300-206 Implementing Cisco Edge Network Security Solutions

Page 1   
Question 1

What is the best description of a unified ACL on a Cisco Firewall

  • A. An Ipv4 ACL with Ipv4 support
  • B. An ACL the support EtherType in additional Ipv6
  • C. An ACL with both Ipv4 and Ipv6 functionality
  • D. An Ipv6 ACL with Ipv4 backward compatitiblity


Answer : C

Explanation: http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_co nfig/intro_intro.html

Question 2

The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three
Cisco ASA options will not support these requirements? (Choose three.)

  • A. transparent mode
  • B. multiple context mode
  • C. active/standby failover mode
  • D. active/active failover mode
  • E. routed mode
  • F. no NAT-control


Answer : A,B,D

Question 3

Which configuration on a switch would be unsuccessful in preventing a DHCP starvation
attack?

  • A. DHCP snooping
  • B. Port security
  • C. Source Guard
  • D. Rate Limiting


Answer : C

Question 4

To which port does a firewall send secure logging messages?

  • A. TCP/1500
  • B. UDP/1500
  • C. TCP/500
  • D. UDP/500


Answer : A

Question 5

At which layer does MACsec provide encryption?

  • A. Layer 1
  • B. Layer 2
  • C. Layer 3
  • D. Layer 4


Answer : B

Question 6

Which option is the Cisco ASA on-box graphical management solution?

  • A. SSH
  • B. ASDM
  • C. Console
  • D. CSM


Answer : B

Question 7

When configured in accordance to Cisco best practices, the ip verify source command can
mitigate which two types of Layer 2 attacks? (Choose two.)

  • A. rogue DHCP servers
  • B. ARP attacks
  • C. DHCP starvation
  • D. MAC spoofing
  • E. CAM attacks
  • F. IP spoofing


Answer : D,F

Question 8

Which set of commands enables logging and displays the log buffer on a Cisco ASA?

  • A. enable loggingshow logging
  • B. logging enableshow logging
  • C. enable logging int e0/1view logging
  • D. logging enablelogging view config


Answer : B

Question 9

Which function does DNSSEC provide in a DNS infrastructure?

  • A. It authenticates stored information.
  • B. It authorizes stored information.
  • C. It encrypts stored information.
  • D. It logs stored security information.


Answer : A

Question 10

Which security operations management best practice should be followed to enable
appropriate network access for administrators?

  • A. Provide full network access from dedicated network administration systems
  • B. Configure the same management account on every network device
  • C. Dedicate a separate physical or logical plane for management traffic
  • D. Configure switches as terminal servers for secure device access


Answer : C

Question 11

Which Cisco prime Infrastructure features allows you to assign templates to a group of
wireless LAN controllers with similar configuration requirements?

  • A. Lightweight access point configuration template
  • B. Composite template
  • C. Controller configuration group
  • D. Shared policy object


Answer : C

Question 12

What is the default violation mode that is applied by port security?

  • A. restrict
  • B. protect
  • C. shutdown
  • D. shutdown VLAN


Answer : C

Question 13

On the Cisco ASA, where are the Layer 5-7 policy maps applied?

  • A. inside the Layer 3-4 policy map
  • B. inside the Layer 3-4 class map
  • C. inside the Layer 5-7 class map
  • D. inside the Layer 3-4 service policy
  • E. inside the Layer 5-7 service policy


Answer : A

Question 14

What are two high-level task areas in a Cisco Prime Infrastructure life-cycle workflow?
(Choose two.)

  • A. Design
  • B. Operate
  • C. Maintain
  • D. Log
  • E. Evaluate


Answer : A,B

Question 15

A switch is being configured at a new location that uses statically assigned IP addresses.
Which will ensure that ARP inspection works as expected?

  • A. Configure the 'no-dhcp' keyword at the end of the ip arp inspection command
  • B. Enable static arp inspection using the command 'ip arp inspection static vlan vlan- number
  • C. Configure an arp access-list and apply it to the ip arp inspection command
  • D. Enable port security


Answer : C

Page 1