[Free] Download New Updated (April 2016) Cisco 300-206 Actual Tests 131-140

Ensurepass

QUESTION 131

What are two security features at the access port level that can help mitigate Layer 2 attacks? (Choose two.)

 

A.

DHCP snooping

B.

IP Source Guard

C.

Telnet

D.

Secure Shell

E.

SNMP

 

Correct Answer: AB

 

 

QUESTION 132

What are two enhancements of SSHv2 over SSHv1? (Choose two.)

 

A.

VRF-aware SSH support

B.

DH group exchange support

C.

RSA support

D.

keyboard-interactive authentication

E.

SHA support

 

Correct Answer: AB

 

 

QUESTION 133

clip_image002

clip_image004

clip_image006

clip_image008

 

According to the logging configuration on the Cisco ASA, what will happen if syslog server 10.10.2.40 fails?

A.

New connections through the ASA will be blocked and debug system logs will be sent to the internal buffer.

B.

New connections through the ASA will be blocked and informational system logs will be sent to the internal buffer.

C.

New connections through the ASA will be blocked and system logs will be sent to server 10.10.2.41.

D.

New connections through the ASA will be allowed and system logs will be sent to server 10.10.2.41.

E.

New connections through the ASA will be allowed and informational system logs will be sent to the internal buffer.

F.

New connections through the ASA will be allowed and debug system logs will be sent to the internal buffer.

 

Correct Answer: B

Explanation:

This is shown by the following screen shot:

 

clip_image010

 

 

QUESTION 134

Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP?

 

A.

MACsec

B.

Flex VPN

C.

Control Plane Protection

D.

Dynamic Arp Inspection

 

Correct Answer: A

 

QUESTION 135

Which URL matches the regex statement “http”*/”www.cisco.com/”*[^E]”xe”?

 

A.

https://www.cisco.com/ftp/ios/tftpserver.exe

B.

https://cisco.com/ftp/ios/tftpserver.exe

C.

http:/www.cisco.com/ftp/ios/tftpserver.Exe

D.

https:/www.cisco.com/ftp/ios/tftpserver.EXE

 

Correct Answer: A

 

 

QUESTION 136

Which command is used to nest objects in a pre-existing group?

 

A.

object-group

B.

network group-object

C.

object-group network

D.

group-object

 

Correct Answer: D

 

 

QUESTION 137

Which technology can be deployed with a Cisco ASA 1000V to segregate Layer 2 access within a virtual cloud environment?

 

A.

Cisco Nexus 1000V

B.

Cisco VSG

C.

WSVA

D.

ESVA

 

Correct Answer: A

 

 

QUESTION 138

Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP via a man-in-the-middle attack?

 

A.

MACsec

B.

Flex VPN

C.

Control Plane Protection

D.

Dynamic Arp Inspection

 

Correct Answer: A

 

 

QUESTION 139

You have explicitly added the line deny ipv6 any log to the end of an IPv6 ACL on a router interface. Which two ICMPv6 packet types must you explicitly allow to enable traffic to traverse the interface? (Choose two.)

 

A.

router solicitation

B.

router advertisement

C.

neighbor solicitation

D.

neighbor advertisement

E.

redirect

 

Correct Answer: CD

 

 

QUESTION 140

When you install a Cisco ASA AIP-SSM, which statement about the main Cisco ASDM home page is true?

 

A.

It is replaced by the Cisco AIP-SSM home page.

B.

It must reconnect to the NAT policies database.

C.

The administrator can manually update the page.

D.

It displays a new Intrusion Prevention panel.

 

Correct Answer: D

 

Free VCE & PDF File for Cisco 300-206 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …