We provide real ccnp security senss 300 206 official cert guide exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass Cisco ccnp security senss 300 206 official cert guide pdf Exam quickly & easily. The ccnp security senss 300 206 official cert guide PDF type is available for reading and printing. You can print more and practice many times. With the help of our Cisco 300 206 senss pdf dumps pdf and vce product and material, you can easily pass the ccnp security senss 300 206 official cert guide pdf exam.

Q91. All 30 users on a single floor of a building are complaining about network slowness. After investigating the access switch, the network administrator notices that the MAC address table is full (10,000 entries) and all traffic is being flooded out of every port. Which action can the administrator take to prevent this from occurring? 

A. Configure port-security to limit the number of mac-addresses allowed on each port 

B. Upgrade the switch to one that can handle 20,000 entries 

C. Configure private-vlans to prevent hosts from communicating with one another 

D. Enable storm-control to limit the traffic rate 

E. Configure a VACL to block all IP traffic except traffic to and from that subnet 


Q92. Which two statements about zone-based firewalls are true? (Choose two.) 

A. More than one interface can be assigned to the same zone. 

B. Only one interface can be in a given zone. 

C. An interface can only be in one zone. 

D. An interface can be a member of multiple zones. 

E. Every device interface must be a member of a zone. 

Answer: A,C 

Q93. What can an administrator do to simultaneously capture and trace packets in a Cisco ASA? 

A. Install a Cisco ASA virtual appliance. 

B. Use the trace option of the capture command. 

C. Use the trace option of the packet-tracer command. 

D. Install a switch with a code that supports capturing, and configure a trunk to the Cisco ASA. 


Q94. Your company is replacing a high-availability pair of Cisco ASA 5550 firewalls with the newer Cisco ASA 5555-X models. Due to budget constraints, one Cisco ASA 5550 will be replaced at a time. 

Which statement about the minimum requirements to set up stateful failover between these two firewalls is true? 

A. You must install the USB failover cable between the two Cisco ASAs and provide a 1 Gigabit Ethernet interface for state exchange. 

B. It is not possible to use failover between different Cisco ASA models. 

C. You must have at least 1 Gigabit Ethernet interface between the two Cisco ASAs for state exchange. 

D. You must use two dedicated interfaces. One link is dedicated to state exchange and the other link is for heartbeats. 


Q95. Which command sets the source IP address of the NetFlow exports of a device? 

A. ip source flow-export 

B. ip source netflow-export 

C. ip flow-export source 

D. ip netflow-export source 


Q96. Refer to the exhibit. 

Which statement about this access list is true? 

A. This access list does not work without 6to4 NAT 

B. IPv6 to IPv4 traffic permitted on the Cisco ASA by default 

C. This access list is valid and works without additional configuration 

D. This access list is not valid and does not work at all 

E. We can pass only IPv6 to IPv6 and IPv4 to IPv4 traffic 


Q97. Refer to the exhibit. Which command can produce this packet tracer output on a firewall? 

A. packet-tracer input INSIDE tcp 88 3028 

B. packet-tracer output INSIDE tcp 88 3028 

C. packet-tracer input INSIDE tcp 3028 88 

D. packet-tracer output INSIDE tcp 3028 88 


Q98. An administrator installed a Cisco ASA that runs version 9.1. You are asked to configure the firewall through Cisco ASDM. 

When you attempt to connect to a Cisco ASA with a default configuration, which username and password grants you full access? 

A. admin / admin 

B. asaAdmin / (no password) 

C. It is not possible to use Cisco ASDM until a username and password are created via the username usernamepassword password CLI command. 

D. enable_15 / (no password) 

E. cisco / cisco 


Q99. Which two router commands enable NetFlow on an interface? (Choose two.) 

A. ip flow ingress 

B. ip flow egress 

C. ip route-cache flow infer-fields 

D. ip flow ingress infer-fields 

E. ip flow-export version 9 

Answer: A,B 

Q100. Which three options are default settings for NTP parameters on a Cisco device? (Choose three.) 

A. NTP authentication is enabled. 

B. NTP authentication is disabled. 

C. NTP logging is enabled. 

D. NTP logging is disabled. 

E. NTP access is enabled. 

F. NTP access is disabled. 

Answer: B,D,E