Want to know Testking 300-206 Exam practice test features? Want to lear more about Cisco Implementing Cisco Edge Network Security Solutions certification experience? Study Downloadable Cisco 300-206 answers to Up to date 300-206 questions at Testking. Gat a success with an absolute guarantee to pass Cisco 300-206 (Implementing Cisco Edge Network Security Solutions) test on your first attempt.

2021 Apr 300-206 exam question

Q41. Which technology can be deployed with a Cisco ASA 1000V to segregate Layer 2 access within a virtual cloud environment? 

A. Cisco Nexus 1000V 

B. Cisco VSG 




Q42. Which two parameters must be configured before you enable SCP on a router? (Choose two.) 


B. authorization 

C. ACLs 



Answer: A,B 

Q43. To which interface on a Cisco ASA 1000V firewall should a security profile be applied when a VM sits behind it? 

A. outside 

B. inside 

C. management 



Q44. What are two reasons for implementing NIPS at enterprise Internet edges? (Choose two.) 

A. Internet edges typically have a lower volume of traffic and threats are easier to detect. 

B. Internet edges typically have a higher volume of traffic and threats are more difficult to detect. 

C. Internet edges provide connectivity to the Internet and other external networks. 

D. Internet edges are exposed to a larger array of threats. 

E. NIPS is more optimally designed for enterprise Internet edges than for internal network configurations. 

Answer: C,D 

Q45. An SNMP host is an IP address to which SNMP notifications and traps are sent. To configure SNMFV3 hosts, which option must you configure in addition to the target IP address? 

A. the Cisco ASA as a DHCP server, so the SNMFV3 host can obtain an IP address 

B. a username, because traps are only sent to a configured user 

C. SSH, so the user can connect to the Cisco ASA 

D. the Cisco ASA with a dedicated interface only for SNMP, to process the SNMP host traffic. 


Explanation: The username can be seen here on the ASDM simulator screen shot: 

Regenerate 300-206 free practice test:

Q46. Which three options are default settings for NTP parameters on a Cisco ASA? (Choose three.) 

A. NTP authentication is enabled. 

B. NTP authentication is disabled. 

C. NTP logging is enabled. 

D. NTP logging is disabled. 

E. NTP traffic is not restricted. 

F. NTP traffic is restricted. 

Answer: B,D,E 

Q47. Which statement about the configuration of Cisco ASA NetFlow v9 (NSEL) is true? 

A. Use a sysopt command to enable NSEL on a specific interface. 

B. To view bandwidth usage for NetFlow records, you must have QoS feature enabled 

C. NSEL tracks the flow continuously and provides updates every 10 seconds. 

D. You must define a flow-export event type under a policy. 

E. NSEL can be used without a collector configured. 



http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_co nfig/ monitor_nsel.html 

Q48. Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525? 

A. A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in the global inspection policy 

B. A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy 

C. An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect option 

D. A class-map that matches port 2525 and applying it on an access-list using the inspect option 


Q49. When configured in accordance to Cisco best practices, the ip verify source command can mitigate which two types of Layer 2 attacks? (Choose two.) 

A. rogue DHCP servers 

B. ARP attacks 

C. DHCP starvation 

D. MAC spoofing 

E. CAM attacks 

F. IP spoofing 

Answer: D,F 


You are the network security engineer for the Secure-X network. The company has recently detected Increase of traffic to malware Infected destinations. The Chief Security Officer deduced that some PCs in the internal networks are infected with malware and communicate with malware infected destinations. 

The CSO has tasked you with enable Botnet traffic filter on the Cisco ASA to detect and deny further connection attempts from infected PCs to malware destinations. You are also required to test your configurations by initiating connections through the Cisco ASA and then display and observe the Real-Time Log Viewer in ASDM. To successfully complete this activity, you must perform the following tasks: 

* Download the dynamic database and enable use of it. 

. Enable the ASA to download of the dynamic database 

. Enable the ASA to download of the dynamic database. 

. Enable DNS snooping for existing DNS inspection service policy rules.. 

. Enable Botnet Traffic Filter classification on the outside interface for All Traffic. 

. Configure the Botnet Traffic Filter to drop blacklisted traffic on the outside interface. Use the default Threat Level settings 

NOTE: The database files are stored in running memory; they are not stored in flash memory. 

NOTE: DNS is enabled on the inside interface and set to the HQ-SRV ( 

NOTE: Not all ASDM screens are active for this exercise. 

. Verify that the ASA indeed drops traffic to blacklisted destinations by doing the following: 

. From the Employee PC, navigate to http://www.google.com to make sure that access to the Internet is working. 

. From the Employee PC, navigate to http://bot-sparta.no-ip.org. This destination is classified as malware destination by the Cisco SIO database. 

. From the Employee PC, navigate to http://superzarabotok-gid.ru/. This destination is classified as malware destination by the Cisco SIO database. 

. From Admin PC, launch ASDM to display and observe the Real-Time Log Viewer. 

Answer: Use the following configuration to setup in explanation.