Master the ccnp security senss 300 206 official cert guide Implementing Cisco Edge Network Security Solutions content and be ready for exam day success quickly with this Pass4sure ccnp security senss 300 206 official cert guide pdf free exam. We guarantee it!We make it a reality and give you real 300 206 senss questions in our Cisco ccnp security senss 300 206 official cert guide braindumps.Latest 100% VALID Cisco ccnp security senss 300 206 official cert guide Exam Questions Dumps at below page. You can use our Cisco ccnp security senss 300 206 official cert guide pdf braindumps and pass your exam.
Q31. Which VTP mode supports private VLANs on a switch?
A. transparent
B. server
C. client
D. off
Answer: A
Q32. Which statement describes the correct steps to enable Botnet Traffic Filtering on a Cisco ASA version 9.0 transparent-mode firewall with an active Botnet Traffic Filtering license?
A. Enable DNS snooping, traffic classification, and actions.
B. Botnet Traffic Filtering is not supported in transparent mode.
C. Enable the use of the dynamic database, enable DNS snooping, traffic classification, and actions.
D. Enable the use of dynamic database, enable traffic classification and actions.
Answer: C
Q33. Which policy map action makes a Cisco router behave as a stateful firewall for matching traffic?
A. Log
B. Inspect
C. Permit
D. Deny
Answer: B
Q34. You are a security engineer at a large multinational retailer. Your Chief Information Officer recently attended a security conference and has asked you to secure the network infrastructure from VLAN hopping.
Which statement describes how VLAN hopping can be avoided?
A. There is no such thing as VLAN hopping because VLANs are completely isolated.
B. VLAN hopping can be avoided by using IEEE 802.1X to dynamically assign the access VLAN to all endpoints and setting the default access VLAN to an unused VLAN ID.
C. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an ISL trunk to an unused VLAN ID.
D. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an IEEE 802.1Q trunk to an unused VLAN ID.
Answer: D
Q35. Which three options are default settings for NTP parameters on a Cisco device? (Choose three.)
A. NTP authentication is enabled.
B. NTP authentication is disabled.
C. NTP logging is enabled.
D. NTP logging is disabled.
E. NTP access is enabled.
F. NTP access is disabled.
Answer: B,D,E
Q36. Which option is the default logging buffer size In memory of the Cisco ASA adaptive security appliance?
A. 8KB
B. 32KB
C. 2KB
D. 16KB
E. 4KB
Answer: E
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_gen eral_c onfig/ monitor_syslog.html
Q37. What is the default behavior of an access list on the Cisco ASA security appliance?
A. It will permit or deny traffic based on the access-list criteria.
B. It will permit or deny all traffic on a specified interface.
C. An access group must be configured before the access list will take effect for traffic control.
D. It will allow all traffic.
Answer: C
Q38. Refer to the exhibit.
This command is used to configure the SNMP server on a Cisco router. Which option is the encryption password for the SNMP server?
A. Sha
B. Snmp
C. Group-1
D. Snmpv3
Answer: B
Q39. Which four are IPv6 First Hop Security technologies? (Choose four.)
A. Send
B. Dynamic ARP Inspection
C. Router Advertisement Guard
D. Neighbor Discovery Inspection
E. Traffic Storm Control
F. Port Security
G. DHCPv6 Guard
Answer: A,C,D,G
Q40. If you encounter problems logging in to the Cisco Security Manager 4.4 web server or client or backing up its databases, which account has most likely been improperly modified?
A. admin (the default administrator account)
B. casuser (the default service account)
C. guest (the default guest account)
D. user (the default user account)
Answer: B