300-206 - Implementing Cisco Edge Network Security Solutions
Go back to
Cisco
Example Questions
Which URL matches the regex statement "http"*/"www.cisco.com/"*[^E]"xe"?
https://www.cisco.com/ftp/ios/tftpserver.exe
Which product can manage licenses, updates, and a single signature policy for 15 separate IPS appliances?
Cisco Security Manager
What can an administrator do to simultaneously capture and trace packets in a Cisco ASA?
Use the trace option of the capture command.
Which statement about the Cisco Security Manager 4.4 NAT Rediscovery feature is true?
It enables NAT policy rediscovery while leaving existing shared polices unchanged.
When you install a Cisco ASA AIP-SSM, which statement about the main Cisco ASDM home page is true?
It displays a new Intrusion Prevention panel.
Which two options are two purposes of the packet-tracer command? (Choose two.)
to inject virtual packets into the data path
to debug packet drops in a production network
What is the default behavior of an access list on a Cisco ASA?
It will have no affect until applied to an interface, tunnel-group or other traffic flow.
When configuring a new context on a Cisco ASA device, which command creates a domain for the context?
domain-name
You have explicitly added the line deny ipv6 any log to the end of an IPv6 ACL on a router interface. Which two ICMPv6 packet types must you explicitly allow to enable traffic to traverse the interface? (Choose two.)
neighbor solicitation
neighbor advertisement
A network printer has a DHCP server service that cannot be disabled. How can a layer 2 switch be configured to prevent the printer from causing network issues?
Configure DHCP snooping
Which two statements about zone-based firewalls are true? (Choose two.)
More than one interface can be assigned to the same zone.
An interface can only be in one zone.
Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security device?
logging list critical_messages level 2 logging console critical_messages
A network engineer is asked to configure NetFlow to sample one of every 100 packets on a router's fa0/0 interface. Which configuration enables sampling, assuming that NetFlow is already configured and running on the router's fa0/0 interface?
flow-sampler-map flow1 mode random one-out-of 100 interface fas0/0 flow-sampler flow1
Which command displays syslog messages on the Cisco ASA console as they occur?
Logging console <level>
What is the lowest combination of ASA model and license providing 1 Gigabit Ethernet interfaces?
ASA 5510 Security+ license option
Which two device types can Cisco Prime Security Manager manage in Multiple Device mode? (Choose two.)
Cisco ASA
Cisco ASA CX
When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of the remote peer when you set the SSH server to perform RSA-based authentication?
router(conf-ssh-pubkey-user)#key-string
You are the administrator of a Cisco ASA 9.0 firewall and have been tasked with ensuring that the Firewall Admins Active Directory group has full access to the ASA configuration. The Firewall Operators Active Directory group should have a more limited level of access. Which statement describes how to set these access levels?
Use TACACS+ for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group.
Which log level provides the most detail on the Cisco Web Security Appliance?
Trace
A network engineer is troubleshooting and configures the ASA logging level to debugging. The logging-buffer is dominated by %ASA-6-305009 log messages. Which command suppresses those syslog messages while maintaining ability to troubleshoot?
no logging message 305009
Where on a firewall does an administrator assign interfaces to contexts?
in the system execution space
Which option describes the purpose of the input parameter when you use the packet-tracer command on a Cisco device?
to specify the source interface for the packet trace
What is the default behavior of an access list on the Cisco ASA security appliance?
An access group must be configured before the access list will take effect for traffic control.
Which two SNMPv3 features ensure that SNMP packets have been sent securely?" Choose two.
authentication
encryption
Which command configures the SNMP server group1 to enable authentication for members of the access list east?
snmp-server group group1 v3 auth access east
A network administrator is creating an ASA-CX administrative user account with the following parameters: The user will be responsible for configuring security policies on network devices. The user needs read-write access to policies. The account has no more rights than necessary for the job. What role will be assigned to the user?
Security administrator
Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance?
a DES or 3DES license
In IOS routers, what configuration can ensure both prevention of ntp spoofing and accurate time ensured?
ntp authentication
Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525?
A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in the global inspection policy
Which set of commands enables logging and displays the log buffer on a Cisco ASA?
logging enable show logging
Which two statements about Cisco IOS Firewall are true? (Choose two.)
It provides stateful packet inspection.
It provides protocol-conformance checks against traffic.
All 30 users on a single floor of a building are complaining about network slowness. After investigating the access switch, the network administrator notices that the MAC address table is full (10,000 entries) and all traffic is being flooded out of every port. Which action can the administrator take to prevent this from occurring?
Configure port-security to limit the number of mac-addresses allowed on each port
Which two features are supported when configuring clustering of multiple Cisco ASA appliances? (Choose two.)
NAT
dynamic routing
Which statement describes the correct steps to enable Botnet Traffic Filtering on a Cisco ASA version 9.0 transparent-mode firewall with an active Botnet Traffic Filtering license?
Enable the use of the dynamic database, enable DNS snooping, traffic classification, and actions.
Which security operations management best practice should be followed to enable appropriate network access for administrators?
Dedicate a separate physical or logical plane for management traffic
What is the default violation mode that is applied by port security?
shutdown
What is the result of the default ip ssh server authenticate user command?
It enables the public key, keyboard, and password authentication methods.
Which feature can suppress packet flooding in a network?
storm control
What are two security features at the access port level that can help mitigate Layer 2 attacks? (Choose two.)
DHCP snooping
IP Source Guard
An administrator is deploying port-security to restrict traffic from certain ports to specific MAC addresses. Which two considerations must an administrator take into account when using the switchport port-security mac-address sticky command? (Choose two.)
The configuration will be updated with MAC addresses from traffic seen ingressing the port. The configuration will not automatically be saved to NVRAM.
If configured on a trunk port without the 'vlan' keyword, it will apply only to the native vlan.
When will a Cisco ASA that is operating in transparent firewall mode perform a routing table lookup instead of a MAC address table lookup to determine the outgoing interface of a packet?
if NAT is configured
What are two reasons to implement Cisco IOS MPLS Bandwidth-Assured Layer 2 Services? (Choose two.)
increased resiliency through MPLS FRR for AToM circuits and better bandwidth utilization through MPLS TE
enabled services over an IP/MPLS infrastructure, for enhanced MPLS Layer 2 functionality
When a Cisco ASA is configured in multicontext mode, which command is used to change between contexts?
changeto context
An attacker has gained physical access to a password protected router. Which command will prevent access to the startup-config in NVRAM?
no service password-recovery
What is the primary purpose of stateful pattern recognition in Cisco IPS networks?
using multipacket inspection across all protocols to identify vulnerability-based attacks and to thwart attacks that hide within a data stream
A Cisco ASA is configured in multiple context mode and has two user-defined contexts--Context_A and Context_B. From which context are device logging messages sent?
Admin
Which command tests authentication with SSH and shows a generated key?
show crypto key mypubkey rsa
Which statement about Cisco Security Manager form factors is true?
Cisco Security Manager Professional and Cisco Security Manager UCS Server Bundles support FWSMs.
Your company is replacing a high-availability pair of Cisco ASA 5550 firewalls with the newer Cisco ASA 5555-X models. Due to budget constraints, one Cisco ASA 5550 will be replaced at a time. Which statement about the minimum requirements to set up stateful failover between these two firewalls is true?
It is not possible to use failover between different Cisco ASA models.
Which technology provides forwarding-plane abstraction to support Layer 2 to Layer 7 network services in Cisco Nexus 1000V?
Virtual Service Data Path
Study Guides
