Cisco 300-206 Online Practice Questions and Exam Preparation

Cisco 300-206 Online Questions & Answers

• Question 111:

  Which two features are supported when configuring clustering of multiple Cisco ASA appliances? (Choose two.)

  A. NAT
  B. dynamic routing
  C. SSL remote access VPN
  D. IPSec remote access VPN
  A. NAT
  B. dynamic routing

• Question 112:

  All 30 users on a single floor of a building are complaining about network slowness. After investigating the access switch, the network administrator notices that the MAC address table is full (10,000 entries) and all traffic is being flooded out of every port. Which action can the administrator take to prevent this from occurring?

  A. Configure port-security to limit the number of mac-addresses allowed on each port
  B. Upgrade the switch to one that can handle 20,000 entries
  C. Configure private-vlans to prevent hosts from communicating with one another
  D. Enable storm-control to limit the traffic rate
  E. Configure a VACL to block all IP traffic except traffic to and from that subnet
  A. Configure port-security to limit the number of mac-addresses allowed on each port

• Question 113:

  Which statement about the Cisco ASA botnet traffic filter is true?

  A. The four threat levels are low, moderate, high, and very high.
  B. By default, the dynamic-filter drop blacklist interface outside command drops traffic with a threat level of high or very high.
  C. Static blacklist entries always have a very high threat level.
  D. A static or dynamic blacklist entry always takes precedence over the static whitelist entry.
  C. Static blacklist entries always have a very high threat level.

• Question 114:

  Which statement about Cisco IPS Manager Express is true?

  A. It provides basic device management for large-scale deployments.
  B. It provides a GUI for configuring IPS sensors and security modules.
  C. It enables communication with Cisco ASA devices that have no administrative access.
  D. It provides greater security than simple ACLs.
  B. It provides a GUI for configuring IPS sensors and security modules.

• Question 115:

  With what commands you can configure unified access-list on ASA CLI? (Choose two)

  A. access-list
  B. ipv6 access-list
  C. ipv6 access-list website
  D. object-group network
  E. object network
  A. access-list
  D. object-group network

• Question 116:

  Which type of authentication and encryption does SNMPv3 use at the authPriv security level?

  A. username authentication with MD5 or SHA encryption
  B. MD5 or SHA authentication with DES encryption
  C. username authentication with DES encryption
  D. DES authentication with MD5 or SHA encryption
  B. MD5 or SHA authentication with DES encryption

• Question 117:

  Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance?

  A. a DES or 3DES license
  B. a NAT policy server
  C. a SQL database
  D. a Kerberos key
  E. a digital certificate
  A. a DES or 3DES license

• Question 118:

  Which two user privileges does ASDM allow engineer to create? (Choose two)

  A. Full access
  B. admin
  C. read-write
  D. read-only
  E. write-only
  C. read-write
  E. write-only

• Question 119:

  You are using Cisco Security Manager to manage your infrastructure.

  What protocol is used by the Cisco Security Manager client to connect to the ASA?

  A. FTP
  B. Telnet
  C. SSH
  D. HTTPS
  D. HTTPS

• Question 120:

  What can you do to enable inter-interface firewall communication for traffic that flows between two interfaces of the same security level?

  A. Run the command same-security-traffic permit inter-interface globally.
  B. Run the command same-security-traffic permit intra-interface globally.
  C. Configure both interfaces to have the same security level.
  D. Run the command same-security-traffic permit inter-interface on the interface with the highest security level.
  A. Run the command same-security-traffic permit inter-interface globally.