The Secret of Cisco 300-206 pdf

Q1. Which statement about the Cisco Security Manager 4.4 NAT Rediscovery feature is true? 

A. It provides NAT policies to existing clients that connect from a new switch port. 

B. It can update shared policies even when the NAT server is offline. 

C. It enables NAT policy discovery as it updates shared polices. 

D. It enables NAT policy rediscovery while leaving existing shared polices unchanged. 

View Answer

Q2. What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS sessions and HTTPS access? 

A. sslconfig 

B. sslciphers 

C. tlsconifg 

D. certconfig 

View Answer

Q3. What is the default behavior of NAT control on Cisco ASA Software Version 8.3? 

A. NAT control has been deprecated on Cisco ASA Software Version 8.3. 

B. It will prevent traffic from traversing from one enclave to the next without proper access configuration. 

C. It will allow traffic to traverse from one enclave to the next without proper access configuration. 

D. It will deny all traffic. 

View Answer

Q4. A network administrator is creating an ASA-CX administrative user account with the following parameters: 

The user will be responsible for configuring security policies on network devices. 

The user needs read-write access to policies. 

The account has no more rights than necessary for the job. 

What role will the administrator assign to the user? 

A. Administrator 

B. Security administrator 

C. System administrator 

D. Root Administrator 

E. Exec administrator 

View Answer

Q5. Refer to the exhibit. 

Which two statements about this firewall output are true? (Choose two.) 

A. The output is from a packet tracer debug. 

B. All packets are allowed to 192.168.1.0 255.255.0.0. 

C. All packets are allowed to 192.168.1.0 255.255.255.0. 

D. All packets are denied. 

E. The output is from a debug all command. 

View Answer

Q6. Which Cisco product provides a GUI-based device management tool to configure Cisco access routers? 

A. Cisco ASDM 

B. Cisco CP Express 

C. Cisco ASA 5500 

D. Cisco CP 

View Answer

Q7. An administrator is deploying port-security to restrict traffic from certain ports to specific MAC addresses. Which two considerations must an administrator take into account when using the switchport port-security mac-address sticky command? (Choose two.) 

A. The configuration will be updated with MAC addresses from traffic seen ingressing the port. The configuration will automatically be saved to NVRAM if no other changes to the configuration have been made. 

B. The configuration will be updated with MAC addresses from traffic seen ingressing the port. The configuration will not automatically be saved to NVRAM. 

C. Only MAC addresses with the 5th most significant bit of the address (the 'sticky' bit) set to 1 will be learned. 

D. If configured on a trunk port without the 'vlan' keyword, it will apply to all vlans. 

E. If configured on a trunk port without the 'vlan' keyword, it will apply only to the native vlan. 

View Answer

Q8. Which two router commands enable NetFlow on an interface? (Choose two.) 

A. ip flow ingress 

B. ip flow egress 

C. ip route-cache flow infer-fields 

D. ip flow ingress infer-fields 

E. ip flow-export version 9 

View Answer

Q9. Which cloud characteristic is used to describes the sharing of physical resource between various 

entities ? 

A. Elasticity 

B. Ubiquitous access 

C. Multitenancy 

D. Resiliency 

View Answer

Q10. What are two primary purposes of Layer 2 detection in Cisco IPS networks? (Choose two.) 

A. identifying Layer 2 ARP attacks 

B. detecting spoofed MAC addresses and tracking 802.1X actions and data communication after a successful client association 

C. detecting and preventing MAC address spoofing in switched environments 

D. mitigating man-in-the-middle attacks 

View Answer