Approved 300-206 Study Guides 2021

NEW QUESTION 1
ASA in transparent mode for which traffic default route is required?

• A. trusted
• B. untrusted
• C. Internet
• D. inside
• E. management

Answer: E

Explanation: In transparent mode, the default route, which is required to provide a return path for management traffic, is only applied to management traffic from one bridge group network. This is because the default route specifies an interface in the bridge group as well as the router IP address on the bridge group network, and you can only define one default route. If you have management traffic from
more than one bridge group network, you need to specify a regular static route that identifies the network from which you expect management traffic.

NEW QUESTION 2
A network engineer must mange and configurations to a cisco networking environment solutions
accomplishes this task?

• A. cisco IPS manage express and pushing configuration to the ips units
• B. cisco security 4.5 or later and pushing configuration bundles to each of the,,,,,
• C. cisco adaptive security device manager to push configuration to each of the IPS
• D. fire SIGHT manager to bundle and push configuration to the IPS units installed

Answer: D

NEW QUESTION 3
DRAG DROP
Drag and Drop Syslog security level to match its related.

Answer:

Explanation:

NEW QUESTION 4
At which firewall severity level will debugs appear on a Cisco ASA?

• A. 7
• B. 6
• C. 5
• D. 4

Answer: A

NEW QUESTION 5
What are Options of capture command? (Choose Two)

• A. host
• B. real-time
• C. type

Answer: BC

Explanation: real-time, type, interface,buffer, match, packet-lenght,trace,circular-buffer, ethernet-type,acces-list, headers-only

NEW QUESTION 6
Which two features are supported when configuring clustering of multiple Cisco ASA appliances?
(Choose two.)

• A. NAT
• B. dynamic routing
• C. SSL remote access VPN
• D. IPSec remote access VPN

Answer: AB

NEW QUESTION 7
When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of
the remote peer when you set the SSH server to perform RSA-based authentication?

• A. router(config-ssh-pubkey-user)#key
• B. router(conf-ssh-pubkey-user)#key-string
• C. router(config-ssh-pubkey)#key-string
• D. router(conf-ssh-pubkey-user)#key-string enable ssh

Answer: B

NEW QUESTION 8
In which way are management packets classified on a firewall that operates in multiple context
mode?

• A. by their interface IP address
• B. by the routing table
• C. by NAT
• D. by their MAC addresses

Answer: A

NEW QUESTION 9
Refer to the exhibit. An engineer has configured NAT rules on an ASA using ASDM. Which action does rule Number 1 accomplish?

• A. It allows the engineering VPN address pool to access the Internet through the tunnel
• B. It allows hosts in the address pool to reach other hosts in the engineering VPN address pool
• C. It allows hosts in the engineering VPN object to reach the hosts in the Sales VPN without being nat-ed
• D. It allows the connection between the engineering VPN address pool and the DMZ network

Answer: C

NEW QUESTION 10
In IOS routers, what configuration can ensure both prevention of ntp spoofing and accurate time ensured?

• A. ACL permitting udp 123 from ntp server
• B. ntp authentication
• C. multiple ntp servers
• D. local system clock

Answer: B

NEW QUESTION 11
About snmp v3 encryption, which option we have to use?

• A. priv
• B. auth
• C. encrypted

Answer: A

Explanation: -Configure snmp group:snmp-server group [groupname {v1 | v2c | v3{auth | noauth | priv}}] [read readview] [write writeview] [notify notifyview] [access access-list]
-Configure snmp user: snmp-server user username group-name [remote host [udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password]} [access [ipv6 nacl] [priv {des | 3des | aes
{128 | 192 |256}} privpassword] {acl-number | acl-name}]
encrypet if the password are encrypted ex. insert password not in plain text for auth.

NEW QUESTION 12
Prior to a software upgrade, which Cisco Prime Infrastructure feature determines if the devices being upgraded have sufficient RAM to support to new software ?

• A. Software Upgrade Report
• B. Image Management Report
• C. Upgrade Analysis Report
• D. Image Analysis Report

Answer: C

Explanation:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2- 0/user/guide/prime_infra_ug/ maint_images.html

NEW QUESTION 13
Which option is a different type of secondary VLAN?

• A. Transparent
• B. Promiscuous
• C. Virtual
• D. Community

Answer: D

NEW QUESTION 14
Refer to the exhibit.

Which two statements about the SNMP configuration are true? (Choose two.)

• A. The router's IP address is 192.168.1.1.
• B. The SNMP server's IP address is 192.168.1.1.
• C. Only the local SNMP engine is configured.
• D. Both the local and remote SNMP engines are configured.
• E. The router is connected to the SNMP server via port 162.

Answer: BD

NEW QUESTION 15
Which two router commands enable NetFlow on an interface? (Choose two.)

• A. ip flow ingress
• B. ip flow egress
• C. ip route-cache flow infer-fields
• D. ip flow ingress infer-fields
• E. ip flow-export version 9

Answer: AB

NEW QUESTION 16
Control plane thresholding limit for which protocols?

• A. ICMP
• B. BGP
• C. ARP

Answer: B

Explanation: The queue-thresholding feature policy supports the following TCP/UDP-based protocols:
Bgp,dns,ftp,http,igmp,snmp,ssh,syslog,telnet,Tftp,host-protocols

NEW QUESTION 17
Which option is the default logging buffer size In memory of the Cisco ASA adaptive security appliance?

• A. 8KB
• B. 32KB
• C. 2KB
• D. 16KB
• E. 4KB

Answer: E

Explanation:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_c onfig/ monitor_syslog.html

NEW QUESTION 18
Which command enables the HTTP server daemon for Cisco ASDM access?

• A. http server enable
• B. http server enable 443
• C. crypto key generate rsa modulus 1024
• D. no http server enable

Answer: A