Exam Code: 300 206 senss pdf (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Implementing Cisco Edge Network Security Solutions
Certification Provider: Cisco
Free Today! Guaranteed Training- Pass 300 206 senss pdf Exam.

Q16. Refer to the exhibit. 

What traffic is being captured by the Cisco ASA adaptive security appliance? 

A. UDP traffic sourced from host 10.10.0.12 on port 80 

B. TCP traffic destined to host 10.10.0.12 on port 80 

C. TCP traffic sourced from host 10.10.0.12 on port 80 

D. UDP traffic destined to host 10.10.0.12 on port 80 

Answer:


Q17. Which Layer 2 security feature prevents traffic on a LAN from being disrupted by a broadcast,multicat, or unicast storm on one physical interface? 

A. Bridge protocol Data Unit Guard 

B. Storm Control 

C. Embedded event monitoring 

D. Access control lists 

Answer:


Q18. Which three options describe how SNMPv3 traps can be securely configured to be sent by 

IOS? (Choose three.) 

A. An SNMPv3 group is defined to configure the read and write views of the group. 

B. An SNMPv3 user is assigned to SNMPv3 group and defines the encryption and authentication credentials. 

C. An SNMPv3 host is configured to define where the SNMPv3 traps will be sent. 

D. An SNMPv3 host is used to configure the encryption and authentication credentials for SNMPv3 traps. 

E. An SNMPv3 view is defined to configure the address of where the traps will be sent. 

F. An SNMPv3 group is used to configure the OIDs that will be reported. 

Answer: A,B,C 


Q19. What is the lowest combination of ASA model and license providing 1 Gigabit Ethernet interfaces? 

A. ASA 5505 with failover license option 

B. ASA 5510 Security+ license option 

C. ASA 5520 with any license option 

D. ASA 5540 with AnyConnect Essentials License option 

Answer:


Q20. You are the administrator of a Cisco ASA 9.0 firewall and have been tasked with ensuring that the Firewall Admins Active Directory group has full access to the ASA configuration. The Firewall Operators Active Directory group should have a more limited level of access. 

Which statement describes how to set these access levels? 

A. Use Cisco Directory Agent to configure the Firewall Admins group to have privilege level 15 access. Also configure the Firewall Operators group to have privilege level 6 access. 

B. Use TACACS+ for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group. 

C. Use RADIUS for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group. 

D. Active Directory Group membership cannot be used as a determining factor for accessing the Cisco ASA CLI. 

Answer:


Q21. Which command is used to disable Cisco Discovery Protocol globally on a router? 

A. Cdp disable 

B. No cdp enable 

C. No cdp 

D. No cdp run 

Answer:


Q22. Which command displays syslog messages on the Cisco ASA console as they occur? 

A. Console logging <level> 

B. Logging console <level> 

C. Logging trap <level> 

D. Terminal monitor 

E. Logging monitor <level> 

Answer:


Q23. Which cloud characteristic is used to describes the sharing of physical resource between various 

entities ? 

A. Elasticity 

B. Ubiquitous access 

C. Multitenancy 

D. Resiliency 

Answer:

Explanation: 

http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-3/123_cloud1.html 


Q24. Refer to the exhibit. 

This command is used to configure the SNMP server on a Cisco router. Which option is the encryption password for the SNMP server? 

A. Sha 

B. Snmp 

C. Group-1 

D. Snmpv3 

Answer:


Q25. Which three options correctly identify the Cisco ASA1000V Cloud Firewall? (Choose three.) 

A. operates at Layer 2 

B. operates at Layer 3 

C. secures tenant edge traffic 

D. secures intraswitch traffic 

E. secures data center edge traffic 

F. replaces Cisco VSG 

G. complements Cisco VSG 

H. requires Cisco VSG 

Answer: B,C,G 


Q26. In IOS routers, what configuration can ensure both prevention of ntp spoofing and accurate time ensured? 

A. ACL permitting udp 123 from ntp server 

B. ntp authentication 

C. multiple ntp servers 

D. local system clock 

Answer:


Q27. Which three statements about private VLANs are true? (Choose three.) 

A. Isolated ports can talk to promiscuous and community ports. 

B. Promiscuous ports can talk to isolated and community ports. 

C. Private VLANs run over VLAN Trunking Protocol in client mode. 

D. Private VLANS run over VLAN Trunking Protocol in transparent mode. 

E. Community ports can talk to each other as well as the promiscuous port. 

F. Primary, secondary, and tertiary VLANs are required for private VLAN implementation. 

Answer: B,D,E 


Q28. A Cisco ASA is configured for TLS proxy. When should the security appliance force remote IP phones connecting to the phone proxy through the internet to be in secured mode? 

A. When the Cisco Unified Communications Manager cluster is in non-secure mode 

B. When the Cisco Unified Communications Manager cluster is in secure mode only 

C. When the Cisco Unified Communications Manager is not part of a cluster 

D. When the Cisco ASA is configured for IPSec VPN 

Answer:


Q29. Refer to the exhibit. 

Which two statements about the SNMP configuration are true? (Choose two.) 

A. The router's IP address is 192.168.1.1. 

B. The SNMP server's IP address is 192.168.1.1. 

C. Only the local SNMP engine is configured. 

D. Both the local and remote SNMP engines are configured. 

E. The router is connected to the SNMP server via port 162. 

Answer: B,D 


Q30. How many bridge groups are supported on a firewall that operate in transparent mode? 

A. 8 

B. 16 

C. 10 

D. 6 

Answer: