300-206 Exam Questions Free Download From Lead2pass:
https://www.lead2pass.com/300-206.html
QUESTION 31
Where in the Cisco ASA appliance CLI are Active/Active Failover configuration parameters configured?
A. admin context
B. customer context
C. system execution space
D. within the system execution space and admin context
E. within each customer context and admin context
Answer: C
QUESTION 32
Which Cisco ASA object group type offers the most flexibility for grouping different services together based on arbitrary protocols?
A. network
B. ICMP
C. protocol
D. TCP-UDP
E. service
Answer: E
QUESTION 33
Which Cisco ASA show command groups the xlates and connections information together in its output?
A. show conn
B. show conn detail
C. show xlate
D. show asp
E. show local-host
Answer: E
QUESTION 34
When a Cisco ASA is configured in multiple context mode, within which configuration are the interfaces allocated to the security contexts?
A. each security context
B. system configuration
C. admin context (context with the “admin” role)
D. context startup configuration file (.cfg file)
Answer: B
QUESTION 35
When troubleshooting redundant interface operations on the Cisco ASA, which configuration should be verified?
A. The nameif configuration on the member physical interfaces are identical.
B. The MAC address configuration on the member physical interfaces are identical.
C. The active interface is sending periodic hellos to the standby interface.
D. The IP address configuration on the logical redundant interface is correct.
E. The duplex and speed configuration on the logical redundant interface are correct.
Answer: D
QUESTION 36
On the Cisco ASA, where are the Layer 5-7 policy maps applied?
A. inside the Layer 3-4 policy map
B. inside the Layer 3-4 class map
C. inside the Layer 5-7 class map
D. inside the Layer 3-4 service policy
E. inside the Layer 5-7 service policy
Answer: A
QUESTION 37
A Cisco ASA requires an additional feature license to enable which feature?
A. transparent firewall
B. cut-thru proxy
C. threat detection
D. botnet traffic filtering
E. TCP normalizer
Answer: D
QUESTION 38
Which four are IPv6 First Hop Security technologies? (Choose four.)
A. Send
B. Dynamic ARP Inspection
C. Router Advertisement Guard
D. Neighbor Discovery Inspection
E. Traffic Storm Control
F. Port Security
G. DHCPv6 Guard
Answer: ACDG
QUESTION 39
IPv6 addresses in an organization’s network are assigned using Stateless Address
Autoconfiguration. What is a security concern of using SLAAC for IPv6 address assignment?
A. Man-In-The-Middle attacks or traffic interception using spoofed IPv6 Router Advertisements
B. Smurf or amplification attacks using spoofed IPv6 ICMP Neighbor Solicitations
C. Denial of service attacks using TCP SYN floods
D. Denial of Service attacks using spoofed IPv6 Router Solicitations
Answer: A
QUESTION 40
Which two parameters must be configured before you enable SCP on a router? (Choose two.)
A. SSH
B. authorization
C. ACLs
D. NTP
E. TACACS+
Answer: AB
300-206 dumps full version (PDF&VCE): https://www.lead2pass.com/300-206.html
Large amount of free 300-206 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDQ0xqNGttYzZGYk0
You may also need:
300-208 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDMXlWOHdFVkZmREU
300-209 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDYnF5Vk16OS1tc1E
300-210 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDRF9kSExjc1FqREU