How Does Pass4sure Cisco 300-206 study guide Work?


The article at Testaimer.com going over http://www.testaimer.com/300-206-test is very comprehensive.

Q21. What are two enhancements of SSHv2 over SSHv1? (Choose two.) 

A. VRF-aware SSH support 

B. DH group exchange support 

C. RSA support 

D. keyboard-interactive authentication 

E. SHA support 

Answer: A,B 


Q22. What is the best description of a unified ACL on a Cisco firewall? 

A. An ACL with both IPv4 and IPv6 functionality. 

B. An IPv6 ACL with IPv4 backwards compatibility. 

C. An IPv4 ACL with IPv6 support. 

D. An ACL that supports EtherType in addition to IPv6. 

Answer:

Explanation: 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_co nfig/ intro_intro.html 


Q23. Refer to the exhibit. 

Which statement about this access list is true? 

A. This access list does not work without 6to4 NAT 

B. IPv6 to IPv4 traffic permitted on the Cisco ASA by default 

C. This access list is valid and works without additional configuration 

D. This access list is not valid and does not work at all 

E. We can pass only IPv6 to IPv6 and IPv4 to IPv4 traffic 

Answer:


Q24. Which Cisco product provides a GUI-based device management tool to configure Cisco access routers? 

A. Cisco ASDM 

B. Cisco CP Express 

C. Cisco ASA 5500 

D. Cisco CP 

Answer:


Q25. Which command is used to nest objects in a pre-existing group? 

A. object-group 

B. network group-object 

C. object-group network 

D. group-object 

Answer:


Q26. Which two statements about Cisco IOS Firewall are true? (Choose two.) 

A. It provides stateful packet inspection. 

B. It provides faster processing of packets than Cisco ASA devices provide. 

C. It provides protocol-conformance checks against traffic. 

D. It eliminates the need to secure routers and switches throughout the network. 

E. It eliminates the need to secure host machines throughout the network. 

Answer: A,C 


Q27. What are two primary purposes of Layer 2 detection in Cisco IPS networks? (Choose two.) 

A. identifying Layer 2 ARP attacks 

B. detecting spoofed MAC addresses and tracking 802.1X actions and data communication after a successful client association 

C. detecting and preventing MAC address spoofing in switched environments 

D. mitigating man-in-the-middle attacks 

Answer: A,D 


Q28. When you configure a Botnet Traffic Filter on a Cisco firewall, what are two optional tasks? (Choose two.) 

A. Enable the use of dynamic databases. 

B. Add static entries to the database. 

C. Enable DNS snooping. 

D. Enable traffic classification and actions. 

E. Block traffic manually based on its syslog information. 

Answer: B,E 


Q29. Refer to the exhibit. 

Which option describes the expected result of the capture ACL? 

A. The capture is applied, but we cannot see any packets in the capture 

B. The capture does not get applied and we get an error about mixed policy. 

C. The capture is applied and we can see the packets in the capture 

D. The capture is not applied because we must have a host IP as the source 

Answer:


Q30. Which two SNMPv3 features ensure that SNMP packets have been sent securely? (Choose two.) 

A. host authorization 

B. authentication 

C. encryption 

D. compression 

Answer: B,C