Secrets to 300 206 dumps

Want to know Exambible 300 206 senss pdf Exam practice test features? Want to lear more about Cisco Implementing Cisco Edge Network Security Solutions certification experience? Study Realistic Cisco cisco 300 206 answers to Far out 300 206 senss pdf questions at Exambible. Gat a success with an absolute guarantee to pass Cisco 300 206 senss (Implementing Cisco Edge Network Security Solutions) test on your first attempt.

Q71. You are the administrator of a Cisco ASA 9.0 firewall and have been tasked with ensuring that the Firewall Admins Active Directory group has full access to the ASA configuration. The Firewall Operators Active Directory group should have a more limited level of access. 

Which statement describes how to set these access levels? 

A. Use Cisco Directory Agent to configure the Firewall Admins group to have privilege level 15 access. Also configure the Firewall Operators group to have privilege level 6 access. 

B. Use TACACS+ for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group. 

C. Use RADIUS for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group. 

D. Active Directory Group membership cannot be used as a determining factor for accessing the Cisco ASA CLI. 

Answer:


Q72. SNMP users have a specified username, a group to which the user belongs, authentication password, encryption password, and authentication and encryption algorithms to use. The authentication algorithm options are MD5 and SHA. The encryption algorithm options are DES, 3DES, andAES (which is available in 128,192, and 256 versions). When you create a user, with which option must you associate it? 

A. an SNMP group 

B. at least one interface 

C. the SNMP inspection in the global_policy 

D. at least two interfaces 

Answer:

Explanation: This can be verified via the ASDM screen shot shown here: 


Q73. When it is configured in accordance to Cisco best practices, the switchport port-security maximum command can mitigate which two types of Layer 2 attacks? (Choose two.) 

A. rogue DHCP servers 

B. ARP attacks 

C. DHCP starvation 

D. MAC spoofing 

E. CAM attacks 

F. IP spoofing 

Answer: C,E 


Q74. You are the administrator of a multicontext transparent-mode Cisco ASA that uses a shared interface that belongs to more than one context. Because the same interface will be used within all three contexts, which statement describes how you will ensure that return traffic will reach the correct context? 

A. Interfaces may not be shared between contexts in routed mode. 

B. Configure a unique MAC address per context with the no mac-address auto command. 

C. Configure a unique MAC address per context with the mac-address auto command. 

D. Use static routes on the Cisco ASA to ensure that traffic reaches the correct context. 

Answer:


Q75. A rogue device has connected to the network and has become the STP root bridge, which has caused a network availability issue. 

Which two commands can protect against this problem? (Choose two.) 

A. switch(config)#spanning-tree portfast bpduguard default 

B. switch(config)#spanning-tree portfast bpdufilter default 

C. switch(config-if)#spanning-tree portfast 

D. switch(config-if)#spanning-tree portfast disable 

E. switch(config-if)#switchport port-security violation protect 

F. switch(config-if)#spanning-tree port-priority 0 

Answer: A,C 


Q76. Which Cisco switch technology prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast flood on a port? 

A. port security 

B. storm control 

C. dynamic ARP inspection 

D. BPDU guard 

E. root guard 

F. dot1x 

Answer:


Q77. Which utility can you use to troubleshoot and determine the timeline of packet changes in a data path within a Cisco firewall? 

A. packet tracer 

B. ping 

C. traceroute 

D. SNMP walk 

Answer:


Q78. Which command is used to disable Cisco Discovery Protocol globally on a router? 

A. Cdp disable 

B. No cdp enable 

C. No cdp 

D. No cdp run 

Answer:


Q79. Which cloud characteristic is used to describe the sharing of physical resources between various entities? 

A. Multitenancy 

B. Ubiquitous access 

C. Elasticity 

D. Resiliency 

Answer:


Q80. Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security device? 

A. logging list critical_messages level 2 

console logging critical_messages 

B. logging list critical_messages level 2 

logging console critical_messages 

C. logging list critical_messages level 2 

logging console enable critical_messages 

D. logging list enable critical_messages level 2 

console logging critical_messages 

Answer: