December/2019 Braindump2go 300-206 Dumps with PDF and VCE New Updated Today! Following are some new 300-206 Exam Questions,
What configuration can affect snmp-server ID modification?
A. Earlier snmp configuration
B. Earlier snmp group
C. Earlier snmp user
D. SNMP is disabled
E. SNMP is set to version 3
To configure a remote user, specify the IP address or port number for the remote SNMP agent of the device where the user resides. Also, before you configure remote users for a particular agent, configure the SNMP engine ID, using the command snmp-server engineID with the remote option.
The remote agent’s SNMP engine ID is needed when computing the authentication/privacy digests from the password. If the remote engine ID is not configured first, the configuration command will fail.
There is some custom application that on first communication channel negotiates second data channel for data transfer. What allows traffic from second negotiated data channel?
A. packet reflection feature
B. packet inspection feature
C. host table
D. communication table
What is the default threat level in botnet traffic filtering?
A. between Low and Moderate
B. between Very Low and Low
C. between High and Very High
D. between Moderate and Very High
Which activity is performed by the switch when DAI inspection is configured?
A. It drops all ARP responses on untrusted ports
B. It monitors DHCP messages and compares host MAC addresses with addresses in ARP frames
C. It intercepts all ARP requests and response on untrusted ports
D. It drops all traffic except ARP messages
You are network engineer at some company. There are issues with Internet access.
Which capture ACL must be used to capture only return web traffic?
A. access-list CAPT-ACL line 1 permit tcp any eq 80 10.10.1.0 255.255.255.0
B. access-list CAPT-ACL line 1 permit tcp any 10.10.1.0 255.255.255.0 eq 80
C. access-list CAPT-ACL line 1 permit tcp any 10.10.1.0 255.255.255.0 eq 80
D. capture access-list CAPT-ACL line 1 permit tcp any eq 80 10.10.1.0 255.255.255
What AIC features are supported by ZFW in Cisco IOS? (Choose three)
A. protocol minimization
B. detection of covert tunneling
C. verification of IPSec tunnels establishment
D. global correlation
E. deep / specific DNS inspection
F. URL filtering
Choose two correct statements about private-vlan.
A. Interface that is assigned to primary-vlan ID (access mode) can communicate with interface with secondary vlan ID that belongs to same primary-vlan (same switch)
B. Interface that is assigned to community vlan can communicate with interface in the same secondary vlan but it is also configured as protected (same switch)
C. You have to configure dhcp snooping for both primary and secondary VLANs
D. You have to configure DAI only for primary vlan
E. You cannot combine private-vlan feature with protected ports ?
You can enable DHCP snooping on private VLANs. When you enable DHCP snooping on the primary VLAN, it is propagated to the secondary VLANs. If you configure DHCP snooping on a secondary VLAN, the configuration does not take effect if the primary VLAN is already configured. The same statement is true about DAI.
A private-VLAN port cannot be a secure port and should not be configured as a protected port.
Refer to the exhibit:
access-list 20 permit ip any host 192.168.1.5
capture CAPT-X type asp-drop acl-drop access-list 20
Capture does not get applied and we get an error about mixed policy. Choose two reason why this is the case.
A. Ipv6 is enabled on the firewall
B. The any key in the access-list should be stated as IPv4 (kind of like any4)
C. Syntax of access-list command is wrong.
D. Syntax if capture command is wrong.
The captures after version 9.0(1) does not support the use of the ANY as it will match both IPv4 and IPv6 at the same time and that is not supported yet.
What is the correct statement about Cisco ASA operation mode?
A. ASA in routed mode will be not seen as new hop from the network
B. ASA operated on transparent mode will be seen as new hop from the network
C. The running configuration in ASA will be removed if operating mode is changed
D. Transparent mode doesn’t support failover
What does BTF do when it receives a DNS reply from a domain?
A. It checks the domain against its BTF database
B. It queries a BTF server
C. It drops DNS reply
D. It verifies DNS reply using its own DNS server
With what commands you can configure unified access-list on ASA CLI? (Choose two)
B. ipv6 access-list
C. ipv6 access-list website
D. object-group network
E. object network
ACLs now support IPv4 and IPv6 addresses. You can even specify a mix of IPv4 and IPv6 addresses for the source and destination. The any keyword was changed to represent IPv4 and IPv6 traffic. The any4 and any6 keywords were added to represent IPv4-only and IPv6-only traffic, respectively. The IPv6-specific ACLs are deprecated. Existing IPv6 ; are migrated to extended ACLs. See the release notes for more information about migration.
We modified the following commands: access-list extended , access-list webtype.
We removed the following commands: ipv6 access-list, ipv6 access-list webtype, ipv6-vpn-filter.
Network object groups can contain multiple network objects as well as inline networks. Network object groups can support a mix of both IPv4 and IPv6 addresses.
You cannot use a mixed IPv4 and IPv6 object group for NAT, or object groups that include FQDN objects.
1.|2019 Latest Braindump2go 300-206 Exam Dumps (VCE & PDF) Instant Download:
2.|2019 Latest Braindump2go 300-206 Exam Questions & Answers Instant Download: