The Updated Guide To 300-206 exam

Q1. You are the administrator of a Cisco ASA 9.0 firewall and have been tasked with ensuring that the Firewall Admins Active Directory group has full access to the ASA configuration. The Firewall Operators Active Directory group should have a more limited level of access. 

Which statement describes how to set these access levels? 

A. Use Cisco Directory Agent to configure the Firewall Admins group to have privilege level 15 access. Also configure the Firewall Operators group to have privilege level 6 access. 

B. Use TACACS+ for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group. 

C. Use RADIUS for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group. 

D. Active Directory Group membership cannot be used as a determining factor for accessing the Cisco ASA CLI. 

View Answer

Q2. Which command tests authentication with SSH and shows a generated key? 

A. show key mypubkey rsa 

B. show crypto key mypubkey rsa 

C. show crypto key 

D. show key mypubkey 

View Answer

Q3. Which action is considered a best practice for the Cisco ASA firewall? 

A. Use threat detection to determine attacks 

B. Disable the enable password 

C. Disable console logging D. Enable ICMP permit to monitor the Cisco ASA interfaces 

E. Enable logging debug-trace to send debugs to the syslog server 

View Answer

Q4. Which three compliance and audit report types are available in Cisco Prime Infrastructure? (Choose three.) 

A. Service 

B. Change Audit 

C. Vendor Advisory 

D. TAC Service Request 

E. Validated Design 

F. Smart Business Architecture 

View Answer

Q5. A network engineer is asked to configure NetFlow to sample one of every 100 packets on a router's fa0/0 interface. Which configuration enables sampling, assuming that NetFlow is already configured and running on the router's fa0/0 interface? 

A. flow-sampler-map flow1 

mode random one-out-of 100 

interface fas0/0 

flow-sampler flow1 

B. flow monitor flow1 

mode random one-out-of 100 

interface fas0/0 

ip flow monitor flow1 

C. flow-sampler-map flow1 

one-out-of 100 

interface fas0/0 

flow-sampler flow1 

D. ip flow-export source fas0/0 one-out-of 100 

View Answer

Q6. In IOS routers, what configuration can ensure both prevention of ntp spoofing and accurate time ensured? 

A. ACL permitting udp 123 from ntp server 

B. ntp authentication 

C. multiple ntp servers 

D. local system clock 

View Answer

Q7. When you configure a Botnet Traffic Filter on a Cisco firewall, what are two optional tasks? (Choose two.) 

A. Enable the use of dynamic databases. 

B. Add static entries to the database. 

C. Enable DNS snooping. 

D. Enable traffic classification and actions. 

E. Block traffic manually based on its syslog information. 

View Answer

Q8. You have explicitly added the line deny ipv6 any log to the end of an IPv6 ACL on a router interface. Which two ICMPv6 packet types must you explicitly allow to enable traffic to traverse the interface? (Choose two.) 

A. router solicitation 

B. router advertisement 

C. neighbor solicitation 

D. neighbor advertisement 

E. redirect 

View Answer

Q9. Which function in the Cisco ADSM ACL Manager pane allows an administrator to search for a specfic element? 

A. Find 

B. Device Management 

C. Search 

D. Device Setup 

View Answer

Q10. Which two device types can Cisco Prime Security Manager manage in Multiple Device mode? (Choose two.) 

A. Cisco ESA 

B. Cisco ASA 

C. Cisco WSA 

D. Cisco ASA CX 

View Answer