300-206 Exam Details
-
Exam Code
:300-206 -
Exam Name
:Implementing Cisco Edge Network Security Solutions -
Certification
:Cisco Certifications -
Vendor
:Cisco -
Total Questions
:463 Q&As -
Last Updated
:Dec 11, 2021
Cisco 300-206 Online Questions & Answers
-
Question 251:
You are the administrator of a multicontext transparent-mode Cisco ASA that uses a shared interface that belongs to more than one context. Because the same interface will be used within all three contexts, which statement describes how you will ensure that return traffic will reach the correct context?
A. Interfaces may not be shared between contexts in routed mode.
B. Configure a unique MAC address per context with the no mac-address auto command.
C. Configure a unique MAC address per context with the mac-address auto command.
D. Use static routes on the Cisco ASA to ensure that traffic reaches the correct context. -
Question 252:
Which statement about Dynamic ARP Inspection is true ?
A. In a typical network, you make all ports as trusted expect for the ports connection to switches , which are untrusted
B. DAI associates a trust state with each switch
C. DAI determines the validity of an ARP packet based on valid IP to MAC address binding from the DHCP snooping database
D. DAI intercepts all ARP requests and responses on trusted ports only
E. DAI cannot drop invalid ARP packets -
Question 253:
An SNMP host is an IP address to which SNMP notifications and traps are sent. To configure SNMFV3 hosts, which option must you configure in addition to the target IP address?
A. the Cisco ASA as a DHCP server, so the SNMFV3 host can obtain an IP address
B. a username, because traps are only sent to a configured user
C. SSH, so the user can connect to the Cisco ASA
D. the Cisco ASA with a dedicated interface only for SNMP, to process the SNMP host traffic. -
Question 254:
Refer to the exhibit. Which two are true statements about the expected port security behavior? (Choose two)
A. If a violation occurs, the swith port waits one minute to recover by default.
B. Only one MAC address can be learnded by default on the switch port.
C. Up to five MAC addresses can be learned by default on the switch port.
D. If a violation occurs, the switch port remains active, but the traffic is dropped.
E. If a violation occurs, the swithc port shuts down. -
Question 255:
Refer to the exhibit:
access-list 20 permit ip any host 192.168.1.5capture CAPT-X type asp-drop acl-drop access-list 20
Capture does not get applied and we get an error about mixed policy. Choose two reason why this is the case.
A. Ipv6 is enabled on the firewall
B. The any key in the access-list should be stated as IPv4 (kind of like any4)
C. Syntax of access-list command is wrong.
D. Syntax if capture command is wrong. -
Question 256:
A customer has two ISPs for Internal traffic and a firewall with one interface configured to each ISP. An engineer discovers there is asymmetric routing when using the internal traffic leaving is using ISP 1 and returning traffic is using ISP 2.
Which feature fixes this connectivity
A. seurity zones
B. routed mode
C. failover
D. multiple contexts
E. network address transaction -
Question 257:
Which three statements about private VLANs are true? (Choose three.)
A. Isolated ports can talk to promiscuous and community ports.
B. Promiscuous ports can talk to isolated and community ports.
C. Private VLANs run over VLAN Trunking Protocol in client mode.
D. Private VLANS run over VLAN Trunking Protocol in transparent mode.
E. Community ports can talk to each other as well as the promiscuous port.
F. Primary, secondary, and tertiary VLANs are required for private VLAN implementation. -
Question 258:
SSHv2 is not explicitly allowed on router by command "ip ssh version 2". Which statement is true?
A. only SSHv1 is allowed
B. only SSHv2 is allowed
C. both SSHv1 and SSHv2 are allowed
D. SSH version must be explicitly specified -
Question 259:
IPv6 addresses in an organization's network are assigned using Stateless Address Autoconfiguration. What is a security concern of using SLAAC for IPv6 address assignment?
A. Man-In-The-Middle attacks or traffic interception using spoofed IPv6 Router Advertisements
B. Smurf or amplification attacks using spoofed IPv6 ICMP Neighbor Solicitations
C. Denial of service attacks using TCP SYN floods
D. Denial of Service attacks using spoofed IPv6 Router Solicitations -
Question 260:
What are Options of capture command
A. host
B. real-time
C. type
Related Exams:
-
300-745
Designing Cisco Security Infrastructure (300-745 SDSI) v1.0 -
350-101
Implementing and Operating Cisco Wireless Core Technologies (350-101 WLCOR)v1.0 -
352-011
Cisco Certified Design Expert Practical -
500-052
Cisco Unified Contact Center Express -
500-173
Designing the FlexPod Solution (FPDESIGN) -
500-201
Deploying Cisco Service Provider Mobile Backhaul Solutions -
500-210
SP Optical Technology Field Engineer Representative -
500-220
Engineering Cisco Meraki Solutions (ECMS) v2.2 -
500-230
Cisco Service Provider Routing Field Engineer -
500-240
Cisco Mobile Backhaul for Field Engineers
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 300-206 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.