[Free] 2017(Nov) Dumps4cert Testinsides Cisco 300-206 Dumps with VCE and PDF Download 151-160

Dumps4cert 2017 Nov Cisco Official New Released 300-206
100% Free Download! 100% Pass Guaranteed!
http://www.Dumps4cert.com/300-206.html

Implementing Cisco Edge Network Security Solutions

Question No: 151

What is the default behavior of an access list on the Cisco ASA security appliance?

  1. It will permit or deny traffic based on the access-list criteria.

  2. It will permit or deny all traffic on a specified interface.

  3. An access group must be configured before the access list will take effect for traffic control.

  4. It will allow all traffic.

Answer: C

Question No: 152

Which addresses are considered quot;ambiguous addressesquot; and are put on the greylist by the Cisco ASA botnet traffic filter feature?

  1. addresses that are unknown

  2. addresses that are on the greylist identified by the dynamic database

  3. addresses that are blacklisted by the dynamic database but also are identified by the static whitelist

  4. addresses that are associated with multiple domain names, but not all of these domain names are on theblacklist

Answer: D

Question No: 153

An administrator is deploying port-security to restrict traffic from certain ports to specific MAC addresses. Which two considerations must an administrator take into account when using the switchport port-security macaddress sticky command? (Choose two.)

  1. The configuration will be updated with MAC addresses from traffic seen ingressing the port.

    The configuration will automatically be saved to NVRAM if no other changes to the configuration have been made.

  2. The configuration will be updated with MAC addresses from traffic seen ingressing the port.The configuration will not automatically be saved to NVRAM.

  3. Only MAC addresses with the 5th most significant bit of the address (the #39;sticky#39; bit) set to 1 will be learned.

  4. If configured on a trunk port without the #39;vlan#39; keyword, it will apply to all vlans.

  5. If configured on a trunk port without the #39;vlan#39; keyword, it will apply only to the native vlan.

Answer: B,E

Question No: 154

Which action is considered a best practice for the Cisco ASA firewall?

  1. Use threat detection to determine attacks

  2. Disable the enable password

  3. Disable console logging

  4. Enable ICMP permit to monitor the Cisco ASA interfaces

  5. Enable logging debug-trace to send debugs to the syslog server

Answer: A

Question No: 155

Which command is used to nest objects in a pre-existing group?

  1. object-group

  2. network group-object

  3. object-group network

  4. group-object

Answer: D

Question No: 156

Which two options are private-VLAN secondary VLAN types? (Choose two)

  1. Isolated

  2. Secured

  3. Community

  4. Common

  5. Segregated

Answer: A,C Explanation:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guid e/cli/ CLIConfigurationGuide/PrivateVLANs.html

Question No: 157

A router is being enabled for SSH command line access. The following steps have been taken:

-The vty ports have been configured with transport input SSH and login local.

-Local user accounts have been created.

-The enable password has been configured.

What additional step must be taken if users receive a #39;connection refused#39; error when attempting to access the router via SSH?

  1. A RSA keypair must be generated on the router

  2. An access list permitting SSH inbound must be configured and applied to the vty ports

  3. An access list permitting SSH outbound must be configured and applied to the vty ports

  4. SSH v2.0 must be enabled on the router

Answer: A

Question No: 158

Which statement about SNMP support on the Cisco ASA appliance is true?

  1. The Cisco ASA appliance supports only SNMPv1 or SNMPv2c.

  2. The Cisco ASA appliance supports read-only and read-write access.

  3. The Cisco ASA appliance supports three built-in SNMPv3 groups in Cisco ASDM: Authentication and Encryption, Authentication Only, and No Authentication, No Encryption.

  4. The Cisco ASA appliance can send SNMP traps to the network management station only using SNMPv2.

Answer: C

Question No: 159

A network printer has a DHCP server service that cannot be disabled. How can a layer 2 switch be configured to prevent the printer from causing network issues?

  1. Remove the ip helper-address

  2. Configure a Port-ACL to block outbound TCP port 68

  3. Configure DHCP snooping

  4. Configure port-security

Answer: C

Question No: 160

Refer to the exhibit.

Dumps4Cert 2017 PDF and VCE

Which statement about this access list is true?

  1. This access list does not work without 6to4 NAT

  2. IPv6 to IPv4 traffic permitted on the Cisco ASA by default

  3. This access list is valid and works without additional configuration

  4. This access list is not valid and does not work at all

  5. We can pass only IPv6 to IPv6 and IPv4 to IPv4 traffic

Answer: A Explanation:

ASA 9.0(1) code introduced the Unified ACL for IPv4 and IPv6. ACLs now support IPv4 and IPv6 addresses. You can even specify a mix of IPv4 and IPv6 addresses for the source and destination. The any keyword was changed to represent IPv4 and IPv6 traffic. The any4 and any6 keywords were added to represent IPv4-only and IPv6-only traffic, respectively. The IPv6-specific ACLs are deprecated. Existing IPv6 ACLs are migrated to extended ACLs.

100% Free Download!
Download Free Demo:300-206 Demo PDF
100% Pass Guaranteed!
Download 2017 Dumps4cert 300-206 Full Exam PDF and VCE

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 Dumps4cert IT Certification PDF and VCE