 exam dumps (All 251 Q&As) from Lead2pass:

https://www.lead2pass.com/300-206.html [100% Exam Pass Guaranteed]