[Free] 2017(Nov) Dumps4cert Testinsides Cisco 300-206 Dumps with VCE and PDF Download 141-150

Dumps4cert 2017 Nov Cisco Official New Released 300-206
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/300-206.html

Implementing Cisco Edge Network Security Solutions

Question No: 141

You have explicitly added the line deny ipv6 any log to the end of an IPv6 ACL on a router interface. Which two ICMPv6 packet types must you explicitly allow to enable traffic to traverse the interface? (Choose two.)

  1. router solicitation

  2. router advertisement

  3. neighbor solicitation

  4. neighbor advertisement

  5. redirect

Answer: C,D

Question No: 142

Which two router commands enable NetFlow on an interface? (Choose two.)

  1. ip flow ingress

  2. ip flow egress

  3. ip route-cache flow infer-fields

  4. ip flow ingress infer-fields

  5. ip flow-export version 9

Answer: A,B

Question No: 143

Which command sets the source IP address of the NetFlow exports of a device?

  1. ip source flow-export

  2. ip source netflow-export

  3. ip flow-export source

  4. ip netflow-export source

Answer: C

Question No: 144

Which two features block traffic that is sourced from non-topological IPv6 addresses? (Choose two.)

  1. DHCPv6 Guard

  2. IPv6 Prefix Guard

  3. IPv6 RA Guard

  4. IPv6 Source Guard

Answer: B,D

Question No: 145

A Cisco ASA requires an additional feature license to enable which feature?

  1. transparent firewall

  2. cut-thru proxy

  3. threat detection

  4. botnet traffic filtering

  5. TCP normalizer

Answer: D

Question No: 146

For which purpose is the Cisco ASA CLI command aaa authentication match used?

  1. Enable authentication for SSH and Telnet connections to the Cisco ASA appliance.

  2. Enable authentication for console connections to the Cisco ASA appliance.

  3. Enable authentication for connections through the Cisco ASA appliance.

  4. Enable authentication for IPsec VPN connections to the Cisco ASA appliance.

  5. Enable authentication for SSL VPN connections to the Cisco ASA appliance.

  6. Enable authentication for Cisco ASDM connections to the Cisco ASA appliance.

Answer: C

Question No: 147 CORRECT TEXT

You are a network security engineer for the Secure-X network. You have been tasked with implementing dynamic network object NAT with PAT on a Cisco ASA. You must configure the Cisco ASA such that the source IP addresses of all internal hosts are translated to a single IP address (using different ports) when the internal hosts access the Internet.

To successfully complete this activity, you must perform the following tasks:

  • Use the Cisco ASDM GUI on the Admin PC to configure dynamic network object NAT with PAT using the following parameters:

  • Network object name: Internal-Networks

    鈥?IP subnet: 10.10.0.0/16

  • Translated IP address: 192.0.2.100

  • Source interface: inside

  • Destination interface: outside

    NOTE: The object (TRANSLATED-INSIDE-HOSTS) for this translated IP address has already been created for your use in this activity.

    NOTE: Not all ASDM screens are active for this exercise. NOTE: Login credentials are not needed for this simulation.

  • In the Cisco ASDM, display and view the auto-generated NAT rule.

  • From the Employee PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public.

  • From the Guest PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public.

  • At the CLI of the Cisco ASA, display your NAT configuration. You should see the configured policy and statistics for translated packets.

  • At the CLI of the Cisco ASA, display the translation table. You should see dynamic translations for the Employee PC and the Guest PC. Both inside IP addresses translate to the same IP address, but using different ports.

You have completed this exercise when you have configured and successfully tested dynamic network object NAT with PAT.

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Dumps4Cert 2017 PDF and VCE

Answer: See the explanation for detailed answer to this sim question.

Explanation:

First, click on Add – Network Objects on the Network Objects/Groups tab and fill in the information as shown below:

Dumps4Cert 2017 PDF and VCE

\\psf\Home\.Trash\Screen Shot 2015-06-17 at 5.19.15 PM.png Then, use the advanced tab and configure it as shown below:

Dumps4Cert 2017 PDF and VCE

\\psf\Home\.Trash\Screen Shot 2015-06-17 at 5.17.53 PM.png

Then hit OK, OK again, Apply, and then Send when prompted. You can verify using the instructions provided in the question

Question No: 148

What is the default behavior of an access list on a Cisco ASA?

  1. It will permit or deny traffic based on the access list criteria.

  2. It will permit or deny all traffic on a specified interface.

  3. It will have no affect until applied to an interface, tunnel-group or other traffic flow.

  4. It will allow all traffic.

Answer: C

Question No: 149

You are the administrator of a Cisco ASA 9.0 firewall and have been tasked with ensuring that the Firewall Admins Active Directory group has full access to the ASA configuration. The Firewall Operators Active Directory group should have a more limited level of access.

Which statement describes how to set these access levels?

  1. Use Cisco Directory Agent to configure the Firewall Admins group to have privilege level 15 access. Alsoconfigure the Firewall Operators group to have privilege level 6 access.

  2. Use TACACS for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server.

    Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group.

  3. Use RADIUS for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server.

    Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group.

  4. Active Directory Group membership cannot be used as a determining factor for accessing the Cisco ASACLI.

Answer: B

Question No: 150

IPv6 addresses in an organization#39;s network are assigned using Stateless Address Autoconfiguration. What is a security concern of using SLAAC for IPv6 address assignment?

  1. Man-In-The-Middle attacks or traffic interception using spoofed IPv6 Router Advertisements

  2. Smurf or amplification attacks using spoofed IPv6 ICMP Neighbor Solicitations

  3. Denial of service attacks using TCP SYN floods

  4. Denial of Service attacks using spoofed IPv6 Router Solicitations

Answer: A

100% Free Download!
Download Free Demo:300-206 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4cert 300-206 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE