Cisco 300-206 Online Practice Questions and Exam Preparation

Cisco 300-206 Online Questions & Answers

• Question 321:

  When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of the remote peer when you set the SSH server to perform RSA-based authentication?

  A. router(config-ssh-pubkey-user)#key
  B. router(conf-ssh-pubkey-user)#key-string
  C. router(config-ssh-pubkey)#key-string
  D. router(conf-ssh-pubkey-user)#key-string enable ssh
  B. router(conf-ssh-pubkey-user)#key-string

• Question 322:

  Refer to the exhibit. Which Cisco ASA CLI commands configure these static routes in the Cisco ASA routing table?

  S 10.2.2.0 255.255.255.0 [1/0] via 172.16.1.10, dmzS 10.3.3.0 255.255.255.0 [2/0] via 172.16.1.11, dmz

  A. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 route dmz 10.3.3.0 0.0.0.255 172.16.1.11
  B. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 1 route dmz 10.3.3.0 0.0.0.255 172.16.1.11 1
  C. route dmz 10.2.2.0 0.0.0.255 172.16.1.10 route dmz 10.3.3.0 0.0.0.255 172.16.1.11 2
  D. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 route dmz 10.3.3.0 255.255.255.0 172.16.1.11
  E. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 1 route dmz 10.3.3.0 255.255.255.0 172.16.1.11 1
  F. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 route dmz 10.3.3.0 255.255.255.0 172.16.1.11 2
  F. route dmz 10.2.2.0 255.255.255.0 172.16.1.10 route dmz 10.3.3.0 255.255.255.0 172.16.1.11 2

• Question 323:

  Refer to the exhibit. What type of attack is being mitigated on the Cisco ASA appliance?

  

  A. HTTP and POST flood attack
  B. HTTP Compromised-Key Attack
  C. HTTP Shockwave Flash exploit
  D. HTTP SQL injection attack
  D. HTTP SQL injection attack

• Question 324:

  Which two device types can you examine with a TrustSec Readiness Assessment report? (Choose two.)

  A. SGACL devices
  B. TrustSec incapable devices
  C. enforcement devices
  D. authentication devices
  E. security group tagging devices
  B. TrustSec incapable devices
  C. enforcement devices

• Question 325:

  Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP?

  A. MACsec
  B. Flex VPN
  C. Control Plane Protection
  D. Dynamic Arp Inspection
  A. MACsec

• Question 326:

  Which Cisco ASA show command groups the xlates and connections information together in its output?

  A. show conn
  B. show conn detail
  C. show xlate
  D. show asp
  E. show local-host
  E. show local-host

• Question 327:

  What is the default threat level in botnet traffic filtering?

  A. between Low and Moderate
  B. between Very Low and Low
  C. between High and Very High
  D. between Moderate and Very High
  D. between Moderate and Very High

• Question 328:

  When you configure a Botnet Traffic Filter on a Cisco firewall, what are two optional tasks? (Choose two.)

  A. Enable the use of dynamic databases.
  B. Add static entries to the database.
  C. Enable DNS snooping.
  D. Enable traffic classification and actions.
  E. Block traffic manually based on its syslog information.
  B. Add static entries to the database.
  E. Block traffic manually based on its syslog information.

• Question 329:

  Which two features are supported with the ASA packet-tracer command? (Choose two.)

  A. displaying each matching policy as a packet transits the firewall
  B. injecting modified ICMP packets through the firewall into the data path
  C. debugging packets in noncluster nodes
  D. injecting tracer packets through the firewall into the data path
  E. simulating a packet decrypt
  D. injecting tracer packets through the firewall into the data path
  E. simulating a packet decrypt

• Question 330:

  Which characteristic of community ports in a PVLAN is true?

  A. can communicate with isolated ports
  B. cannot communicate with other community ports in the same community.
  C. can communicate with promiscuous ports
  D. are separated at Layer 3 from all other ports
  C. can communicate with promiscuous ports