♥♥ 2017 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 300-206 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Want to know Ucertify cisco 300 206 Exam practice test features? Want to lear more about Cisco Implementing Cisco Edge Network Security Solutions certification experience? Study Downloadable Cisco ccnp security senss 300 206 official cert guide pdf answers to Rebirth 300 206 dumps questions at Ucertify. Gat a success with an absolute guarantee to pass Cisco 300 206 senss (Implementing Cisco Edge Network Security Solutions) test on your first attempt.
Q81. When you install a Cisco ASA AIP-SSM, which statement about the main Cisco ASDM home page is true?
A. It is replaced by the Cisco AIP-SSM home page.
B. It must reconnect to the NAT policies database.
C. The administrator can manually update the page.
D. It displays a new Intrusion Prevention panel.
Q82. Which configuration on a switch would be unsuccessful in preventing a DHCP starvation attack?
A. DHCP snooping
B. Port security
C. Source Guard
D. Rate Limiting
Q83. At which firewall severity level will debugs appear on a Cisco ASA?
Q84. Which Layer 2 security feature validates ARP packets?
B. DHCP server
C. BPDU guard
D. BPDU filtering
Q85. Which three compliance and audit report types are available in Cisco Prime Infrastructure? (Choose three.)
B. Change Audit
C. Vendor Advisory
D. TAC Service Request
E. Validated Design
F. Smart Business Architecture
Q86. Which statement about the configuration of Cisco ASA NetFlow v9 (NSEL) is true?
A. Use a sysopt command to enable NSEL on a specific interface.
B. To view bandwidth usage for NetFlow records, you must have QoS feature enabled
C. NSEL tracks the flow continuously and provides updates every 10 seconds.
D. You must define a flow-export event type under a policy.
E. NSEL can be used without a collector configured.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_co nfig/ monitor_nsel.html
Q87. When you configure a Botnet Traffic Filter on a Cisco firewall, what are two optional tasks? (Choose two.)
A. Enable the use of dynamic databases.
B. Add static entries to the database.
C. Enable DNS snooping.
D. Enable traffic classification and actions.
E. Block traffic manually based on its syslog information.
Q88. You are the administrator of a Cisco ASA 9.0 firewall and have been tasked with ensuring that the Firewall Admins Active Directory group has full access to the ASA configuration. The Firewall Operators Active Directory group should have a more limited level of access.
Which statement describes how to set these access levels?
A. Use Cisco Directory Agent to configure the Firewall Admins group to have privilege level 15 access. Also configure the Firewall Operators group to have privilege level 6 access.
B. Use TACACS+ for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group.
C. Use RADIUS for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group.
D. Active Directory Group membership cannot be used as a determining factor for accessing the Cisco ASA CLI.
Q89. Which three statements about private VLANs are true? (Choose three.)
A. Isolated ports can talk to promiscuous and community ports.
B. Promiscuous ports can talk to isolated and community ports.
C. Private VLANs run over VLAN Trunking Protocol in client mode.
D. Private VLANS run over VLAN Trunking Protocol in transparent mode.
E. Community ports can talk to each other as well as the promiscuous port.
F. Primary, secondary, and tertiary VLANs are required for private VLAN implementation.
Q90. Which option describes the purpose of the input parameter when you use the packet-tracer command on a Cisco device?
A. to provide detailed packet-trace information
B. to specify the source interface for the packet trace
C. to display the trace capture in XML format
D. to specify the protocol type for the packet trace