2018 new Cisco CCNP Security 300-206 dumps exam questions and answers free download from lead4pass. Get your Cisco CCNP Security 300-206 dumps exam preparation questions in form of 300-206 PDF. Lead4pass is the best site for providing online preparation material for 300-206 exam. 100% success and guarantee to pass Cisco 300-206 exam.
With the help of latest and authentic Cisco CCNP Security 300-206 dumps exam questions, you can find the best 300-206 exam preparation kit here. Cisco CCNP Security 300-206 dumps exam preparation kit contains all the necessary https://www.leads4pass.com/300-206.html dumps exam questions that you need to know. Download Cisco CCNP Security real 300-206 exam questions and verified answers. 100% passing guarantee and full refund in case of failure.
Download free latest Cisco 300-206 dumps pdf from google drive: https://drive.google.com/open?id=0B_7qiYkH83VRckk2V1ZwWXl5dVk
Download free latest Cisco 300-208 dumps pdf from google drive: https://drive.google.com/open?id=0B_7qiYkH83VRWWVtSWlTWENZMzA
The Best Cisco CCNP Security 300-206 Dumps Exam Questions And Answers (Q11-Q40)
QUESTION 11
What is the primary purpose of stateful pattern recognition in Cisco IPS networks?
A. mitigating man-in-the-middle attacks
B. using multi packet inspection across all protocols to identify vulnerability-based attacks and to thwart attacks that hide within a data stream
C. detecting and preventing MAC address spoofing in switched environments
D. identifying Layer 2 ARP attacks
Correct Answer: B
QUESTION 12
Which two features does Cisco Security Manager provide? (Choose two.)
A. Configuration and policy deployment before device discovery
B. Health and performance monitoring
C. Event management and alerting
D. Command line menu for troubleshooting
E. Ticketing management and tracking
Correct Answer: BC
QUESTION 13
Which three options are default settings for NTP parameters on a Cisco device? (Choose three.)
A. NTP authentication is enabled.
B. NTP authentication is disabled.
C. NTP logging is enabled.
D. NTP logging is disabled.
E. NTP access is enabled.
F. NTP access is disabled.
Correct Answer: BDE
QUESTION 14
Your company is replacing a high-availability pair of Cisco ASA 5550 firewalls with the newer Cisco ASA 5555X models. Due to budget constraints, one Cisco ASA 5550 will be replaced at a time.
Which statement about the minimum requirements to set up stateful failover between these two firewalls is true?
A. You must install the USB failover cable between the two Cisco ASAs and provide a 1 Gigabit Ethernetinterface for state exchange.
B. It is not possible to use failover between different Cisco ASA models.
C. You must have at least 1 Gigabit Ethernet interface between the two Cisco ASAs for state exchange.
D. You must use two dedicated interfaces. One link is dedicated to state exchange and the other link isforheartbeats.
Correct Answer: B
QUESTION 15
Which command configures the SNMP server group1 to enable authentication for members of the access list east?
A. snmp-server group group1 v3 auth access east
B. snmp-server group1 v3 auth access east
C. snmp-server group group1 v3 east
D. snmp-server group1 v3 east access
Correct Answer: A
QUESTION 16
You are the administrator of a multicontext transparent-mode Cisco ASA that uses a shared interface that belongs to more than one context. 300-206 dumps Because the same interface will be used within all three contexts, which statement describes how you will ensure that return traffic will reach the correct context?
A. Interfaces may not be shared between contexts in routed mode.
B. Configure a unique MAC address per context with the no mac-address auto command.
C. Configure a unique MAC address per context with the mac-address auto command.
D. Use static routes on the Cisco ASA to ensure that traffic reaches the correct context.
Correct Answer: C
QUESTION 17
Which kind of Layer 2 attack targets the STP root bridge election process and allows an attacker to control the flow of traffic?
A. man-in-the-middle
B. denial of service
C. distributed denial of service
D. CAM overflow
Correct Answer: A
QUESTION 18
Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance?
A. a DES or 3DES license
B. a NAT policy server
C. a SQL database
D. a Kerberos key
E. a digital certificate
Correct Answer: A
QUESTION 19
What are three attributes that can be applied to a user account with RBAC? (Choose three.)
A. domain
B. password
C. ACE tag
D. user roles
E. VDC group tag
F. expiry date
Correct Answer: BDF
QUESTION 20
A switch is being configured at a new location that uses statically assigned IP addresses. Which will ensure that ARP inspection works as expected?
A. Configure the ‘no-dhcp’ keyword at the end of the ip arp inspection command
B. Enable static arp inspection using the command ‘ip arp inspection static vlan vlan- number
C. Configure an arp access-list and apply it to the ip arp inspection command
D. Enable port security
Correct Answer: C
QUESTION 21
At which firewall severity level will debugs appear on a Cisco ASA?
A. 7
B. 6
C. 5
D. 4
Correct Answer: A
QUESTION 22
A network printer has a DHCP server service that cannot be disabled. How can a layer 2 switch be configured to prevent the printer from causing network issues?
A. Remove the ip helper-address
B. Configure a Port-ACL to block outbound TCP port 68
C. Configure DHCP snooping
D. Configure port-security
Correct Answer: C
QUESTION 23
You have explicitly added the line deny ipv6 any log to the end of an IPv6 ACL on a router interface. Which two ICMPv6 packet types must you explicitly allow to enable traffic to traverse the interface? (Choose two.)
A. router solicitation
B. router advertisement
C. neighbor solicitation
D. neighbor advertisement
E. redirect
Correct Answer: CD
QUESTION 24
Which two device types can Cisco Prime Security Manager manage in Multiple Device mode? (Choose two.)
