Exam Code: 300 206 dumps (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Edge Network Security Solutions
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass ccnp security senss 300 206 official cert guide Exam.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 300-206 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 300-206 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/300-206-exam-dumps.html
Q91. Which information is NOT replicated to the secondary Cisco ASA adaptive security appliance in an active/standby configuration with stateful failover links ?
A. TCP sessions
B. DHCP lease
C. NAT translations
D. Routing tables
Answer: B
Q92. Which option describes the purpose of the input parameter when you use the packet-tracer command on a Cisco device?
A. to provide detailed packet-trace information
B. to specify the source interface for the packet trace
C. to display the trace capture in XML format
D. to specify the protocol type for the packet trace
Answer: B
Q93. According to Cisco best practices, which two interface configuration commands help prevent VLAN hopping attacks? (Choose two.)
A. switchport mode access
B. switchport access vlan 2
C. switchport mode trunk
D. switchport access vlan 1
E. switchport trunk native vlan 1
F. switchport protected
Answer: A,B
Q94. You are a security engineer at a large multinational retailer. Your Chief Information Officer recently attended a security conference and has asked you to secure the network infrastructure from VLAN hopping.
Which statement describes how VLAN hopping can be avoided?
A. There is no such thing as VLAN hopping because VLANs are completely isolated.
B. VLAN hopping can be avoided by using IEEE 802.1X to dynamically assign the access VLAN to all endpoints and setting the default access VLAN to an unused VLAN ID.
C. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an ISL trunk to an unused VLAN ID.
D. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an IEEE 802.1Q trunk to an unused VLAN ID.
Answer: D
Q95. Which two web browsers are supported for the Cisco ISE GUI? (Choose two.)
A. HTTPS-enabled Mozilla Firefox version 3.x
B. Netscape Navigator version 9
C. Microsoft Internet Explorer version 8 in Internet Explorer 8-only mode
D. Microsoft Internet Explorer version 8 in all Internet Explorer modes
E. Google Chrome (all versions)
Answer: A,C
Q96. Which action is considered a best practice for the Cisco ASA firewall?
A. Use threat detection to determine attacks
B. Disable the enable password
C. Disable console logging D. Enable ICMP permit to monitor the Cisco ASA interfaces
E. Enable logging debug-trace to send debugs to the syslog server
Answer: A
Q97. What is the maximum jumbo frame size for IPS standalone appliances with 1G and 10G fixed or add-on interfaces?
A. 1024 bytes
B. 1518 bytes
C. 2156 bytes
D. 9216 bytes
Answer: D
Q98. How much storage is allotted to maintain system,configuration , and image files on the Cisco ASA 1000V during OVF template file deployment?
A. 1GB
B. 5GB
C. 2GB
D. 10GB
Answer: C
Q99. Cisco Security Manager can manage which three products? (Choose three.)
A. Cisco IOS
B. Cisco ASA
C. Cisco IPS
D. Cisco WLC
E. Cisco Web Security Appliance
F. Cisco Email Security Appliance
G. Cisco ASA CX
H. Cisco CRS
Answer: A,B,C
Q100. When you install a Cisco ASA AIP-SSM, which statement about the main Cisco ASDM home page is true?
A. It is replaced by the Cisco AIP-SSM home page.
B. It must reconnect to the NAT policies database.
C. The administrator can manually update the page.
D. It displays a new Intrusion Prevention panel.
Answer: D
