Sell your lecture notes and other study documents.
Offer multiple documents together as a bundle and sell more.
Test yourself and make money with homemade quiz questions.
Work as a tutor and help students with their studies.
View requests and send a proposal how you can help.
Exam Name Implementing Cisco Edge Network Security Solutions
Number: 300-206 Passing Score: 800 Time Limit: 120 min
File Version: 20.5
Exam Code: 300-206
Exam Name: Implementing Cisco Edge Network Security Solutions
Exam A QUESTION 1
All 30 users on a single floor of a building are complaining about network slowness. After investigating the access switch, the network administrator notices that the MAC address table is full (10,000 entries) and all traffic is being flooded out of every port. Which action can the administrator take to prevent this from occurring?
A. Configure port-security to limit the number of mac-addresses allowed on each port
B. Upgrade the switch to one that can handle 20,000 entries
C. Configure private-vlans to prevent hosts from communicating with one another
D. Enable storm-control to limit the traffic rate
E. Configure a VACL to block all IP traffic except traffic to and from that subnet
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 2
A network printer has a DHCP server service that cannot be disabled. How can a layer 2 switch be configured to prevent the printer from causing network issues?
A. Remove the ip helper-address
B. Configure a Port-ACL to block outbound TCP port 68
C. Configure DHCP snooping
D. Configure port-security
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 3
A switch is being configured at a new location that uses statically assigned IP addresses. Which will ensure that ARP inspection works as expected?
A. Configure the 'no-dhcp' keyword at the end of the ip arp inspection command
B. Enable static arp inspection using the command 'ip arp inspection static vlan vlan-number
C. Configure an arp access-list and apply it to the ip arp inspection command
D. Enable port security
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 4
Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525?
A. A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that
class in the global inspection policy
B. A policy-map that matches port 2525 and applying an inspect ESMTP class-map for
C. An access-list that matches on TCP port 2525 traffic and applying it on an interface with
the inspect option
D. A class-map that matches port 2525 and applying it on an access-list using the inspect option
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 5
Which command is used to nest objects in a pre-existing group?
B. network group-object
C. object-group network
Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 6
Which threat-detection feature is used to keep track of suspected attackers who create
connections to too many hosts or ports?
A. complex threat detection
B. scanning threat detection
C. basic threat detection
D. advanced threat detection
Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 7
What is the default behavior of an access list on the Cisco ASA security appliance?
A. It will permit or deny traffic based on the access-list criteria.
B. It will permit or deny all traffic on a specified interface.
C. An access group must be configured before the access list will take effect for traffic control.
D. It will allow all traffic.
Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 8
What is the default behavior of NAT control on Cisco ASA Software Version 8.3?
A. NAT control has been deprecated on Cisco ASA Software Version 8.3.
B. It will prevent traffic from traversing from one enclave to the next without proper
C. It will allow traffic to traverse from one enclave to the next without proper
D. It will deny all traffic.
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 9
Which three options are hardening techniques for Cisco IOS routers? (Choose three.)
A. limiting access to infrastructure with access control lists
B. enabling service password recovery
C. using SSH whenever possible
D. encrypting the service password
E. using Telnet whenever possible
F. enabling DHCP snooping
Correct Answer: ACD Section: (none) Explanation Explanation/Reference: QUESTION 10
Which three commands can be used to harden a switch? (Choose three.)
A. switch(config-if)# spanning-tree bpdufilter enable
B. switch(config)# ip dhcp snooping
C. switch(config)# errdisable recovery interval 900
D. switch(config-if)# spanning-tree guard root
E. switch(config-if)# spanning-tree bpduguard disable
F. switch(config-if)# no cdp enable
Correct Answer: BDF Section: (none) Explanation Explanation/Reference: QUESTION 11
What are three features of the Cisco ASA 1000V? (Choose three.)
A. cloning the Cisco ASA 1000V
B. dynamic routing
C. the Cisco VNMC policy agent
Download all 29 pages for € 8,79
872 documents uploaded
9 documents sold
Help in all Courses Dq's,Assignments and MCQS,Midterm & Final Exams(Expert in Commerce field )
Experience: 10 Years in online teaching field.
Do you make summaries or do you have any completed assignments? Upload your documents to Knoowy and earn money.
Upon registration you agree to our privacy statement and terms and conditions .
At Knoowy you buy and sell the best studies documents directly from students. Upload at least one item, please help other students and get € 2.50 credit.