[2017 New] Free 300-206 Exam Dumps With PDF And VCE Download (201-225)

2017 August Cisco Official New Released 300-206 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

2017 latest released Cisco official 300-206 exam question free download from Lead2pass! All new updated questions and answers are real questions from Cisco Exam Center!

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-206.html

QUESTION 201
Refer to the exhibit. Which statement about this access list is true?
 
A.    This access list does not work without 6to4 NAT
B.    IPv6 to IPv4 traffic permitted on the Cisco ASA by default
C.    This access list is valid and works without additional configuration
D.    This access list is not valid and does not work at all
E.    We can pass only IPv6 to IPv6 and IPv4 to IPv4 traffic

Answer: A
Explanation:
ASA 9.0(1) code introduced the Unified ACL for IPv4 and IPv6. ACLs now support IPv4 and IPv6 addresses. You can even specify a mix of IPv4 and IPv6 addresses for the source and destination. The any keyword was changed to represent IPv4 and IPv6 traffic. The any4 and any6 keywords were added to represent IPv4-only and IPv6-only traffic, respectively. The IPv6-specific ACLs are deprecated. Existing IPv6 ACLs are migrated to extended ACLs.

QUESTION 202
Which option must be configured on a transparent Cisco ASA adaptive security appliance for it to be managed over Layer 3 networks?

A.    Static routes
B.    Routed interface
C.    Security context
D.    BVI

Answer: D

QUESTION 203
Which statement about Dynamic ARP Inspection is true ?

A.    In a typical network, you make all ports as trusted expect for the ports connection to switches , which are untrusted
B.    DAI associates a trust state with each switch
C.    DAI determines the validity of an ARP packet based on valid IP to MAC address binding from the DHCP snooping database
D.    DAI intercepts all ARP requests and responses on trusted ports only
E.    DAI cannot drop invalid ARP packets

Answer: C

QUESTION 204
Which command is the first that you enter to check whether or not ASDM is installed on the ASA?

A.    Show ip
B.    Show running-config asdm
C.    Show running-config boot
D.    Show version
E.    Show route

Answer: B

QUESTION 205
Which option is the Cisco ASA on-box graphical management solution?

A.    SSH
B.    ASDM
C.    Console
D.    CSM

Answer: B

QUESTION 206
Which action is needed to set up SSH on the Cisco ASA firewall?

A.    Create an ACL to aloew the SSH traffic to the Cisco ASA.
B.    Configure DHCP for the client that will connect via SSH.
C.    Generate a crypto key
D.    Specify the SSH version level as either 1 or 2.
E.    Enable the HTTP server to allow authentication.

Answer: C

QUESTION 207
At which layer does MACsecprovide encryption?

A.    Layer 1
B.    Layer 2
C.    Layer 3
D.    Layer 4

Answer: B

QUESTION 208
Which command is used to disable Cisco Discovery Protocol globally on a router?

A.    Cdp disable
B.    No cdp enable
C.    No cdp
D.    No cdp run

Answer: D

QUESTION 209
Refer to the exhibit. This command is used to configure the SNMP server on a Cisco router.
Which option is the encryption password for the SNMP server?

 

A.    sha
B.    snmp
C.    group-1
D.    snmpv3

Answer: D

QUESTION 210
How much storage is allotted to maintain system,configuration, and image files on the Cisco ASA 1000V during OVF template file deployment?

A.    1GB
B.    5GB
C.    2GB
D.    10GB

Answer: C

QUESTION 211
Which action is considered a best practice for the Cisco ASA firewall?

A.    Use threat detection to determine attacks
B.    Disable the enable password
C.    Disable console logging
D.    Enable ICMP permit to monitor the Cisco ASA interfaces
E.    Enable logging debug-trace to send debugs to the syslog server

Answer: A

QUESTION 212
Which option lists cloud deployment models?

A.    Private, public, hybrid, shared
B.    Private, public, hybrid
C.    IaaS, PaaS, SaaS
D.    Private, public, hybrid, community

Answer: D
Explanation:
https://www.ibm.com/developerworks/community/blogs/722f6200-f4ca-4eb3- 9d64-
8d2b58b2d4e8/entry/4_Types_of_Cloud_Computing_Deployment_Model_You_Need_to_K now1
?lang=en

QUESTION 213
Which statement about traffic storm control behavior is true?

