Our pass rate is high to 98.9% and the similarity percentage between our 300-206 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Cisco 300-206 exam in just one try? I am currently studying for the Cisco 300-206 exam. Latest Cisco 300-206 Test exam practice questions and answers, Try Cisco 300-206 Brain Dumps First.

NEW QUESTION 1
Which command is used to disable Cisco Discovery Protocol globally on a router?

  • A. Cdp disable
  • B. No cdp enable
  • C. No cdp
  • D. No cdp run

Answer: D

NEW QUESTION 2
Which information does the ASA fail to replicate to the secondary Cisco ASA adaptive security appliance in an active/standby configuration with stateful and failover links?

  • A. TCP sessions
  • B. routing tables
  • C. DHCP lease
  • D. NAT translations

Answer: C

NEW QUESTION 3
A network engineer must manage and push configurations to a Cisco networking environment, in which 10 Cisco ASA with IPS modules reside. Which solution accomplishes this task?

  • A. Cisco Adaptive Security Device Manager to push configurations to each of the IPS units
  • B. FireSIGHT manager to bundle and push configurations to the IPS units installed on an SSD within the Cisco ASA 5500 Series ASA
  • C. Cisco Security Manager 4.5 or later and pushing configuration bundles to each of the IPS units
  • D. Cisco IPS Manager Express and pushing configurations to the IPS units

Answer: B

NEW QUESTION 4
Which statement describes what the arp outside 1.1.1.1 0192.7gid.0020 command accomplishes?

  • A. enable ARP inspection for host 1.1.1.1
  • B. configures proxy ARP for host 1.1.1.1
  • C. assigns virtual MAC address for host 1.1.1.1
  • D. creates static ARP entry for host 1.1.1.1 .

Answer: D

Explanation:
That command adds a static ARP entry to allow ARP responses from the host at 1.1.1.1 with the MAC address 0009.7cbe.2100 on the outside interface http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/fwmode.html#wp1224694

NEW QUESTION 5
An engineer is configuring Cisco ASA 1000V Cloud Firewall. Which element allows for application of a
security policy based on a class of VMs instead of based on IP addresses?

  • A. port profiles
  • B. port groups
  • C. security groups
  • D. security profiles

Answer: A

NEW QUESTION 6
Which option is a different type of secondary VLAN?

  • A. Transparent
  • B. Promiscuous
  • C. Virtual
  • D. Community

Answer: D

NEW QUESTION 7
Which device can be managed by the Cisco Prime Security Manager?

  • A. ASA CX
  • B. ISR G2
  • C. Nexus
  • D. UCM

Answer: A

Explanation:
https://www.cisco.com/c/en/us/td/docs/security/asacx/9-2/user/guide/b_User_Guide_for_ASA_CX_and_PRSM_9_2/prsm-ug-intro.html

NEW QUESTION 8
The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three Cisco ASA
options will not support these requirements? (Choose three.)

  • A. transparent mode
  • B. multiple context mode
  • C. active/standby failover mode
  • D. active/active failover mode
  • E. routed mode
  • F. no NAT-control

Answer: ABD

NEW QUESTION 9
Which action is needed to set up SSH on the Cisco ASA firewall?

  • A. Create an ACL to aloew the SSH traffic to the Cisco ASA.
  • B. Configure DHCP for the client that will connect via SSH.
  • C. Generate a crypto key
  • D. Specify the SSH version level as either 1 or 2.
  • E. Enable the HTTP server to allow authentication.

Answer: C

NEW QUESTION 10
Which policy map action makes a Cisco router behave as a stateful firewall for matching traffic?

  • A. Log
  • B. Inspect
  • C. Permit
  • D. Deny

Answer: B

NEW QUESTION 11
A Cisco ASA is configured in multiple context mode and has two user-defined contexts-- Context_A and Context_B. From which context are device logging messages sent?

  • A. Admin
  • B. Context_A
  • C. Context_B
  • D. System

Answer: A

NEW QUESTION 12
An engineer has configured a unified IPV6/IPV4 ACL to be used for access control on the Cisco ASA in routed mode. Which additional IPV4/IPv6 components is needed for the ACL to function properly?

  • A. mixed object group
  • B. network address translation
  • C. explicit deny statement
  • D. service object

Answer: B

NEW QUESTION 13
Within Cisco Prime Infrastructure, which configuration Archive task will allow you to specify when to
copy the running configuration to the startup configuration?

  • A. Schedule Deploy
  • B. Schedule Overwrite
  • C. Schedule Archive
  • D. Schedule Rollback

Answer: B

Explanation:
You can schedule to have Prime Infrastructure copy the running configuration to the startup configuration by choosing Inventory > Device Configuration Archive, then clicking Schedule Overwrite .
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-0/user/guide/pi_ug/ chgdevconfig.html#82530

NEW QUESTION 14
Which four are IPv6 First Hop Security technologies? (Choose four.)

  • A. Send
  • B. Dynamic ARP Inspection
  • C. Router Advertisement Guard
  • D. Neighbor Discovery Inspection
  • E. Traffic Storm Control
  • F. Port Security
  • G. DHCPv6 Guard

Answer: ACDG

NEW QUESTION 15
Refer to the exhibit.
300-206 dumps exhibit
Which option describes the role of the filter rule on this cisco ASA firewall?

  • A. to discard http traffic destined to a proxy server
  • B. to define allowed traffic when the URL filtering server is unavailable
  • C. to perform deep packet inspection on all http traffic crossing the Cisco ASA
  • D. to send http traffic to a defined URL filtering server

Answer: D

NEW QUESTION 16
Which type of object group will allow configuration for both TCP 80 and TCP 443?

  • A. service
  • B. network
  • C. time range
  • D. user group

Answer: A

NEW QUESTION 17
Which two options are two purposes of the packet-tracer command? (Choose two.)

  • A. to filter and monitor ingress traffic to a switch
  • B. to configure an interface-specific packet trace
  • C. to inject virtual packets into the data path
  • D. to debug packet drops in a production network
  • E. to correct dropped packets in a production network

Answer: CD

NEW QUESTION 18
A security engineer is troubleshooting traffic across a Cisco ASA firewall using a packet tracer. When
configuring the packet tracer, which option must be used first?

  • A. interface
  • B. protocol
  • C. source
  • D. destination

Answer: A

NEW QUESTION 19
An engineer has successfully captured data on an ASA (ip address 10.10.10.1) and wants to download the file to analyze offline. The filename is capin.
Which option must the engineer enter to accomplish this task?

  • A. https://10.10.10.1/admin/capture/capin
  • B. http://10.10.10.1/admin/capture/capin/pcap
  • C. https://10.10.10.1/admin/capture/capin/pcap
  • D. http://10.10.10.1/admin/capture/capin

Answer: C

NEW QUESTION 20
When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled?

  • A. By enabling ARP inspection; however, it cannot be controlled by an ACL
  • B. By enabling ARP inspection or by configuring ACLs
  • C. By configuring ACLs; however, ARP inspection is not supported
  • D. By configuring NAT and ARP inspection

Answer: A

NEW QUESTION 21
An engineer is trying to configure Dynamic ARP Inspection. Which feature must be enabled first?

  • A. DHCP snooping
  • B. Cisco Discovery Protocol
  • C. port security
  • D. IP Source Guard

Answer: A

NEW QUESTION 22
Which command must be used to implement the unicast RPF feature on a Cisco ASA device?

  • A. ip verify source port-security
  • B. ip source-route
  • C. ip verify unicast reverse-path
  • D. ip verify reverse-path interface <interface name>

Answer: D

NEW QUESTION 23
Which two TCP ports must be open on the Cisco Security Manager server to allow the server to communicate with the Cisco Security Manager client? (Choose two.)

  • A. 1741
  • B. 443
  • C. 80
  • D. 1740
  • E. 8080

Answer: AB

NEW QUESTION 24
You have installed a web server on a private network. Which type of NAT must you implement to
enable access to the web server for public Internet users?

  • A. static NAT
  • B. dynamic NAT
  • C. network object NAT
  • D. twice NAT

Answer: A

NEW QUESTION 25
When a Cisco ASA is configured in multiple context mode, within which configuration are the interfaces allocated to the security contexts?

  • A. each security context
  • B. system configuration
  • C. admin context (context with the "admin" role)
  • D. context startup configuration file (.cfg file)

Answer: B

NEW QUESTION 26
Which command is the first that you enter to check whether or not ASDM is installed on the ASA?

  • A. Show ip
  • B. Show running-config asdm
  • C. Show running-config boot
  • D. Show version
  • E. Show route

Answer: B

NEW QUESTION 27
......

Thanks for reading the newest 300-206 exam dumps! We recommend you to try the PREMIUM Certshared 300-206 dumps in VCE and PDF here: https://www.certshared.com/exam/300-206/ (411 Q&As Dumps)