Cisco Official News: Cisco Official Exam Center New Released 300-206 Dumps Questions, Many New Questions added into it! Braindump2go Offer Free Sample Questions and Answers for Download Now! Visit Our Webiste, get the new updated Questions then pass Cisco 300-206 at the first try!
Vendor: Cisco
Exam Code: 300-206
Exam Name: Implementing Cisco Edge Network Security Solutions
Keywords: 300-206 Exam Dumps,300-206 Practice Tests,300-206 Practice Exams,300-206 Exam Questions,300-206 PDF,300-206 VCE Free,300-206 Book,300-206 E-Book,300-206 Study Guide,300-206 Braindump,300-206 Prep Guide
QUESTION 171
Which Layer 2 security feature validates ARP packets?
A. DAI
B. DHCP server
C. BPDU guard
D. BPDU filtering
Answer: A
QUESTION 172
If you disable PortFast on switch ports that are connected to a Cisco ASA and globally turn on BPDU filtering, what is the effect on the switch ports?
A. The switch ports are prevented from going into an err-disable state if a BPDU is received.
B. The switch ports are prevented from going into an err-disable state if a BPDU is sent.
C. The switch ports are prevented from going into an err-disable state if a BPDU is received and sent.
D. The switch ports are prevented from forming a trunk.
Answer: C
QUESTION 173
In a Cisco ASAv failover deployment, which interface is preconfigured as the failover interface?
A. GigabitEthernet0/2
B. GigabitEthernet0/4
C. GigabitEthernet0/6
D. GigabitEthernet0/8
Answer: D
QUESTION 174
What are the three types of private VLAN ports? (Choose three.)
A. promiscuous
B. isolated
C. community
D. primary
E. secondary
F. trunk
Answer: ABC
QUESTION 175
Which VTP mode supports private VLANs on a switch?
A. transparent
B. server
C. client
D. off
Answer: A
QUESTION 176
Which technology can be deployed with a Cisco ASA 1000V to segregate Layer 2 access within a virtual cloud environment?
A. Cisco Nexus 1000V
B. Cisco VSG
C. WSVA
D. ESVA
Answer: A
QUESTION 177
What is the best description of a unified ACL on a Cisco firewall?
A. An ACL with both IPv4 and IPv6 functionality.
B. An IPv6 ACL with IPv4 backwards compatibility.
C. An IPv4 ACL with IPv6 support.
D. An ACL that supports EtherType in addition to IPv6.
Answer: A
QUESTION 178
Refer to the exhibit. Which type of ACL is shown in this configuration?
A. IPv4
B. IPv6
C. unified
D. IDFW
Answer: C
QUESTION 179
You are the network security engineer for the Secure-X network. The company has recently detected Increase of traffic to malware Infected destinations. The Chief Security Officer deduced that some PCs in the internal networks are infected with malware and communicate with malware infected destinations.
The CSO has tasked you with enable Botnet traffic filter on the Cisco ASA to detect and deny further connection attempts from infected PCs to malware destinations. You are also required to test your configurations by initiating connections through the Cisco ASA and then display and observe the Real-Time Log Viewer in ASDM.
To successfully complete this activity, you must perform the following tasks:
– Download the dynamic database and enable use of it.
– Enable the ASA to download of the dynamic database
– Enable the ASA to download of the dynamic database.
– Enable DNS snooping for existing DNS inspection service policy rules..
– Enable Botnet Traffic Filter classification on the outside interface for All Traffic.
– Configure the Botnet Traffic Filter to drop blacklisted traffic on the outside interface. Use the default Threat Level settings
NOTE: The database files are stored in running memory; they are not stored in flash memory.
NOTE: DNS is enabled on the inside interface and set to the HQ-SRV (10.10.3.20).
NOTE: Not all ASDM screens are active for this exercise.
– Verify that the ASA indeed drops traffic to blacklisted destinations by doing the following:
– From the Employee PC, navigate to http://www.google.com to make sure that access to the Internet is working.
– From the Employee PC, navigate to http://bot-sparta.no-ip.org. This destination is classified as malware destination by the Cisco SIO database.
– From the Employee PC, navigate to http://superzarabotok-gid.ru/. This destination is classified as malware destination by the Cisco SIO database.
– From Admin PC, launch ASDM to display and observe the Real-Time Log Viewer.
You have completed this exercise when you have configured and successfully tested Botnet traffic filter on the Cisco ASA.
See the explanation for detailed answer to this sim question.
First, click on both boxes on the Botnet Database as shown below and hit apply:
Click Yes to send the commands when prompted.
Then, click on the box on the DNS Snooping page as shown below and hit apply:
Click Yes to send the commands when prompted.
Then, click on the box on the Traffic Settings tab as shown:
At which point this pop-up box will appear when you click on the Add button:
Click OK. Then Apply. Then Send when prompted.
Then verify that all is working according to the instructions given in the question.
QUESTION 180
You are a network security engineer for the Secure-X network. You have been tasked with implementing dynamic network object NAT with PAT on a Cisco ASA. You must configure the Cisco ASA such that the source IP addresses of all internal hosts are translated to a single IP address (using different ports) when the internal hosts access the Internet.
To successfully complete this activity, you must perform the following tasks:
– Use the Cisco ASDM GUI on the Admin PC to configure dynamic network object NAT with PAT using the following parameters:
– Network object name: Internal-Networks
– IP subnet: 10.10.0.0/16
– Translated IP address: 192.0.2.100
– Source interface: inside
– Destination interface: outside
NOTE: The object (TRANSLATED-INSIDE-HOSTS) for this translated IP address has already been created for your use in this activity.
NOTE: Not all ASDM screens are active for this exercise.
NOTE: Login credentials are not needed for this simulation.
– In the Cisco ASDM, display and view the auto-generated NAT rule.
– From the Employee PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public.
– From the Guest PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public.
– At the CLI of the Cisco ASA, display your NAT configuration. You should see the configured policy and statistics for translated packets.
– At the CLI of the Cisco ASA, display the translation table. You should see dynamic translations for the Employee PC and the Guest PC. Both inside IP addresses translate to the same IP address, but using different ports.
You have completed this exercise when you have configured and successfully tested dynamic network object NAT with PAT.
Answer:
See the explanation for detailed answer to this sim question.
First, click on Add Network Objects on the Network Objects/Groups tab and fill in the information as shown below:
Then, use the advanced tab and configure it as shown below:
Then hit OK, OK again, Apply, and then Send when prompted. You can verify using the instructions provided in the question
QUESTION 181
Refer to the exhibit. What type of attack is being mitigated on the Cisco ASA appliance?
A. HTTP and POST flood attack
B. HTTP Compromised-Key Attack
C. HTTP Shockwave Flash exploit
D. HTTP SQL injection attack
Answer: D
QUESTION 182
Hotspot Question
In your role as network security administrator, you have installed syslog server software on a server whose IP address is 10.10.2.40. According to the exhibits, why isn’t the syslog server receiving any syslog messages?
A. Logging is not enabled globally on the Cisco ASA.
B. The syslog server has failed.
C. There have not been any events with a severity level of seven.
D. The Cisco ASA is not configured to log messages to the syslog server at that IP address.
Answer: B
Explanation:
By process of elimination, we know that the other answers choices are not correct so that only leaves us with the server must have failed. We can see from the following screen shots, that events are being generated with severity level of debugging and below, The 10.10.2.40 IP address has been configured as a syslog server, and that logging has been enabled globally:
QUESTION 183
Hotspot Question
According to the logging configuration on the Cisco ASA, what will happen if syslog server 10.10.2.40 fails?
A. New connections through the ASA will be blocked and debug system logs will be sent to the internal buffer.
B. New connections through the ASA will be blocked and informational system logs will be sent to the internal buffer.
C. New connections through the ASA will be blocked and system logs will be sent to server 10.10.2.41.
D. New connections through the ASA will be allowed and system logs will be sent to server 10.10.2.41.
E. New connections through the ASA will be allowed and informational system logs will be sent to the internal buffer.
F. New connections through the ASA will be allowed and debug system logs will be sent to the internal buffer.
Answer: B
Explanation:
This is shown by the following screen shot:
QUESTION 184
Hotspot Question
Which statement is true of the logging configuration on the Cisco ASA?
A. The contents of the internal buffer will be saved to an FTP server before the buffer is overwritten.
B. The contents of the internal buffer will be saved to flash memory before the buffer is overwritten.
C. System log messages with a severity level of six and higher will be logged to the internal buffer.
D. System log messages with a severity level of six and lower will be logged to the internal buffer.
Answer: C
Explanation:
Thanks For Trying Braindump2go Latest Cisco 300-206 Dumps Questions! Braindump2go Exam Dumps ADVANTAGES:
☆ 100% Pass Guaranteed Or Full Money Back!
☆ Instant Download Access After Payment!
☆ One Year Free Updation!
☆ Well Formated: PDF,VCE,Exam Software!
☆ Multi-Platform capabilities – Windows, Laptop, Mac, Android, iPhone, iPod, iPad.
☆ Professional, Quick,Patient IT Expert Team 24/7/3184 Onlinen Help You!
☆ We served more than 35,000 customers all around the world in last 5 years with 98.99% PASS RATE!
☆ Guaranteed Secure Shopping! Your Transcations are protected by Braindump2go all the time!
☆ Pass any exams at the FIRST try!