Exam Code: 300-206 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Edge Network Security Solutions
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300-206 Exam.

2021 Jun 300-206 Study Guide Questions:

Q61. Refer to the exhibit. 


Which statement about this access list is true? 

A. This access list does not work without 6to4 NAT 

B. IPv6 to IPv4 traffic permitted on the Cisco ASA by default 

C. This access list is valid and works without additional configuration 

D. This access list is not valid and does not work at all 

E. We can pass only IPv6 to IPv6 and IPv4 to IPv4 traffic 

Answer: A 


Q62. Which information is NOT replicated to the secondary Cisco ASA adaptive security appliance in an active/standby configuration with stateful failover links ? 

A. TCP sessions 

B. DHCP lease 

C. NAT translations 

D. Routing tables 

Answer: B 


Q63. Which two options are purposes of the packet-tracer command? (Choose two.) 

A. to filter and monitor ingress traffic to a switch 

B. to configure an interface-specific packet trace 

C. to simulate network traffic through a data path 

D. to debug packet drops in a production network 

E. to automatically correct an ACL entry in an ASA 

Answer: C,D 


2passeasy.com

Update senss 300-206:

Q64. What is the default behavior of NAT control on Cisco ASA Software Version 8.3? 

A. NAT control has been deprecated on Cisco ASA Software Version 8.3. 

B. It will prevent traffic from traversing from one enclave to the next without proper access configuration. 

C. It will allow traffic to traverse from one enclave to the next without proper access configuration. 

D. It will deny all traffic. 

Answer: A 


Q65. Refer to the exhibit. 


What traffic is being captured by the Cisco ASA adaptive security appliance? 

A. UDP traffic sourced from host 10.10.0.12 on port 80 

B. TCP traffic destined to host 10.10.0.12 on port 80 

C. TCP traffic sourced from host 10.10.0.12 on port 80 

D. UDP traffic destined to host 10.10.0.12 on port 80 

Answer: C 


Q66. To which port does a firewall send secure logging messages? 

A. TCP/1500 

B. UDP/1500 

C. TCP/500 

D. UDP/500 

Answer: A 


2passeasy.com

Validated 300-206 senss dumps:

Q67. Where do you apply a control plane service policy to implement Management Plane Protection on a Cisco router? 

A. Control-plane interface management 0/0 

B. Control-plane service policy 

C. Control-plane router 

D. Control-plane host 

Answer: D 

Explanation: http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htsecmpp.html 



Q68. You are the administrator of a Cisco ASA 9.0 firewall and have been tasked with ensuring that the Firewall Admins Active Directory group has full access to the ASA configuration. The Firewall Operators Active Directory group should have a more limited level of access. 

Which statement describes how to set these access levels? 

A. Use Cisco Directory Agent to configure the Firewall Admins group to have privilege level 15 access. Also configure the Firewall Operators group to have privilege level 6 access. 

B. Use TACACS+ for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group. 

C. Use RADIUS for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group. 

D. Active Directory Group membership cannot be used as a determining factor for accessing the Cisco ASA CLI. 

Answer: B 


Q69. Refer to the exhibit. 

To protect Host A and Host B from communicating with each other, which type of PVLAN port should be used for each host? 


A. Host A on a promiscuous port and Host B on a community port 

B. Host A on a community port and Host B on a promiscuous port 

C. Host A on an isolated port and Host B on a promiscuous port 

D. Host A on a promiscuous port and Host B on a promiscuous port 

E. Host A on an isolated port and host B on an isolated port 

F. Host A on a community port and Host B on a community port 

Answer: E 


Q70. Which three options are default settings for NTP parameters on a Cisco ASA? (Choose three.) 

A. NTP authentication is enabled. 

B. NTP authentication is disabled. 

C. NTP logging is enabled. 

D. NTP logging is disabled. 

E. NTP traffic is not restricted. 

F. NTP traffic is restricted. 

Answer: B,D,E