[Free] 2019(Nov) EnsurePass Cisco 300-206 Dumps with VCE and PDF 11-20

Get Full Version of the Exam

Question No.11

What is the maximum jumbo frame size for IPS standalone appliances with 1G and 10G fixed or add-on interfaces?

  1. 1024 bytes

  2. 1518 bytes

  3. 2156 bytes

  4. 9216 bytes

Correct Answer: D

Question No.12

Which function does DNSSEC provide in a DNS infrastructure?

  1. It authenticates stored information.

  2. It authorizes stored information.

  3. It encrypts stored information.

  4. It logs stored security information.

Correct Answer: A

Question No.13

When a Cisco ASA is configured in multicontext mode, which command is used to change between contexts?

  1. changeto config context

  2. changeto context

  3. changeto/config context change

  4. changeto/config context 2

Correct Answer: B

Question No.14

You are a security engineer at a large multinational retailer. Your Chief Information Officer recently attended a security conference and has asked you to secure the network infrastructure from VLAN hopping. Which statement describes how VLAN hopping can be avoided?

  1. There is no such thing as VLAN hopping because VLANs are completely isolated.

  2. VLAN hopping can be avoided by using IEEE 802.1X to dynamically assign the access VLAN to all endpoints and setting the default access VLAN to an unused VLAN ID.

  3. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an ISL trunk to an unused VLAN ID.

  4. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an IEEE 802.1Q trunk to an unused VLAN ID.

Correct Answer: D

Question No.15

Which Layer 2 security feature validates ARP packets?

  1. DAI

  2. DHCP server

  3. BPDU guard

  4. BPDU filtering

Correct Answer: A

Question No.16

In which two modes is zone-based firewall high availability available? (Choose two.)

  1. IPv4 only

  2. IPv6 only

  3. IPv4 and IPv6

  4. routed mode only

  5. transparent mode only

  6. both transparent and routed modes

Correct Answer: CD

Question No.17

When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of the remote peer when you set the SSH server to perform RSA-based authentication?

  1. router(config-ssh-pubkey-user)#key

  2. router(conf-ssh-pubkey-user)#key-string

  3. router(config-ssh-pubkey)#key-string

  4. router(conf-ssh-pubkey-user)#key-string enable ssh

Correct Answer: B

Question No.18

Which two VPN types can you monitor and control with Cisco Prime Security Manager? (Choose two.)

  1. AnyConnect SSL

  2. site-to-site

  3. clientless SSL

  4. IPsec remote-access

Correct Answer: AD

Explanation: http://www.cisco.com/c/en/us/td/docs/security/asacx/9- 1/user/guide/b_User_Guide_for_ASA_CX_and_PRSM_9_1.pdf

Question No.19

According to Cisco best practices, which two interface configuration commands help prevent VLAN hopping attacks? (Choose two.)

  1. switchport mode access

  2. switchport access vlan 2

  3. switchport mode trunk

  4. switchport access vlan 1

  5. switchport trunk native vlan 1

  6. switchport protected

Correct Answer: AB

Question No.20

Which two SNMPv3 features ensure that SNMP packets have been sent securely? (Choose two.)

  1. host authorization

  2. authentication

  3. encryption

  4. compression

Correct Answer: BC

Get Full Version of the Exam
300-206 Dumps
300-206 VCE and PDF