300-206 Exam Questions - Online Test
300-206 Premium VCE File
150 Lectures, 20 Hours
Pinpoint of cisco 300 206 download materials and forum for Cisco certification for customers, Real Success Guaranteed with Updated 300 206 senss pdf pdf dumps vce Materials. 100% PASS Implementing Cisco Edge Network Security Solutions exam Today!
Q11. An administrator is deploying port-security to restrict traffic from certain ports to specific MAC addresses. Which two considerations must an administrator take into account when using the switchport port-security mac-address sticky command? (Choose two.)
A. The configuration will be updated with MAC addresses from traffic seen ingressing the port. The configuration will automatically be saved to NVRAM if no other changes to the configuration have been made.
B. The configuration will be updated with MAC addresses from traffic seen ingressing the port. The configuration will not automatically be saved to NVRAM.
C. Only MAC addresses with the 5th most significant bit of the address (the 'sticky' bit) set to 1 will be learned.
D. If configured on a trunk port without the 'vlan' keyword, it will apply to all vlans.
E. If configured on a trunk port without the 'vlan' keyword, it will apply only to the native vlan.
Answer: B,E
Q12. What is the best description of a unified ACL on a Cisco firewall?
A. An ACL with both IPv4 and IPv6 functionality.
B. An IPv6 ACL with IPv4 backwards compatibility.
C. An IPv4 ACL with IPv6 support.
D. An ACL that supports EtherType in addition to IPv6.
Answer: A
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_co nfig/ intro_intro.html
Q13. Which two configurations are necessary to enable password-less SSH login to an IOS router? (Choose two.)
A. Enter a copy of the administrator's public key within the SSH key-chain
B. Enter a copy of the administrator's private key within the SSH key-chain
C. Generate a 512-bit RSA key to enable SSH on the router
D. Generate an RSA key of at least 768 bits to enable SSH on the router
E. Generate a 512-bit ECDSA key to enable SSH on the router
F. Generate a ECDSA key of at least 768 bits to enable SSH on the router
Answer: A,D
Q14. You have installed a web server on a private network. Which type of NAT must you implement to enable access to the web server for public Internet users?
A. static NAT
B. dynamic NAT
C. network object NAT
D. twice NAT
Answer: A
Q15. Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance?
A. a DES or 3DES license
B. a NAT policy server
C. a SQL database
D. a Kerberos key
E. a digital certificate
Answer: A
Q16. At which layer does Dynamic ARP Inspection validate packets?
A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 7
Answer: A
Q17. A rogue device has connected to the network and has become the STP root bridge, which has caused a network availability issue.
Which two commands can protect against this problem? (Choose two.)
A. switch(config)#spanning-tree portfast bpduguard default
B. switch(config)#spanning-tree portfast bpdufilter default
C. switch(config-if)#spanning-tree portfast
D. switch(config-if)#spanning-tree portfast disable
E. switch(config-if)#switchport port-security violation protect
F. switch(config-if)#spanning-tree port-priority 0
Answer: A,C
Q18. Which technology provides forwarding-plane abstraction to support Layer 2 to Layer 7 network services in Cisco Nexus 1000V?
A. Virtual Service Node
B. Virtual Service Gateway
C. Virtual Service Data Path
D. Virtual Service Agent
Answer: C
Q19. What is the lowest combination of ASA model and license providing 1 Gigabit Ethernet interfaces?
A. ASA 5505 with failover license option
B. ASA 5510 Security+ license option
C. ASA 5520 with any license option
D. ASA 5540 with AnyConnect Essentials License option
Answer: B
Q20. To which interface on a Cisco ASA 1000V firewall should a security profile be applied when a VM sits behind it?
A. outside
B. inside
C. management
D. DMZ
Answer: B
- The Secret of Cisco 200-125 vce
- All About Downloadable 200-125 exam question
- 10 Tips For Improve 200-125 braindumps
- The Far out Guide To 300-075 exam
- Refresh Cisco 300-101 exam question
- Updated Cisco 400-201 exam dumps
- 10 Tips For Up to the minute 300-206 practice test
- Latest Cisco 200-105 exam dumps
- The Secret Of Cisco 300-920 Training
- The Updated Guide To 810-403 exam dumps