Exam Code: ccnp security senss 300 206 official cert guide pdf (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Edge Network Security Solutions
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300 206 senss pdf Exam.

Q111. A router is being enabled for SSH command line access. The following steps have been taken: 

. The vty ports have been configured with transport input SSH and login local. 

. Local user accounts have been created. 

. The enable password has been configured. 

What additional step must be taken if users receive a 'connection refused' error when attempting to access the router via SSH? 

A. A RSA keypair must be generated on the router 

B. An access list permitting SSH inbound must be configured and applied to the vty ports 

C. An access list permitting SSH outbound must be configured and applied to the vty ports 

D. SSH v2.0 must be enabled on the router 


Q112. When a Cisco ASA is configured in transparent mode, how can ARP traffic be controlled? 

A. By enabling ARP inspection; however, it cannot be controlled by an ACL 

B. By enabling ARP inspection or by configuring ACLs 

C. By configuring ACLs; however, ARP inspection is not supported 

D. By configuring NAT and ARP inspection 


Q113. In which way are management packets classified on a firewall that operates in multiple context mode? 

A. by their interface IP address 

B. by the routing table 

C. by NAT 

D. by their MAC addresses 


Q114. Refer to the exhibit. 

Which type of ACL is shown in this configuration? 

A. IPv4 

B. IPv6 

C. unified 



Q115. When configuring a new context on a Cisco ASA device, which command creates a domain for the context? 

A. domain config name 

B. domain-name 

C. changeto/domain name change 

D. domain context 2 


Q116. Which Cisco TrustSec role does a Cisco ASA firewall serve within an identity architecture? 

A. Access Requester 

B. Policy Decision Point 

C. Policy Information Point 

D. Policy Administration Point 

E. Policy Enforcement Point 

Answer: E

Q117. You have installed a web server on a private network. Which type of NAT must you implement to enable access to the web server for public Internet users? 

A. static NAT 

B. dynamic NAT 

C. network object NAT 

D. twice NAT 


Q118. If the Cisco ASA 1000V has too few licenses, what is its behavior? 

A. It drops all traffic. 

B. It drops all outside-to-inside packets. 

C. It drops all inside-to-outside packets. 

D. It passes the first outside-to-inside packet and drops all remaining packets. 


Q119. A switch is being configured at a new location that uses statically assigned IP addresses. Which will ensure that ARP inspection works as expected? 

A. Configure the 'no-dhcp' keyword at the end of the ip arp inspection command 

B. Enable static arp inspection using the command 'ip arp inspection static vlan vlan-number 

C. Configure an arp access-list and apply it to the ip arp inspection command 

D. Enable port security 


Q120. What is the result of the default ip ssh server authenticate user command? 

A. It enables the public key, keyboard, and password authentication methods. B. It enables the public key authentication method only. 

C. It enables the keyboard authentication method only. 

D. It enables the password authentication method only.