Your success in Cisco ccnp security senss 300 206 official cert guide is our sole target and we develop all our 300 206 senss braindumps in a way that facilitates the attainment of this target. Not only is our ccnp security senss 300 206 official cert guide study material the best you can find, it is also the most detailed and the most updated. cisco 300 206 Practice Exams for Cisco CCNP Security 300 206 senss are written to the highest standards of technical accuracy.

Q1. Which feature is a limitation of a Cisco ASA 5555-X running 8.4.5 version with multiple contexts? 

A. Deep packet inspection 

B. Packet tracer 

C. IPsec 

D. Manual/auto NAT 

E. Multipolicy packet capture 

Answer:


Q2. Which statement about the configuration of Cisco ASA NetFlow v9 (NSEL) is true? 

A. Use a sysopt command to enable NSEL on a specific interface. 

B. To view bandwidth usage for NetFlow records, you must have QoS feature enabled 

C. NSEL tracks the flow continuously and provides updates every 10 seconds. 

D. You must define a flow-export event type under a policy. 

E. NSEL can be used without a collector configured. 

Answer:

Explanation: 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_co nfig/ monitor_nsel.html 


Q3. Which three statements about the software requirements for a firewall failover configuration are true? (Choose three.) 

A. The firewalls must be in the same operating mode. 

B. The firewalls must have the same major and minor software version. 

C. The firewalls must be in the same context mode. 

D. The firewalls must have the same major software version but can have different minor versions. 

E. The firewalls can be in different context modes. 

F. The firewalls can have different Cisco AnyConnect images. 

Answer: A,B,C 


Q4. hich command is the first that you enter to check whether or not ASDM is installed on the ASA? 

A. Show ip 

B. Show running-config asdm 

C. Show running-config boot 

D. Show version 

E. Show route 

Answer:


Q5. When it is configured in accordance to Cisco best practices, the switchport port-security maximum command can mitigate which two types of Layer 2 attacks? (Choose two.) 

A. rogue DHCP servers 

B. ARP attacks 

C. DHCP starvation 

D. MAC spoofing 

E. CAM attacks 

F. IP spoofing 

Answer: C,E 


Q6. Which statement describes the correct steps to enable Botnet Traffic Filtering on a Cisco ASA version 9.0 transparent-mode firewall with an active Botnet Traffic Filtering license? 

A. Enable DNS snooping, traffic classification, and actions. 

B. Botnet Traffic Filtering is not supported in transparent mode. 

C. Enable the use of the dynamic database, enable DNS snooping, traffic classification, and actions. 

D. Enable the use of dynamic database, enable traffic classification and actions. 

Answer:


Q7. A Cisco ASA is configured in multiple context mode and has two user-defined contexts—Context_A and Context_B. From which context are device logging messages sent? 

A. Admin 

B. Context_A 

C. Context_B 

D. System 

Answer:


Q8. Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP? 

A. MACsec 

B. Flex VPN 

C. Control Plane Protection 

D. Dynamic Arp Inspection 

Answer:


Q9. Which two features block traffic that is sourced from non-topological IPv6 addresses? (Choose two.) 

A. DHCPv6 Guard 

B. IPv6 Prefix Guard 

C. IPv6 RA Guard 

D. IPv6 Source Guard 

Answer: B,D 


Q10. Refer to the exhibit. 

Server A is a busy server that offers these services: 

. World Wide Web 

. DNS 

Which command captures http traffic from Host A to Server A? 

A. capture traffic match udp host 10.1.1.150 host 10.2.2.100 

B. capture traffic match 80 host 10.1.1.150 host 10.2.2.100 

C. capture traffic match ip 10.2.2.0 255.255.255.192 host 10.1.1.150 

D. capture traffic match tcp host 10.1.1.150 host 10.2.2.100 

E. capture traffic match tcp host 10.2.2.100 host 10.1.1.150 eq 80 

Answer: