★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 300-206 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/300-206-dumps.html


Q31. Which utility can you use to troubleshoot and determine the timeline of packet changes in a data path within a Cisco firewall? 

A. packet tracer 

B. ping 

C. traceroute 

D. SNMP walk 

Answer:


Q32. When you configure a Botnet Traffic Filter on a Cisco firewall, what are two optional tasks? (Choose two.) 

A. Enable the use of dynamic databases. 

B. Add static entries to the database. 

C. Enable DNS snooping. 

D. Enable traffic classification and actions. 

E. Block traffic manually based on its syslog information. 

Answer: B,E 


Q33. What are three features of the Cisco ASA 1000V? (Choose three.) 

A. cloning the Cisco ASA 1000V 

B. dynamic routing 

C. the Cisco VNMC policy agent 

D. IPv6 

E. active/standby failover 

F. QoS 

Answer: A,C,E 


Q34. In which two modes is zone-based firewall high availability available? (Choose two.) 

A. IPv4 only 

B. IPv6 only 

C. IPv4 and IPv6 

D. routed mode only 

E. transparent mode only 

F. both transparent and routed modes 

Answer: C,D 


Q35. Cisco Security Manager can manage which three products? (Choose three.) 

A. Cisco IOS 

B. Cisco ASA 

C. Cisco IPS 

D. Cisco WLC 

E. Cisco Web Security Appliance 

F. Cisco Email Security Appliance 

G. Cisco ASA CX 

H. Cisco CRS 

Answer: A,B,C 


Q36. You have installed a web server on a private network. Which type of NAT must you implement to enable access to the web server for public Internet users? 

A. static NAT 

B. dynamic NAT 

C. network object NAT 

D. twice NAT 

Answer:


Q37. Refer to the exhibit. 

To protect Host A and Host B from communicating with each other, which type of PVLAN port should be used for each host? 

A. Host A on a promiscuous port and Host B on a community port 

B. Host A on a community port and Host B on a promiscuous port 

C. Host A on an isolated port and Host B on a promiscuous port 

D. Host A on a promiscuous port and Host B on a promiscuous port 

E. Host A on an isolated port and host B on an isolated port 

F. Host A on a community port and Host B on a community port 

Answer:


Q38. Refer to the exhibit. 

Which two statements about this firewall output are true? (Choose two.) 

A. The output is from a packet tracer debug. 

B. All packets are allowed to 192.168.1.0 255.255.0.0. 

C. All packets are allowed to 192.168.1.0 255.255.255.0. 

D. All packets are denied. 

E. The output is from a debug all command. 

Answer: A,C 


Q39. What is the default behavior of NAT control on Cisco ASA Software Version 8.3? 

A. NAT control has been deprecated on Cisco ASA Software Version 8.3. 

B. It will prevent traffic from traversing from one enclave to the next without proper access configuration. 

C. It will allow traffic to traverse from one enclave to the next without proper access configuration. 

D. It will deny all traffic. 

Answer:


Q40. When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of the remote peer when you set the SSH server to perform RSA-based authentication? 

A. router(config-ssh-pubkey-user)#key 

B. router(conf-ssh-pubkey-user)#key-string 

C. router(config-ssh-pubkey)#key-string 

D. router(conf-ssh-pubkey-user)#key-string enable ssh 

Answer: