Download New Latest (May) Cisco 300-206 Actual Tests 41-50

Ensurepass

 

QUESTION 41

What is the maximum jumbo frame size for IPS standalone appliances with 1G and 10G fixed or add-on interfaces?

 

A.

1024 bytes

B.

1518 bytes

C.

2156 bytes

D.

9216 bytes

 

Answer: D

 

 

QUESTION 42


clip_image001

 

 

 

clip_image002

 

clip_image003

 

An SNMP host is an IP address to which SNMP notifications and traps are sent. To configure SNMFV3 hosts, which option must you configure in addition to the target IP address?

 

A.

the Cisco ASA as a DHCP server, so the SNMFV3 host can obtain an IP address

B.

a username, because traps are only sent to a configured user

C.

SSH, so the user can connect to the Cisco ASA

D.

the Cisco ASA with a dedicated interface only for SNMP, to process the SNMP host traffic.

 

Answer: B

Explanation: The username can be seen here on the ASDM simulator screen shot:

 

 

 

clip_image004

 

C:UsersKamranDesktop2.png

 

 

QUESTION 43

Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security device?

 

A.

logging list critical_messages level 2

console logging critical_messages

B.

logging list critical_messages level 2

logging console critical_messages

C.

logging list critical_messages level 2

logging console enable critical_messages

D.

logging list enable critical_messages level 2 console logging critical_messages

 

Answer: B

 

 

QUESTION 44

When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled?

 

A.

By enabling ARP inspection; however, it cannot be controlled by an ACL

B.

By enabling ARP inspection or by configuring ACLs

C.

By configuring ACLs; however, ARP inspection is not supported

D.

By configuring NAT and ARP inspection

 

Answer: A

 

 

QUESTION 45

Which log level provides the most detail on the Cisco Web Security Appliance?

 

A.

Debug

B.

Critical

C.

Trace

D.

Informational

 

Answer: C

 

 

QUESTION 46

What is the default log level on the Cisco Web Security Appliance?

 

A.

Trace

B.

Debug

C.

Informational

D.

Critical

 

Answer: C

 

 

QUESTION 47

clip_image001[1]

 

 

 

clip_image002[1]

 

clip_image003[1]

 

SNMP users have a specified username, a group to which the user belongs, authentication password, encryption password, and authentication and encryption algorithms to use. The authentication algorithm options are MD5 and SHA. The encryption algorithm options are DES, 3DES, andAES (which is available in 128,192, and 256 versions). When you create a user, with which option must you associate it?

 

A.

an SNMP group

B.

at least one interface

C.

the SNMP inspection in the global_policy

D.

at least two interfaces

 

Answer: A

Explanation: This can be verified via the ASDM screen shot shown here:

 

 

 

clip_image005

 

C:UsersKamranDesktop2.png

 

 

QUESTION 48

Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525?

 

A.

A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in the global inspection policy

B.

A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy

C.

An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect option

D.

A class-map that matches port 2525 and applying it on an access-list using the inspect option

 

Answer: A

 

 

QUESTION 49

Which command configures the SNMP server group1 to enable authentication for members of the access list east?

 < /font>

A.

snmp-server group group1 v3 auth access east

B.

snmp-server group1 v3 auth access east

C.

snmp-server group group1 v3 east

D.

snmp-server group1 v3 east access

 

Answer: A

 

 

QUESTION 50

What are two primary purposes of Layer 2 detection in Cisco IPS networks? (Choose two.)

 

A.

identifying Layer 2 ARP attacks

B.

detecting spoofed MAC addresses and tracking 802.1X actions and data communication after a successful client association

C.

detecting and preventing MAC address spoofing in switched environments

D.

mitigating man-in-the-middle attacks

 

Answer: AD

Free VCE & PDF File for Cisco 300-206 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …