[2017 New] Lead2pass Latest Cisco 300-206 Exam Questions Free Downloading (201-225)

2017 August Cisco Official New Released 300-206 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

2017 latest released Cisco official 300-206 exam question free download from Lead2pass! All new updated questions and answers are real questions from Cisco Exam Center!

Following questions and answers are all new published by Cisco Official Exam Center: https://www.lead2pass.com/300-206.html

Refer to the exhibit. Which statement about this access list is true?
A.    This access list does not work without 6to4 NAT
B.    IPv6 to IPv4 traffic permitted on the Cisco ASA by default
C.    This access list is valid and works without additional configuration
D.    This access list is not valid and does not work at all
E.    We can pass only IPv6 to IPv6 and IPv4 to IPv4 traffic

Answer: A
ASA 9.0(1) code introduced the Unified ACL for IPv4 and IPv6. ACLs now support IPv4 and IPv6 addresses. You can even specify a mix of IPv4 and IPv6 addresses for the source and destination. The any keyword was changed to represent IPv4 and IPv6 traffic. The any4 and any6 keywords were added to represent IPv4-only and IPv6-only traffic, respectively. The IPv6-specific ACLs are deprecated. Existing IPv6 ACLs are migrated to extended ACLs.

Which option must be configured on a transparent Cisco ASA adaptive security appliance for it to be managed over Layer 3 networks?

A.    Static routes
B.    Routed interface
C.    Security context
D.    BVI

Answer: D

Which statement about Dynamic ARP Inspection is true ?

A.    In a typical network, you make all ports as trusted expect for the ports connection to switches , which are untrusted
B.    DAI associates a trust state with each switch
C.    DAI determines the validity of an ARP packet based on valid IP to MAC address binding from the DHCP snooping database
D.    DAI intercepts all ARP requests and responses on trusted ports only
E.    DAI cannot drop invalid ARP packets

Answer: C

Which command is the first that you enter to check whether or not ASDM is installed on the ASA?

A.    Show ip
B.    Show running-config asdm
C.    Show running-config boot
D.    Show version
E.    Show route

Answer: B

Which option is the Cisco ASA on-box graphical management solution?

A.    SSH
B.    ASDM
C.    Console
D.    CSM

Answer: B

Which action is needed to set up SSH on the Cisco ASA firewall?

A.    Create an ACL to aloew the SSH traffic to the Cisco ASA.
B.    Configure DHCP for the client that will connect via SSH.
C.    Generate a crypto key
D.    Specify the SSH version level as either 1 or 2.
E.    Enable the HTTP server to allow authentication.

Answer: C

At which layer does MACsecprovide encryption?

A.    Layer 1
B.    Layer 2
C.    Layer 3
D.    Layer 4

Answer: B

Which command is used to disable Cisco Discovery Protocol globally on a router?

A.    Cdp disable
B.    No cdp enable
C.    No cdp
D.    No cdp run

Answer: D

Refer to the exhibit. This command is used to configure the SNMP server on a Cisco router.
Which option is the encryption password for the SNMP server?


A.    sha
B.    snmp
C.    group-1
D.    snmpv3

Answer: D

How much storage is allotted to maintain system,configuration, and image files on the Cisco ASA 1000V during OVF template file deployment?

A.    1GB
B.    5GB
C.    2GB
D.    10GB

Answer: C

Which action is considered a best practice for the Cisco ASA firewall?

A.    Use threat detection to determine attacks
B.    Disable the enable password
C.    Disable console logging
D.    Enable ICMP permit to monitor the Cisco ASA interfaces
E.    Enable logging debug-trace to send debugs to the syslog server

Answer: A

Which option lists cloud deployment models?

A.    Private, public, hybrid, shared
B.    Private, public, hybrid
C.    IaaS, PaaS, SaaS
D.    Private, public, hybrid, community

Answer: D
https://www.ibm.com/developerworks/community/blogs/722f6200-f4ca-4eb3- 9d64-
8d2b58b2d4e8/entry/4_Types_of_Cloud_Computing_Deployment_Model_You_Need_to_K now1

Which statement about traffic storm control behavior is true?

A.    Traffic storm control cannot determine if the packet is unicast or broadcast.
B.    If you enable broadcast and multicast traffic storm control and the combined broadcast and multicast traffic exceeds the level within a 1 second traffic storm interval, storm control drops all broadcast and multicast traffic until the end of the storm interval
C.    Traffic storm control uses the Individual/Group bit in the packet source address to determine if the packet is unicast or broadcast.
D.    Traffic storm control monitors incoming traffic levels over a 10 second traffic storm control interval

Answer: B

Which policy map action makes a Cisco router behave as a stateful firewall for matching traffic?

A.    Log
B.    Inspect
C.    Permit
D.    Deny

Answer: B

Refer to the exhibit. Which option describes the expected result of the capture ACL?


A.    The capture is applied, but we cannot see any packets in the capture
B.    The capture does not get applied and we get an error about mixed policy.
C.    The capture is applied and we can see the packets in the capture
D.    The capture is not applied because we must have a host IP as the source

Answer: A


Which configuration on a switch would be unsuccessful in preventing a DHCP starvation attack?

A.    DHCP snooping
B.    Port security
C.    Source Guard
D.    Rate Limiting

Answer: D

Refer to the exhibit. What traffic is being captured by the Cisco ASA adaptive security appliance?


A.    UDP traffic sourced from host on port 80
B.    TCP traffic destined to host on port 80
C.    TCP traffic sourced from host on port 80
D.    UDP traffic destined to host on port 80

Answer: C

When a traffic storm threshold occurs on a port, into which state can traffic storm control put the port?

A.    Disabled
B.    Err-disabled
C.    Disconnected
D.    Blocked
E.    Connected

Answer: B

Which Layer 2 security feature prevents traffic on a LAN from being disrupted by a broadcast,multicat, or unicast storm on one physical interface?

A.    Bridge protocol Data Unit Guard
B.    Storm Control
C.    Embedded event monitoring
D.    Access control lists

Answer: B

Which three statements about transparent firewall are true? ( Choose three)

A.    Transparent firewall works at Layer 2
B.    Both interfaces must be configured with private IP Addresses
C.    It can have only a management IP address
D.    It does not support dynamic routing protocols
E.    It only support PAT

Answer: ACD

Which information is NOT replicated to the secondary Cisco ASA adaptive security appliance in an active/standby configuration with stateful failover links ?

A.    TCP sessions
B.    DHCP lease
C.    NAT translations
D.    Routing tables

Answer: B

Which Cisco prime Infrastructure features allows you to assign templates to a group of wireless LAN controllers with similar configuration requirements?

A.    Lightweight access point configuration template
B.    Composite template
C.    Controller configuration group
D.    Shared policy object

Answer: C

For which management session types does ASDM allow a maximum simultaneous connection limit to be set?

A.    ASDM, Telnet, SSH
B.    ASDM, Telnet, SSH, console
C.    ASDM, Telnet, SSH, VTY
D.    ASDM, Telnet, SSH, other

Answer: A

What two are data and voice protocols do ASA 5500 supports? (Choose two)

A.    CTIQBE Inspection
B.    H.323 Inspection
C.    MGCP Inspection
D.    RTSP Inspection
E.    SIP Inspection
F.    Skinny (SCCP) Inspection

Answer: BD

What mean following command arp outside 0009.xxxx.2100?

A.    create static arp entry
B.    create virtual arp entry
C.    It manually assign host to access outside

Answer: A

Lead2pass offers the latest Cisco 300-206 exam questions and answers in PDF & VCE. We promise 100% 300-206 exam pass or full money back (Have a try- If success, you will get a high pay job! Failed, nothing, money back!)! We provide instant download of our 300-206 dumps after payment so you can study earlier than others!

300-206 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDQ3hFS2lmMTdVb3c

2017 Cisco 300-206 exam dumps (All 251 Q&As) from Lead2pass:

https://www.lead2pass.com/300-206.html [100% Exam Pass Guaranteed]