A.    Traffic storm control cannot determine if the packet is unicast or broadcast.
B.    If you enable broadcast and multicast traffic storm control and the combined broadcast and multicast traffic exceeds the level within a 1 second traffic storm interval, storm control drops all broadcast and multicast traffic until the end of the storm interval
C.    Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.
D.    Traffic storm control monitors incoming traffic levels over a 10 second traffic storm control interval

Answer: B

QUESTION 214
Which policy map action makes a Cisco router behave as a stateful firewall for matching traffic?

A.    Log
B.    Inspect
C.    Permit
D.    Deny

Answer: B

QUESTION 215
Refer to the exhibit. Which option describes the expected result of the capture ACL?

 

A.    The capture is applied, but we cannot see any packets in the capture
B.    The capture does not get applied and we get an error about mixed policy.
C.    The capture is applied and we can see the packets in the capture
D.    The capture is not applied because we must have a host IP as the source

Answer: A
Explanation:

 

QUESTION 216
Which configuration on a switch would be unsuccessful in preventing a DHCP starvation attack?

A.    DHCP snooping
B.    Port security
C.    Source Guard
D.    Rate Limiting

Answer: D

QUESTION 217
Refer to the exhibit. What traffic is being captured by the Cisco ASA adaptive security appliance?

 

A.    UDP traffic sourced from host 10.10.0.12 on port 80
B.    TCP traffic destined to host 10.10.0.12 on port 80
C.    TCP traffic sourced from host 10.10.0.12 on port 80
D.    UDP traffic destined to host 10.10.0.12 on port 80

Answer: C

QUESTION 218
When a traffic storm threshold occurs on a port, into which state can traffic storm control put the port?

A.    Disabled
B.    Err-disabled
C.    Disconnected
D.    Blocked
E.    Connected

Answer: B

QUESTION 219
Which Layer 2 security feature prevents traffic on a LAN from being disrupted by a broadcast,multicat, or unicast storm on one physical interface?

A.    Bridge protocol Data Unit Guard
B.    Storm Control
C.    Embedded event monitoring
D.    Access control lists

Answer: B

QUESTION 220
Which three statements about transparent firewall are true? ( Choose three)

A.    Transparent firewall works at Layer 2
B.    Both interfaces must be configured with private IP Addresses
C.    It can have only a management IP address
D.    It does not support dynamic routing protocols
E.    It only support PAT

Answer: ACD

QUESTION 221
Which information is NOT replicated to the secondary Cisco ASA adaptive security appliance in an active/standby configuration with stateful failover links ?

A.    TCP sessions
B.    DHCP lease
C.    NAT translations
D.    Routing tables

Answer: B

QUESTION 222
Which Cisco prime Infrastructure features allows you to assign templates to a group of wireless LAN controllers with similar configuration requirements?

A.    Lightweight access point configuration template
B.    Composite template
C.    Controller configuration group
D.    Shared policy object

Answer: C

QUESTION 223
For which management session types does ASDM allow a maximum simultaneous connection limit to be set?

A.    ASDM, Telnet, SSH
B.    ASDM, Telnet, SSH, console
C.    ASDM, Telnet, SSH, VTY
D.    ASDM, Telnet, SSH, other

Answer: A

QUESTION 224
What two are data and voice protocols do ASA 5500 supports? (Choose two)

A.    CTIQBE Inspection
B.    H.323 Inspection
C.    MGCP Inspection
D.    RTSP Inspection
E.    SIP Inspection
F.    Skinny (SCCP) Inspection

Answer: BD

QUESTION 225
What mean following command arp outside 10.1.1.1 0009.xxxx.2100?

A.    create static arp entry
B.    create virtual arp entry
C.    It manually assign host to access outside

Answer: A

Lead2pass offers the latest Cisco 300-206 exam questions and answers in PDF & VCE. We promise 100% 300-206 exam pass or full money back (Have a try- If success, you will get a high pay job! Failed, nothing, money back!)! We provide instant download of our 300-206 dumps after payment so you can study earlier than others!

300-206 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDQ3hFS2lmMTdVb3c

2017 Cisco 300-206 exam dumps (All 251 Q&As) from Lead2pass:

https://www.lead2pass.com/300-206.html [100% Exam Pass Guaranteed]

Why Choose Lead2pass?

If you want to pass the exam successfully in first attempt you have to choose the best IT study material provider, in my opinion, Lead2pass is one of the best way to prepare for the exam.

Lead2pass Testking Pass4sure Actualtests Others
$99.99 $124.99 $125.99 $189 $29.99-$49.99
Up-to-Dated
Real Questions
Error Correction
Printable PDF
Premium VCE
VCE Simulator
One Time Purchase
Instant Download
Unlimited Install
100% Pass Guarantee
100% Money Back