♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 300-206 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 300-206 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/300-206-exam-dumps.html
Q111. Which security operations management best practice should be followed to enable appropriate network access for administrators?
A. Provide full network access from dedicated network administration systems
B. Configure the same management account on every network device
C. Dedicate a separate physical or logical plane for management traffic
D. Configure switches as terminal servers for secure device access
Answer: C
Q112. Which two statements about Cisco IDS are true? (Choose two.)
A. It is preferred for detection-only deployment.
B. It is used for installations that require strong network-based protection and that include sensor tuning.
C. It is used to boost sensor sensitivity at the expense of false positives.
D. It is used to monitor critical systems and to avoid false positives that block traffic.
E. It is used primarily to inspect egress traffic, to filter outgoing threats.
Answer: A,D
Q113. Which technology can be deployed with a Cisco ASA 1000V to segregate Layer 2 access within a virtual cloud environment?
A. Cisco Nexus 1000V
B. Cisco VSG
C. WSVA
D. ESVA
Answer: A
Q114. Which configuration keyword will configure SNMPv3 with authentication but no encryption?
A. Auth
B. Priv
C. No auth
D. Auth priv
Answer: A
Q115. In which two modes is zone-based firewall high availability available? (Choose two.)
A. IPv4 only
B. IPv6 only
C. IPv4 and IPv6
D. routed mode only
E. transparent mode only
F. both transparent and routed modes
Answer: C,D
Q116. Which three options describe how SNMPv3 traps can be securely configured to be sent by
IOS? (Choose three.)
A. An SNMPv3 group is defined to configure the read and write views of the group.
B. An SNMPv3 user is assigned to SNMPv3 group and defines the encryption and authentication credentials.
C. An SNMPv3 host is configured to define where the SNMPv3 traps will be sent.
D. An SNMPv3 host is used to configure the encryption and authentication credentials for SNMPv3 traps.
E. An SNMPv3 view is defined to configure the address of where the traps will be sent.
F. An SNMPv3 group is used to configure the OIDs that will be reported.
Answer: A,B,C
Q117. Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525?
A. A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in the global inspection policy
B. A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy
C. An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect option
D. A class-map that matches port 2525 and applying it on an access-list using the inspect option
Answer: A
Q118. Which three options are hardening techniques for Cisco IOS routers? (Choose three.)
A. limiting access to infrastructure with access control lists
B. enabling service password recovery
C. using SSH whenever possible
D. encrypting the service password
E. using Telnet whenever possible
F. enabling DHCP snooping
Answer: A,C,D
Q119. Which three options are default settings for NTP parameters on a Cisco device? (Choose three.)
A. NTP authentication is enabled.
B. NTP authentication is disabled.
C. NTP logging is enabled.
D. NTP logging is disabled.
E. NTP access is enabled.
F. NTP access is disabled.
Answer: B,D,E
Q120. Which two options are purposes of the packet-tracer command? (Choose two.)
A. to filter and monitor ingress traffic to a switch
B. to configure an interface-specific packet trace
C. to simulate network traffic through a data path
D. to debug packet drops in a production network
E. to automatically correct an ACL entry in an ASA
Answer: C,D