★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 300-206 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/300-206-dumps.html


Cause all that matters here is passing the Cisco 300-206 exam. Cause all that you need is a high score of 300-206 Implementing Cisco Edge Network Security Solutions exam. The only one thing you need to do is downloading Pass4sure 300-206 exam study guides now. We will not let you down with our money-back guarantee.

2021 Mar 300-206 exams

Q111. Which statement about traffic storm control behavior is true? 

A. Traffic storm control cannot determine if the packet is unicast or broadcast. 

B. If you enable broadcast and multicast traffic storm control and the combined broadcast and multicast traffic exceeds the level within a 1 second traffic storm interval, storm control drops all broadcast and multicast traffic until the end of the storm interval 

C. Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast. 

D. Traffic storm control monitors incoming traffic levels over a 10 second traffic storm control interval 

Answer:


Q112. Which kind of Layer 2 attack targets the STP root bridge election process and allows an attacker to control the flow of traffic? 

A. man-in-the-middle 

B. denial of service 

C. distributed denial of service 

D. CAM overflow 

Answer:


Q113. What are two security features at the access port level that can help mitigate Layer 2 attacks? (Choose two.) 

A. DHCP snooping 

B. IP Source Guard 

C. Telnet 

D. Secure Shell 

E. SNMP 

Answer: A,B 


Q114. Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525? 

A. A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in the global inspection policy 

B. A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy 

C. An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect option 

D. A class-map that matches port 2525 and applying it on an access-list using the inspect option 

Answer:


Q115. Which configuration on a switch would be unsuccessful in preventing a DHCP starvation attack? 

A. DHCP snooping 

B. Port security 

C. Source Guard 

D. Rate Limiting 

Answer:


Update 300-206 free practice questions:

Q116. CORRECT TEXT 

You are the network security engineer for the Secure-X network. The company has recently detected Increase of traffic to malware Infected destinations. The Chief Security Officer deduced that some PCs in the internal networks are infected with malware and communicate with malware infected destinations. 

The CSO has tasked you with enable Botnet traffic filter on the Cisco ASA to detect and deny further connection attempts from infected PCs to malware destinations. You are also required to test your configurations by initiating connections through the Cisco ASA and then display and observe the Real-Time Log Viewer in ASDM. To successfully complete this activity, you must perform the following tasks: 

* Download the dynamic database and enable use of it. 

. Enable the ASA to download of the dynamic database 

. Enable the ASA to download of the dynamic database. 

. Enable DNS snooping for existing DNS inspection service policy rules.. 

. Enable Botnet Traffic Filter classification on the outside interface for All Traffic. 

. Configure the Botnet Traffic Filter to drop blacklisted traffic on the outside interface. Use the default Threat Level settings 

NOTE: The database files are stored in running memory; they are not stored in flash memory. 

NOTE: DNS is enabled on the inside interface and set to the HQ-SRV (10.10.3.20). 

NOTE: Not all ASDM screens are active for this exercise. 

. Verify that the ASA indeed drops traffic to blacklisted destinations by doing the following: 

. From the Employee PC, navigate to http://www.google.com to make sure that access to the Internet is working. 

. From the Employee PC, navigate to http://bot-sparta.no-ip.org. This destination is classified as malware destination by the Cisco SIO database. 

. From the Employee PC, navigate to http://superzarabotok-gid.ru/. This destination is classified as malware destination by the Cisco SIO database. 

. From Admin PC, launch ASDM to display and observe the Real-Time Log Viewer. 

Answer: Use the following configuration to setup in explanation. 


Q117. What is the result of the default ip ssh server authenticate user command? 

A. It enables the public key, keyboard, and password authentication methods. B. It enables the public key authentication method only. 

C. It enables the keyboard authentication method only. 

D. It enables the password authentication method only. 

Answer:


Q118. Which two options are private-VLAN secondary VLAN types? (Choose two) 

A. Isolated 

B. Secured 

C. Community 

D. Common 

E. Segregated 

Answer: A,C 

Explanation: 

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guid e/cli/ CLIConfigurationGuide/PrivateVLANs.html 


Q119. What is the CLI command to enable SNMPv3 on the Cisco Web Security Appliance? 

A. snmpconfig 

B. snmpenable 

C. configsnmp 

D. enablesnmp 

Answer:


Q120. What are two reasons to implement Cisco IOS MPLS Bandwidth-Assured Layer 2 Services? (Choose two.) 

A. guaranteed bandwidth and peak rates as well as low cycle periods, regardless of which systems access the device 

B. increased resiliency through MPLS FRR for AToM circuits and better bandwidth utilization through MPLS TE 

C. enabled services over an IP/MPLS infrastructure, for enhanced MPLS Layer 2 functionality 

D. provided complete proactive protection against frame and device spoofing 

Answer: B,C