All About Actual 300-206 pdf

Q1. Which statement about the configuration of Cisco ASA NetFlow v9 (NSEL) is true? 

A. Use a sysopt command to enable NSEL on a specific interface. 

B. To view bandwidth usage for NetFlow records, you must have QoS feature enabled 

C. NSEL tracks the flow continuously and provides updates every 10 seconds. 

D. You must define a flow-export event type under a policy. 

E. NSEL can be used without a collector configured. 

View Answer

Q2. hich option must be configured on a transparent Cisco ASA adaptive security appliance for it to be managed over Layer 3 networks? 

A. Static routes 

B. Routed interface 

C. Security context 

D. BVI 

View Answer

Q3. Which threat-detection feature is used to keep track of suspected attackers who create connections to too many hosts or ports? 

A. complex threat detection 

B. scanning threat detection 

C. basic threat detection 

D. advanced threat detection 

View Answer

Q4. Which statement about how the Cisco ASA supports SNMP is true? 

A. All SNMFV3 traffic on the inside interface will be denied by the global ACL 

B. The Cisco ASA and ASASM provide support for network monitoring using SNMP Versions 1,2c, and 3, but do not support the use of all three versions simultaneously. 

C. The Cisco ASA and ASASM have an SNMP agent that notifies designated management ,. stations if events occur that are predefined to require a notification, for example, when a link in the network goes up or down. 

D. SNMPv3 is enabled by default and SNMP v1 and 2c are disabled by default. 

E. SNMPv3 is more secure because it uses SSH as the transport mechanism. 

View Answer

Q5. A switch is being configured at a new location that uses statically assigned IP addresses. Which will ensure that ARP inspection works as expected? 

A. Configure the 'no-dhcp' keyword at the end of the ip arp inspection command 

B. Enable static arp inspection using the command 'ip arp inspection static vlan vlan-number 

C. Configure an arp access-list and apply it to the ip arp inspection command 

D. Enable port security 

View Answer

Q6. What are the three types of private VLAN ports? (Choose three.) 

A. promiscuous 

B. isolated 

C. community 

D. primary 

E. secondary 

F. trunk 

View Answer

Q7. Which cloud characteristic is used to describe the sharing of physical resources 

between various entities? 

A. Multitenancy 

B. Ubiquitous access 

C. Elasticity 

D. Resiliency 

View Answer

Q8. Which set of commands enables logging and displays the log buffer on a Cisco ASA? 

A. enable logging 

show logging 

B. logging enable 

show logging 

C. enable logging int e0/1 

view logging 

D. logging enable 

logging view config 

View Answer

Q9. A Cisco ASA is configured for TLS proxy. When should the security appliance force remote IP phones connecting to the phone proxy through the internet to be in secured mode? 

A. When the Cisco Unified Communications Manager cluster is in non-secure mode 

B. When the Cisco Unified Communications Manager cluster is in secure mode only 

C. When the Cisco Unified Communications Manager is not part of a cluster 

D. When the Cisco ASA is configured for IPSec VPN 

View Answer

Q10. Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525? 

A. A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in the global inspection policy 

B. A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy 

C. An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect option 

D. A class-map that matches port 2525 and applying it on an access-list using the inspect option 

View Answer