300-206 Exam Questions - Online Test
300-206 Premium VCE File
150 Lectures, 20 Hours
Q1. Refer to the exhibit.
Which option describes the expected result of the capture ACL?
A. The capture is applied, but we cannot see any packets in the capture
B. The capture does not get applied and we get an error about mixed policy.
C. The capture is applied and we can see the packets in the capture
D. The capture is not applied because we must have a host IP as the source
Answer: B
Q2. What is the lowest combination of ASA model and license providing 1 Gigabit Ethernet interfaces?
A. ASA 5505 with failover license option
B. ASA 5510 Security+ license option
C. ASA 5520 with any license option
D. ASA 5540 with AnyConnect Essentials License option
Answer: B
Q3. Prior to a software upgrade, which Cisco Prime Infrastructure feature determines if
the devices being upgraded have sufficient RAM to support te new software ?
A. Software Upgrade Report
B. Image Management Report
C. Upgrade Analysis Report
D. Image Analysis Report
Answer: C
Q4. Which three options are hardening techniques for Cisco IOS routers? (Choose three.)
A. limiting access to infrastructure with access control lists
B. enabling service password recovery
C. using SSH whenever possible
D. encrypting the service password
E. using Telnet whenever possible
F. enabling DHCP snooping
Answer: A,C,D
Q5. What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS sessions and HTTPS access?
A. sslconfig
B. sslciphers
C. tlsconifg
D. certconfig
Answer: A
Q6. Which command is used to nest objects in a pre-existing group?
A. object-group
B. network group-object
C. object-group network
D. group-object
Answer: D
Q7. What is the default violation mode that is applied by port security?
A. restrict
B. protect
C. shutdown
D. shutdown VLAN
Answer: C
Q8. Which two web browsers are supported for the Cisco ISE GUI? (Choose two.)
A. HTTPS-enabled Mozilla Firefox version 3.x
B. Netscape Navigator version 9
C. Microsoft Internet Explorer version 8 in Internet Explorer 8-only mode
D. Microsoft Internet Explorer version 8 in all Internet Explorer modes
E. Google Chrome (all versions)
Answer: A,C
Q9. CORRECT TEXT
You are a network security engineer for the Secure-X network. You have been tasked with
implementing dynamic network object NAT with PAT on a Cisco ASA. You must configure the Cisco ASA such that the source IP addresses of all internal hosts are translated to a single IP address (using different ports) when the internal hosts access the Internet.
To successfully complete this activity, you must perform the following tasks:
. Use the Cisco ASDM GUI on the Admin PC to configure dynamic network object NAT with PAT using the following parameters:
. Network object name: Internal-Networks
. IP subnet: 10.10.0.0/16
. Translated IP address: 192.0.2.100
. Source interface: inside
. Destination interface: outside
NOTE: The object (TRANSLATED-INSIDE-HOSTS) for this translated IP address has already been created for your use in this activity.
NOTE: Not all ASDM screens are active for this exercise.
NOTE: Login credentials are not needed for this simulation.
. In the Cisco ASDM, display and view the auto-generated NAT rule.
. From the Employee PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public.
. From the Guest PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public.
. At the CLI of the Cisco ASA, display your NAT configuration. You should see the configured policy and statistics for translated packets.
. At the CLI of the Cisco ASA, display the translation table. You should see dynamic translations for the Employee PC and the Guest PC. Both inside IP addresses translate to the same IP address, but using different ports.
You have completed this exercise when you have configured and successfully tested dynamic network object NAT with PAT.
Answer: See the explanation for detailed answer to this sim question.
Q10. In your role as network security administrator, you have installed syslog server software on a server whose IP address is 10.10.2.40. According to the exhibits, why isn’t the syslog server receiving any syslog messages?
A. Logging is not enabled globally on the Cisco ASA.
B. The syslog server has failed.
C. There have not been any events with a severity level of seven.
D. The Cisco ASA is not configured to log messages to the syslog server at that IP address.
Answer: B
Explanation: By process of elimination, we know that the other answers choices are not correct so that only leaves us with the server must have failed. We can see from the following screen shots, that events are being generated with severity level of debugging and below, The 10.10.2.40 IP address has been configured as a syslog server, and that logging has been enabled globally:
\\psf\Home\.Trash\Screen Shot 2015-06-11 at 8.38.59 PM.png
- [2021-New] Cisco 300-208 Dumps With Update Exam Questions (1-10)
- [2021-New] Cisco 210-060 Dumps With Update Exam Questions (11-20)
- [2021-New] Cisco 300-075 Dumps With Update Exam Questions (3-12)
- [2021-New] Cisco 200-310 Dumps With Update Exam Questions (21-30)
- [2021-New] Cisco 300-075 Dumps With Update Exam Questions (11-20)
- [2021-New] Cisco 200-355 Dumps With Update Exam Questions (141-150)
- [2021-New] Cisco 200-355 Dumps With Update Exam Questions (21-30)
- [2021-New] Cisco 210-250 Dumps With Update Exam Questions (1-10)
- How Many Questions Of 500-651 Test Preparation
- [2021-New] Cisco 400-251 Dumps With Update Exam Questions (81-90)