Accurate 300-206 Exam Questions and Answers 2021

NEW QUESTION 1
Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols?

• A. network
• B. ICMP
• C. protocol
• D. TCP-UDP
• E. service

Answer: E

NEW QUESTION 2
Which two voice protocols can the Cisco ASA inspect? (Choose two.)

• A. MGCP
• B. IAX
• C. Skype
• D. CTIQBE

Answer: AD

NEW QUESTION 3
When configured in accordance to Cisco best practices, the ip verify source command can mitigate which two types of Layer 2 attacks? (Choose two.)

• A. rogue DHCP servers
• B. ARP attacks
• C. DHCP starvation
• D. MAC spoofing
• E. CAM attacks
• F. IP spoofing

Answer: DF

NEW QUESTION 4
What is the default behavior of an access list on a Cisco ASA?

• A. It will permit or deny traffic based on the access list criteria.
• B. It will permit or deny all traffic on a specified interface.
• C. It will have no affect until applied to an interface, tunnel-group or other traffic flow.
• D. It will allow all traffic.

Answer: C

NEW QUESTION 5
When you configure a Cisco firewall in multiple context mode, where do you allocate interfaces?

• A. in the system execution space
• B. in the admin context
• C. in a user-defined context
• D. in the global configuration

Answer: A

NEW QUESTION 6
Which configuration keyword will configure SNMPv3 with authentication but no encryption?

• A. Auth
• B. Priv
• C. No auth
• D. Auth priv

Answer: A

NEW QUESTION 7
Which kind of Layer 2 attack targets the STP root bridge election process and allows an attacker to
control the flow of traffic?

• A. man-in-the-middle
• B. denial of service
• C. distributed denial of service
• D. CAM overflow

Answer: A

NEW QUESTION 8
An engineer has successfully captured data on an ASA (ip address 10.10.10.1) and wants to download the file to analyze offline. The filename is capin.
Which option must the engineer enter to accomplish this task?

• A. https://10.10.10.1/admin/capture/capin
• B. http://10.10.10.1/admin/capture/capin/pcap
• C. https://10.10.10.1/admin/capture/capin/pcap
• D. http://10.10.10.1/admin/capture/capin

Answer: C

NEW QUESTION 9
Which statement about Cisco ASA multicast routing support is true?

• A. The Cisco ASA appliance supports PIM dense mode, sparse mode, and BIDIR-PIM.
• B. The Cisco ASA appliance supports only stub multicast routing by forwarding IGMP messages from multicastreceivers to the upstream multicast router.
• C. The Cisco ASA appliance supports DVMRP and PIM.
• D. The Cisco ASA appliance supports either stub multicast routing or PIM, but both cannot be enabled at thesame time.
• E. The Cisco ASA appliance supports only IGMP v1.

Answer: D

NEW QUESTION 10
An enterprise is hosting an application that opens a secondary UDP point. The initial session on a well-known port is used to negotiate the secondary dynamically assigned port. Which feature on Cisco ASA monitors sessions to identify the dynamic port assignments and permits sata exchange on these ports?

• A. Allow Any
• B. NAT
• C. Protocol Inspection
• D. High & Low Security level

Answer: C

NEW QUESTION 11
Which two mandatory policies are needed to support a regular IPsec VPN in a Cisco Security Manager environment? (Choose two.)

• A. GRE modes
• B. IKE proposal
• C. group encryption
• D. server load balance

Answer: BC

NEW QUESTION 12
Which statement about traffic zoning in cisco ASA?

• A. you can create a maximum of 512 zones
• B. you can add failover interface to zone
• C. an interface can be member of more than one zone
• D. you can up to eight interface per zone

Answer: D

NEW QUESTION 13
Where do you apply a control plane services policy to implement Management Plane Protection on a Cisco Router?

• A. Control-plane router
• B. Control-plane host
• C. Control-plane interface management 0/0
• D. Control-plane service policy

Answer: B

Explanation:
http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htsecmpp.html

NEW QUESTION 14
What are three attributes that can be applied to a user account with RBAC? (Choose three.)

• A. domain
• B. password
• C. ACE tag
• D. user roles
• E. VDC group tag
• F. expiry date

Answer: BDF

NEW QUESTION 15
If the Cisco ASA 1000V has too few licenses, what is its behavior?

• A. It drops all traffic.
• B. It drops all outside-to-inside packets.
• C. It drops all inside-to-outside packets.
• D. It passes the first outside-to-inside packet and drops all remaining packets.

Answer: D

NEW QUESTION 16
Which two VPN types can you monitor and control with Cisco Prime Security Manager? (Choose
two.)

• A. AnyConnect SSL
• B. site-to-site
• C. clientless SSL
• D. IPsec remote-access

Answer: AD

Explanation: http://www.cisco.com/c/en/us/td/docs/security/asacx/9-1/user/guide/b_User_Guide_for_ASA_CX_and_PRSM_9_1.pdf

NEW QUESTION 17
How many bridge groups are supported on a firewall that operate in transparent mode?

• A. 8
• B. 16
• C. 10
• D. 6

Answer: A

NEW QUESTION 18
An engineer must secure a current monitoring environment by using the strongest encryption allowed within SNMPv3 configuration. Which two encryption methods meet this requirement? (Choose two.)

• A. 3DES
• B. AES
• C. RSA-SIG
• D. DES
• E. MD5

Answer: AB