It is impossible to pass Cisco 300-206 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed Cisco 300-206 practice questions. You will get a surprising result by our Most recent Implementing Cisco Edge Network Security Solutions practice guides.

2021 Apr 300-206 practice exam

Q31. If you encounter problems logging in to the Cisco Security Manager 4.4 web server or client or backing up its databases, which account has most likely been improperly modified? 

A. admin (the default administrator account) 

B. casuser (the default service account) 

C. guest (the default guest account) 

D. user (the default user account) 

Answer:


Q32. Which three logging methods are supported by Cisco routers? (Choose three.) 

A. console logging 

B. TACACS+ logging 

C. terminal logging 

D. syslog logging 

E. ACL logging 

F. RADIUS logging 

Answer: A,C,D 


Q33. At which layer does Dynamic ARP Inspection validate packets? 

A. Layer 2 

B. Layer 3 

C. Layer 4 

D. Layer 7 

Answer:


Q34. Which statement about Cisco Security Manager form factors is true? 

A. Cisco Security Manager Professional and Cisco Security Manager UCS Server Bundles support FWSMs. 

B. Cisco Security Manager Standard and Cisco Security Manager Professional support FWSMs. 

C. Only Cisco Security Manager Professional supports FWSMs. 

D. Only Cisco Security Manager Standard supports FWSMs. 

Answer:


Q35. If you disable PortFast on switch ports that are connected to a Cisco ASA and globally turn on BPDU filtering, what is the effect on the switch ports? 

A. The switch ports are prevented from going into an err-disable state if a BPDU is received. 

B. The switch ports are prevented from going into an err-disable state if a BPDU is sent. 

C. The switch ports are prevented from going into an err-disable state if a BPDU is received and sent. 

D. The switch ports are prevented from forming a trunk. 

Answer:


Renewal 300-206 exam:

Q36. A Cisco ASA is configured for TLS proxy. When should the security appliance force remote IP phones connecting to the phone proxy through the internet to be in secured mode? 

A. When the Cisco Unified Communications Manager cluster is in non-secure mode 

B. When the Cisco Unified Communications Manager cluster is in secure mode only 

C. When the Cisco Unified Communications Manager is not part of a cluster 

D. When the Cisco ASA is configured for IPSec VPN 

Answer:


Q37. Which two options are protocols and tools that are used by the management plane when discussing Cisco ASA general management plane hardening? ( Choose two ) 

A. Unicast Reverse Path Forwarding 

B. NetFlow 

C. Routing Protocol Authentication 

D. Threat detection 

E. Syslog 

F. ICMP unreachables 

G. Cisco URL Filtering 

Answer: B,E 

Explanation: http://www.cisco.com/web/about/security/intelligence/firewall-best-practices.html 


Q38. Which option is a different type of secondary VLAN? 

A. Transparent 

B. Promiscuous 

C. Virtual 

D. Community 

Answer:


Q39. Which security operations management best practice should be followed to enable appropriate network access for administrators? 

A. Provide full network access from dedicated network administration systems 

B. Configure the same management account on every network device 

C. Dedicate a separate physical or logical plane for management traffic 

D. Configure switches as terminal servers for secure device access 

Answer:


Q40. Which two statements about Cisco IDS are true? (Choose two.) 

A. It is preferred for detection-only deployment. 

B. It is used for installations that require strong network-based protection and that include sensor tuning. 

C. It is used to boost sensor sensitivity at the expense of false positives. 

D. It is used to monitor critical systems and to avoid false positives that block traffic. 

E. It is used primarily to inspect egress traffic, to filter outgoing threats. 

Answer: A,D