★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 300-206 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/300-206-dumps.html


It is more faster and easier to pass the Cisco 300-206 exam by using Best Quality Cisco Implementing Cisco Edge Network Security Solutions questuins and answers. Immediate access to the Abreast of the times 300-206 Exam and find the same core area 300-206 questions with professionally verified answers, then PASS your exam with a high score now.

2021 Apr 300-206 question

Q61. Which information is NOT replicated to the secondary Cisco ASA adaptive security appliance in an active/standby configuration with stateful failover links ? 

A. TCP sessions 

B. DHCP lease 

C. NAT translations 

D. Routing tables 

Answer:


Q62. Which command tests authentication with SSH and shows a generated key? 

A. show key mypubkey rsa 

B. show crypto key mypubkey rsa 

C. show crypto key 

D. show key mypubkey 

Answer:


Q63. Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP via a man-in-the-middle attack? 

A. MACsec 

B. Flex VPN 

C. Control Plane Protection 

D. Dynamic Arp Inspection 

Answer:


Q64. To which port does a firewall send secure logging messages? 

A. TCP/1500 

B. UDP/1500 

C. TCP/500 

D. UDP/500 

Answer:


Q65. Which three options are hardening techniques for Cisco IOS routers? (Choose three.) 

A. limiting access to infrastructure with access control lists 

B. enabling service password recovery 

C. using SSH whenever possible 

D. encrypting the service password 

E. using Telnet whenever possible 

F. enabling DHCP snooping 

Answer: A,C,D 


Updated 300-206 free practice exam:

Q66. An attacker has gained physical access to a password protected router. Which command will prevent access to the startup-config in NVRAM? 

A. no service password-recovery 

B. no service startup-config 

C. service password-encryption 

D. no confreg 0x2142 

Answer:


Q67. A network engineer is troubleshooting and configures the ASA logging level to debugging. The logging-buffer is dominated by %ASA-6-305009 log messages. Which command suppresses those syslog messages while maintaining ability to troubleshoot? 

A. no logging buffered 305009 

B. message 305009 disable 

C. no message 305009 logging 

D. no logging message 305009 

Answer:


Q68. A Cisco ASA is configured in multiple context mode and has two user-defined contexts—Context_A and Context_B. From which context are device logging messages sent? 

A. Admin 

B. Context_A 

C. Context_B 

D. System 

Answer:


Q69. Which cloud characteristic is used to describe the sharing of physical resources 

between various entities? 

A. Multitenancy 

B. Ubiquitous access 

C. Elasticity 

D. Resiliency 

Answer:


Q70. CORRECT TEXT 

You are a network security engineer for the Secure-X network. You have been tasked with implementing dynamic network object NAT with PAT on a Cisco ASA. 

You must configure the Cisco ASA such that the source IP addresses of all internal hosts are translated to a single IP address (using different ports) when the internal hosts access the Internet. 

To successfully complete this activity, you must perform the following tasks: 

. Use the Cisco ASDM GUI on the Admin PC to configure dynamic network object NAT with PAT using the following parameters: 

. Network object name: Internal-Networks 

. IP subnet: 10.10.0.0/16 

. Translated IP address: 192.0.2.100 

. Source interface: inside 

. Destination interface: outside 

NOTE: The object (TRANSLATED-INSIDE-HOSTS) for this translated IP address has already been created for your use in this activity. 

NOTE: Not all ASDM screens are active for this exercise. 

NOTE: Login credentials are not needed for this simulation. 

. In the Cisco ASDM, display and view the auto-generated NAT rule. 

. From the Employee PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public. 

. From the Guest PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public. 

. At the CLI of the Cisco ASA, display your NAT configuration. You should see the configured policy and statistics for translated packets. 

. At the CLI of the Cisco ASA, display the translation table. You should see dynamic translations for the Employee PC and the Guest PC. Both inside IP addresses translate to the same IP address, but using different ports. 

You have completed this exercise when you have configured and successfully tested dynamic network object NAT with PAT. 

Answer: Use the following configuration as per exhibit in explanation.