A. Cisco ESA
B. Cisco ASA
C. Cisco WSA
D. Cisco ASA CX
Correct Answer: BD
QUESTION 25
What are two security features at the access port level that can help mitigate Layer 2 attacks? 300-206 dumps (Choose two.)
A. DHCP snooping
B. IP Source Guard
C. Telnet
D. Secure Shell
E. SNMP
Correct Answer: AB
QUESTION 26
When it is configured in accordance to Cisco best practices, the switchport port-security maximum command can mitigate which two types of Layer 2 attacks? (Choose two.)
A. rogue DHCP servers
B. ARP attacks
C. DHCP starvation
D. MAC spoofing
E. CAM attacks
F. IP spoofing
Correct Answer: CE
QUESTION 27
In which way are management packets classified on a firewall that operates in multiple context mode?
A. by their interface IP address
B. by the routing table
C. by NAT
D. by their MAC addresses
Correct Answer: A
QUESTION 28
Which two statements about Cisco IOS Firewall are true? (Choose two.)
A. It provides stateful packet inspection.
B. It provides faster processing of packets than Cisco ASA devices provide.
C. It provides protocol-conformance checks against traffic.
D. It eliminates the need to secure routers and switches throughout the network.
E. It eliminates the need to secure host machines throughout the network.
Correct Answer: AC
QUESTION 29
Which command enables the HTTP server daemon for Cisco ASDM access?
A. http server enable
B. http server enable 443
C. crypto key generate rsa modulus 1024
D. no http server enable
Correct Answer: A
QUESTION 30
Which ASA feature is used to keep track of suspected attackers who create connections to too many hosts or ports?
A. complex threat detection
B. scanning threat detection
C. basic threat detection
D. advanced threat detection
Correct Answer: B
QUESTION 31
Which command sets the source IP address of the NetFlow exports of a device?
A. ip source flow-export
B. ip source netflow-export
C. ip flow-export source
D. ip netflow-export source
Correct Answer: C
QUESTION 32
You have installed a web server on a private network. Which type of NAT must you implement to enable access to the web server for public Internet users?
A. static NAT
B. dynamic NAT
C. network object NAT
D. twice NAT
Correct Answer: A
QUESTION 33
When you configure a Botnet Traffic Filter on a Cisco firewall, what are two optional tasks? (Choose two.)
A. Enable the use of dynamic databases.
B. Add static entries to the database.
C. Enable DNS snooping.
D. Enable traffic classification and actions.
E. Block traffic manually based on its syslog information.
Correct Answer: BE
QUESTION 34
Which two configurations are the minimum needed to enable EIGRP on the Cisco ASA appliance? (Choose two.)
A. Enable the EIGRP routing process and specify the AS number.
B. Define the EIGRP default-metric.
C. Configure the EIGRP router ID.
D. Use the neighbor command(s) to specify the EIGRP neighbors.
E. Use the network command(s) to enable EIGRP on the Cisco ASA interface(s).
Correct Answer: AE
QUESTION 35
What is the default behavior of an access list on a Cisco ASA?
A. It will permit or deny traffic based on the access list criteria.
B. It will permit or deny all traffic on a specified interface.
C. It will have no affect until applied to an interface, tunnel-group or other traffic flow.
D. It will allow all traffic.
Correct Answer: C
QUESTION 36
Which three statements about the software requirements for a firewall failover configuration are true? (Choose three.)
A. The firewalls must be in the same operating mode.
B. The firewalls must have the same major and minor software version.
C. The firewalls must be in the same context mode.
D. The firewalls must have the same major software version but can have different minor versions.
E. The firewalls can be in different context modes.
F. The firewalls can have different Cisco AnyConnect images.
Correct Answer: ABC
QUESTION 37
Which two configurations are necessary to enable password-less SSH login to an IOS router? 300-206 dumps (Choose two.)
A. Enter a copy of the administrator’s public key within the SSH key-chain
B. Enter a copy of the administrator’s private key within the SSH key-chain
C. Generate a 512-bit RSA key to enable SSH on the router
D. Generate an RSA key of at least 768 bits to enable SSH on the router
E. Generate a 512-bit ECDSA key to enable SSH on the router
F. Generate a ECDSA key of at least 768 bits to enable SSH on the router
Correct Answer: AD
QUESTION 38
When configuring security contexts on the Cisco ASA, which three resource class limits can be set using a rate limit? (Choose three.)
A. address translation rate
B. Cisco ASDM session rate
C. connections rate
D. MAC-address learning rate (when in transparent mode)
E. syslog messages rate
F. stateful packet inspections rate
Correct Answer: CEF
QUESTION 39
What is a required attribute to configure NTP authentication on a Cisco ASA?
A. Key ID
B. IPsec
C. AAA
D. IKEv2
Correct Answer: A
QUESTION 40
What is the maximum jumbo frame size for IPS standalone appliances with 1G and 10G fixed or add-on interfaces?
A. 1024 bytes
B. 1518 bytes
C. 2156 bytes
D. 9216 bytes
Correct Answer: D
The Following Are Some Reviews From Our Customers:
You can click here to have a review about us: https://www.resellerratings.com/store/lead4pass
Newest helpful Cisco CCNP Security 300-206 dumps pdf training resources which are the best for clearing 300-206 exam test, and to get certified by Cisco CCNP Security. The best and most update latest Cisco CCNP Security https://www.leads4pass.com/300-206.html dumps exam practice materials in PDF format download free try. It is the best choice for you to pass Cisco 300-206 exam.
Why Select Lead 4 pass?
High quality IT learning materials offered by the best provider lead4pass. From the following picture, you can see there is a difference between lead4pass and other brands. Other brands started earlier, but the questions are not the latest and it is very expensive. Lead4pass provide the cheapest and newest questions with high pass rate, pass Cisco 300-206 exam easily.
