★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 300-206 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/300-206-dumps.html


Q101. In IOS routers, what configuration can ensure both prevention of ntp spoofing and accurate time ensured? 

A. ACL permitting udp 123 from ntp server 

B. ntp authentication 

C. multiple ntp servers 

D. local system clock 

Answer:


Q102. Which option is the default logging buffer size In memory of the Cisco ASA adaptive security appliance? 

A. 8KB 

B. 32KB 

C. 2KB 

D. 16KB 

E. 4KB 

Answer:

Explanation: 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_gen eral_c onfig/ monitor_syslog.html 


Q103. Which statement about Dynamic ARP Inspection is true ? 

A. In a typical network, you make all ports as trusted expect for the ports connection to switches , which are untrusted 

B. DAI associates a trust state with each switch 

C. DAI determines the validity of an ARP packet based on valid IP to MAC address binding from the DHCP snooping database 

D. DAI intercepts all ARP requests and responses on trusted ports only 

E. DAI cannot drop invalid ARP packets 

Answer:


Q104. At which layer does Dynamic ARP Inspection validate packets? 

A. Layer 2 

B. Layer 3 

C. Layer 4 

D. Layer 7 

Answer:


Q105. Which log level provides the most detail on the Cisco Web Security Appliance? 

A. Debug 

B. Critical 

C. Trace 

D. Informational 

Answer:


Q106. Which action is needed to set up SSH on the Cisco ASA firewall? 

A. Create an ACL to aloew the SSH traffic to the Cisco ASA. 

B. Configure DHCP for the client that will connect via SSH. 

C. Generate a crypto key 

D. Specify the SSH version level as either 1 or 2. 

E. Enable the HTTP server to allow authentication. 

Answer:


Q107. What is the best description of a unified ACL on a Cisco firewall? 

A. An ACL with both IPv4 and IPv6 functionality. 

B. An IPv6 ACL with IPv4 backwards compatibility. 

C. An IPv4 ACL with IPv6 support. 

D. An ACL that supports EtherType in addition to IPv6. 

Answer:

Explanation: 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_co nfig/ intro_intro.html 


Q108. A network engineer is asked to configure NetFlow to sample one of every 100 packets on a router's fa0/0 interface. Which configuration enables sampling, assuming that NetFlow is already configured and running on the router's fa0/0 interface? 

A. flow-sampler-map flow1 

mode random one-out-of 100 

interface fas0/0 

flow-sampler flow1 

B. flow monitor flow1 

mode random one-out-of 100 

interface fas0/0 

ip flow monitor flow1 

C. flow-sampler-map flow1 

one-out-of 100 

interface fas0/0 

flow-sampler flow1 

D. ip flow-export source fas0/0 one-out-of 100 

Answer:


Q109. hich command is the first that you enter to check whether or not ASDM is installed on the ASA? 

A. Show ip 

B. Show running-config asdm 

C. Show running-config boot 

D. Show version 

E. Show route 

Answer:


Q110. CORRECT TEXT 

You are the network security engineer for the Secure-X network. The company has recently detected Increase of traffic to malware Infected destinations. The Chief Security Officer deduced that some PCs in the internal networks are infected with malware and communicate with malware infected destinations. 

The CSO has tasked you with enable Botnet traffic filter on the Cisco ASA to detect and deny further connection attempts from infected PCs to malware destinations. You are also required to test your configurations by initiating connections through the Cisco ASA and then display and observe the Real-Time Log Viewer in ASDM. 

To successfully complete this activity, you must perform the following tasks: 

* Download the dynamic database and enable use of it. 

. Enable the ASA to download of the dynamic database 

. Enable the ASA to download of the dynamic database. 

. Enable DNS snooping for existing DNS inspection service policy rules.. 

. Enable Botnet Traffic Filter classification on the outside interface for All Traffic. 

. Configure the Botnet Traffic Filter to drop blacklisted traffic on the outside interface. Use the default Threat Level settings 

NOTE: The database files are stored in running memory; they are not stored in flash memory. 

NOTE: DNS is enabled on the inside interface and set to the HQ-SRV (10.10.3.20). 

NOTE: Not all ASDM screens are active for this exercise. 

. Verify that the ASA indeed drops traffic to blacklisted destinations by doing the following: 

. From the Employee PC, navigate to http://www.google.com to make sure that access to the Internet is working. 

. From the Employee PC, navigate to http://bot-sparta.no-ip.org. This destination is classified as malware destination by the Cisco SIO database. 

. From the Employee PC, navigate to http://superzarabotok-gid.ru/. This destination is classified as malware destination by the Cisco SIO database. 

. From Admin PC, launch ASDM to display and observe the Real-Time Log Viewer. 

You have completed this exercise when you have configured and successfully tested Botnet traffic filter on the Cisco ASA. 

Answer: See the explanation for detailed answer to this sim question.