All 30 users on a single floor of a building are complaining about network slowness. After
investigating the access switch, the network administrator notices that the MAC address table is
full (10,000 entries) and all traffic is being flooded out of every port. Which action can the
administrator take to prevent this from occurring?
A.
Configure port-security to limit the number of mac-addresses allowed on each port
B.
Upgrade the switch to one that can handle 20,000 entries
C.
Configure private-vlans to prevent hosts from communicating with one another
D.
Enable storm-control to limit the traffic rate
E.
Configure a VACL to block all IP traffic except traffic to and from that subnet
A.
Configure port-security to limit the number of mac-addresses allowed on each port
0
0
a
0
0
Since I recently passed the the 300-206 exam, it’s time for me to share the exam dumps I used when preparing for this exam.
QUESTION 101
Which two statements about zone-based firewalls are true? (Choose two.)
A. More than one interface can be assigned to the same zone.
B. Only one interface can be in a given zone.
C. An interface can only be in one zone.
D. An interface can be a member of multiple zones.
E. Every device interface must be a member of a zone.
Answer: AC
QUESTION 102
An attacker has gained physical access to a password protected router. Which command will prevent access to the startup-config in NVRAM?
A. no service password-recovery
B. no service startup-config
C. service password-encryption
D. no confreg 0x2142
Answer: A
QUESTION 103
Which command tests authentication with SSH and shows a generated key?
A. show key mypubkey rsa
B. show crypto key mypubkey rsa
C. show crypto key
D. show key mypubkey
Answer: B
QUESTION 104
Which configuration keyword will configure SNMPv3 with authentication but no encryption?
A. Auth
B. Priv
C. No auth
D. Auth priv
Answer: A
QUESTION 105
In IOS routers, what configuration can ensure both prevention of ntp spoofing and accurate time ensured?
A. ACL permitting udp 123 from ntp server
B. ntp authentication
C. multiple ntp servers
D. local system clock
Answer: B
QUESTION 106
Which product can manage licenses, updates, and a single signature policy for 15 separate IPS appliances?
A. Cisco Security Manager
B. Cisco IPS Manager Express
C. Cisco IPS Device Manager
D. Cisco Adaptive Security Device Manager
Answer: A
QUESTION 107
Which three statements about private VLANs are true? (Choose three.)
A. Isolated ports can talk to promiscuous and community ports.
B. Promiscuous ports can talk to isolated and community ports.
C. Private VLANs run over VLAN Trunking Protocol in client mode.
D. Private VLANS run over VLAN Trunking Protocol in transparent mode.
E. Community ports can talk to each other as well as the promiscuous port.
F. Primary, secondary, and tertiary VLANs are required for private VLAN implementation.
Answer: BDE
QUESTION 108
When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of the remote peer when you set the SSH server to perform RSA-based authentication?
A. router(config-ssh-pubkey-user)#key
B. router(conf-ssh-pubkey-user)#key-string
C. router(config-ssh-pubkey)#key-string
D. router(conf-ssh-pubkey-user)#key-string enable ssh
Answer: B
QUESTION 109
Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP via a man-in-the-middle attack?
A. MACsec
B. Flex VPN
C. Control Plane Protection
D. Dynamic Arp Inspection
Answer: A
QUESTION 110
On an ASA running version 9.0, which command is used to nest objects in a pre-existing group?
A. object-group
B. network group-object
C. object-group network
D. group-object
Answer: D
Welcome to my Google Drive to get more new questions: https://drive.google.com/drive/u/0/folders/0B3Syig5i8gpDQ0xqNGttYzZGYk0
0
0
Sorry, the Google Drive address is useless, please try this new one: https://drive.google.com/open?id=0B3Syig5i8gpDQ0xqNGttYzZGYk0
0
0
Hi Nageli
All the questions in LEAD 2 PASS dumps are still valid??
0
0
Yes, of course!
And the newest dumps updated on Sep.28 are here:
QUESTION 256
Which device can be managed by the Cisco Prime Security Manager?
A. ASA CX
B. ISR G2
C. Nexus
D. UCM
Answer: A
Explanation:
https://www.cisco.com/c/en/us/td/docs/security/asacx/9-2/user/guide/b_User_Guide_for_ASA_CX_and_PRSM_9_2/prsm-ug-intro.html
QUESTION 257
A network engineer must mange and configurations to a cisco networking environment solutions accomplishes this task?
A. cisco IPS manage express and pushing configuration to the ips units
B. cisco security 4.5 or later and pushing configuration bundles to each of the,,,,,
C. cisco adaptive security device manager to push configuration to each of the IPS
D. fire SIGHT manager to bundle and push configuration to the IPS units installed
Answer: D
QUESTION 258
Which two option are main challenges for public cloud data center?
A. deployment cost
B. tenant isolation
C. disaster recovery
D. system scalability
E. network visibility
Answer: BE
QUESTION 259
A network engineer must manage and push configurations to a Cisco networking environment, in which 10 Cisco ASA with IPS modules reside. Which solution accomplishes this task?
A. Cisco Adaptive Security Device Manager to push configurations to each of the IPS units
B. FireSIGHT manager to bundle and push configurations to the IPS units installed on an SSD within the Cisco ASA 5500 Series ASA
C. Cisco Security Manager 4.5 or later and pushing configuration bundles to each of the IPS units
D. Cisco IPS Manager Express and pushing configurations to the IPS units
Answer: B
QUESTION 260
When configuring packet-tracer command from CLI, what is the first option that you set?
A. source IP address
B. destination IP address
C. interface
D. protocol (ip, tcp, udp)
Answer: C
QUESTION 261
What is a benefit the iOS control plane protection?
A. it allows QOS policing of aggregate control-panel
B. it provides for early dropping of packets directed toward closed
C. it prevents the input guide from being overwhelmed by any single
D. it minimizes the number of unprocessed packets a protocol can have
Answer: B
QUESTION 262
Which two voice and video protocols does the Cisco ASA 5500 Series support with Cisco Unified Communications Application Inspection? (Chose two)
A. SCTP
B. SDP
C. H.323
D. H248
E. SCCP
F. SRTP
Answer: CE
Explanation:
https://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next- generation-firewalls/product_data_sheet0900aecd8073cbbf.html
QUESTION 263
Which two option are protocol and tools are used by management plane when using cisco ASA general management plane hardening ?
A. Unicast Reverse Path Forwarding
B. NetFlow
C. Routing Protocol Authentication
D. Threat detection
E. Syslog
F. ICMP unreachables
G. Cisco URL Filtering
Answer: BE
Explanation:
http://www.cisco.com/web/about/security/intelligence/firewall-best-practices.html
0
0
I will always update the new 300-206 exam questions on my blog: http://www.itexams.org/?s=300-206
Welcome to follow me!
0
0
Dear Nageil,
Can you please upload the latest dumps for 300-206 on your blog? Thank you for the kindness
0
0