web analytics

Valid 300-206 Dumps with VCE and PDF for Free (Question 76 – Question 90)

New 300-206 exam questions from PassLeader 300-206 dumps! Welcome to download the newest PassLeader 300-206 VCE and PDF dumps: http://www.passleader.com/300-206.html (223 Q&As)

P.S. Free 300-206 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpflBDRGVtd3JJR2k3ZF9sOTAyOHQ0bW1fdlJsZjFwS2xxZmx1TGVrOEdraTA

QUESTION 76
Which Cisco product provides a GUI-based device management tool to configure Cisco access routers?

A.    Cisco ASDM
B.    Cisco CP Express
C.    Cisco ASA 5500
D.    Cisco CP

Answer: D

QUESTION 77
Which statement about Cisco IPS Manager Express is true?

A.    It provides basic device management for large-scale deployments.
B.    It provides a GUI for configuring IPS sensors and security modules.
C.    It enables communication with Cisco ASA devices that have no administrative access.
D.    It provides greater security than simple ACLs.

Answer: B

QUESTION 78
Which three options describe how SNMPv3 traps can be securely configured to be sent by IOS? (Choose three.)

A.    An SNMPv3 group is defined to configure the read and write views of the group.
B.    An SNMPv3 user is assigned to SNMPv3 group and defines the encryption and authentication credentials.
C.    An SNMPv3 host is configured to define where the SNMPv3 traps will be sent.
D.    An SNMPv3 host is used to configure the encryption and authentication credentials for SNMPv3 traps.
E.    An SNMPv3 view is defined to configure the address of where the traps will be sent.
F.    An SNMPv3 group is used to configure the OIDs that will be reported.

Answer: ABC

QUESTION 79
Cisco Security Manager can manage which three products? (Choose three.)

A.    Cisco IOS
B.    Cisco ASA
C.    Cisco IPS
D.    Cisco WLC
E.    Cisco Web Security Appliance
F.    Cisco Email Security Appliance
G.    Cisco ASA CX
H.    Cisco CRS

Answer: ABC

QUESTION 80
When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled?

A.    By enabling ARP inspection; however, it cannot be controlled by an ACL
B.    By enabling ARP inspection or by configuring ACLs
C.    By configuring ACLs; however, ARP inspection is not supported
D.    By configuring NAT and ARP inspection

Answer: A

QUESTION 81
What are two primary purposes of Layer 2 detection in Cisco IPS networks? (Choose two.)

A.    identifying Layer 2 ARP attacks
B.    detecting spoofed MAC addresses and tracking 802.1X actions and data communication after a successful client association
C.    detecting and preventing MAC address spoofing in switched environments
D.    mitigating man-in-the-middle attacks

Answer: AD

QUESTION 82
What is the primary purpose of stateful pattern recognition in Cisco IPS networks?

A.    mitigating man-in-the-middle attacks
B.    using multipacket inspection across all protocols to identify vulnerability-based attacks and to thwart attacks that hide within a data stream
C.    detecting and preventing MAC address spoofing in switched environments
D.    identifying Layer 2 ARP attacks

Answer: B

QUESTION 83
What are two reasons to implement Cisco IOS MPLS Bandwidth-Assured Layer 2 Services? (Choose two.)

A.    guaranteed bandwidth and peak rates as well as low cycle periods, regardless of which systems access the device
B.    increased resiliency through MPLS FRR for AToM circuits and better bandwidth utilization through MPLS TE
C.    enabled services over an IP/MPLS infrastructure, for enhanced MPLS Layer 2 functionality
D.    provided complete proactive protection against frame and device spoofing

Answer: BC

QUESTION 84
What is the maximum jumbo frame size for IPS standalone appliances with 1G and 10G fixed or add-on interfaces?

A.    1024 bytes
B.    1518 bytes
C.    2156 bytes
D.    9216 bytes

Answer: D

QUESTION 85
Which two statements about Cisco IDS are true? (Choose two.)

A.    It is preferred for detection-only deployment.
B.    It is used for installations that require strong network-based protection and that include sensor tuning.
C.    It is used to boost sensor sensitivity at the expense of false positives.
D.    It is used to monitor critical systems and to avoid false positives that block traffic.
E.    It is used primarily to inspect egress traffic, to filter outgoing threats.

Answer: AD

QUESTION 86
What are two reasons for implementing NIPS at enterprise Internet edges? (Choose two.)

A.    Internet edges typically have a lower volume of traffic and threats are easier to detect.
B.    Internet edges typically have a higher volume of traffic and threats are more difficult to detect.
C.    Internet edges provide connectivity to the Internet and other external networks.
D.    Internet edges are exposed to a larger array of threats.
E.    NIPS is more optimally designed for enterprise Internet edges than for internal network configurations.

Answer: CD

QUESTION 87
Which statement about the Cisco ASA configuration is true?

A.    All input traffic on the inside interface is denied by the global ACL.
B.    All input and output traffic on the outside interface is denied by the global ACL.
C.    ICMP echo-request traffic is permitted from the inside to the outside, and ICMP echo-reply will be permitted from the outside back to inside.
D.    HTTP inspection is enabled in the global policy.
E.    Traffic between two hosts connected to the same interface is permitted.

Answer: B

QUESTION 88
In the default global policy, which traffic is matched for inspections by default?

A.    match any
B.    match default-inspection-traffic
C.    match access-list
D.    match port
E.    match class-default

Answer: B

QUESTION 89
Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security device?

A.    logging list critical_messages level 2
console logging critical_messages
B.    logging list critical_messages level 2
logging console critical_messages
C.    logging list critical_messages level 2
logging console enable critical_messages
D.    logging list enable critical_messages level 2
console logging critical_messages

Answer: B

QUESTION 90
An administrator is deploying port-security to restrict traffic from certain ports to specific MAC addresses. Which two considerations must an administrator take into account when using the switchport port-security mac-address sticky command? (Choose two.)

A.    The configuration will be updated with MAC addresses from traffic seen ingressing the port.
The configuration will automatically be saved to NVRAM if no other changes to the configuration have been made.
B.    The configuration will be updated with MAC addresses from traffic seen ingressing the port.
The configuration will not automatically be saved to NVRAM.
C.    Only MAC addresses with the 5th most significant bit of the address (the ‘sticky’ bit) set to 1 will be learned.
D.    If configured on a trunk port without the ‘vlan’ keyword, it will apply to all vlans.
E.    If configured on a trunk port without the ‘vlan’ keyword, it will apply only to the native vlan.

Answer: BE


New 300-206 exam questions from PassLeader 300-206 dumps! Welcome to download the newest PassLeader 300-206 VCE and PDF dumps: http://www.passleader.com/300-206.html (223 Q&As)

P.S. Free 300-206 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpflBDRGVtd3JJR2k3ZF9sOTAyOHQ0bW1fdlJsZjFwS2xxZmx1TGVrOEdraTA