Want to know Actualtests 300 206 senss Exam practice test features? Want to lear more about Cisco Implementing Cisco Edge Network Security Solutions certification experience? Study Free Cisco 300 206 senss pdf answers to Most recent cisco 300 206 questions at Actualtests. Gat a success with an absolute guarantee to pass Cisco 300 206 dumps (Implementing Cisco Edge Network Security Solutions) test on your first attempt.
Q51. IPv6 addresses in an organization's network are assigned using Stateless Address Autoconfiguration. What is a security concern of using SLAAC for IPv6 address assignment?
A. Man-In-The-Middle attacks or traffic interception using spoofed IPv6 Router Advertisements
B. Smurf or amplification attacks using spoofed IPv6 ICMP Neighbor Solicitations
C. Denial of service attacks using TCP SYN floods
D. Denial of Service attacks using spoofed IPv6 Router Solicitations
Answer: A
Q52. When you configure a Cisco firewall in multiple context mode, where do you allocate interfaces?
A. in the system execution space
B. in the admin context
C. in a user-defined context
D. in the global configuration
Answer: A
Q53. When configuring a new context on a Cisco ASA device, which command creates a domain for the context?
A. domain config name
B. domain-name
C. changeto/domain name change
D. domain context 2
Answer: B
Q54. Which command is used to nest objects in a pre-existing group?
A. object-group
B. network group-object
C. object-group network
D. group-object
Answer: D
Q55. Which statement about Cisco ASA NetFlow v9 (NSEL) is true?
A. NSEL events match all traffic classes in parallel
B. NSEL is has a time interval locked at 20 seconds and is not user configurable
C. NSEL tracks flow-create, flow-teardown, and flow-denied events and generates appropriate NSEL data records
D. You cannot disable syslog messages that have become redundant because of NSEL
E. NSEL tracks the flow continuously and provides updates every 10 second
F. NSEL provides stateless IP flow tracking that exports all record od a specific flow
Answer: C
Explanation:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/monitor _nsel. Html
Q56. When access rule properties are configured within ASDM, which traffic direction type is required by global and management access rule?
A. Any
B. Both in and out
C. In
D. Out
Answer: C
Q57. Which two options are.protocols and tools that are used by the management plane when discussing Cisco ASA general management plane hardening? (Choose two.)
A. ICMP unreachables
B. NetFlow
C. syslog
D. Routing Protocol Authentication
E. Cisco URL Filtering
F. threat detection
G. Unicast Reverse Path Forwarding
Answer: B,C
Q58. CORRECT TEXT
You are a network security engineer for the Secure-X network. You have been tasked with
implementing dynamic network object NAT with PAT on a Cisco ASA. You must configure the Cisco ASA such that the source IP addresses of all internal hosts are translated to a single IP address (using different ports) when the internal hosts access the Internet.
To successfully complete this activity, you must perform the following tasks:
. Use the Cisco ASDM GUI on the Admin PC to configure dynamic network object NAT with PAT using the following parameters:
. Network object name: Internal-Networks
. IP subnet: 10.10.0.0/16
. Translated IP address: 192.0.2.100
. Source interface: inside
. Destination interface: outside
NOTE: The object (TRANSLATED-INSIDE-HOSTS) for this translated IP address has already been created for your use in this activity.
NOTE: Not all ASDM screens are active for this exercise.
NOTE: Login credentials are not needed for this simulation.
. In the Cisco ASDM, display and view the auto-generated NAT rule.
. From the Employee PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public.
. From the Guest PC, generate traffic to SP-SRV by opening a browser and navigating to http://sp-srv.sp.public.
. At the CLI of the Cisco ASA, display your NAT configuration. You should see the configured policy and statistics for translated packets.
. At the CLI of the Cisco ASA, display the translation table. You should see dynamic translations for the Employee PC and the Guest PC. Both inside IP addresses translate to the same IP address, but using different ports.
You have completed this exercise when you have configured and successfully tested dynamic network object NAT with PAT.
Answer: See the explanation for detailed answer to this sim question.
Q59. What is the default behavior of NAT control on Cisco ASA Software Version 8.3?
A. NAT control has been deprecated on Cisco ASA Software Version 8.3.
B. It will prevent traffic from traversing from one enclave to the next without proper access configuration.
C. It will allow traffic to traverse from one enclave to the next without proper access configuration.
D. It will deny all traffic.
Answer: A
Q60. What are the three types of private VLAN ports? (Choose three.)
A. promiscuous
B. isolated
C. community
D. primary
E. secondary
F. trunk
Answer: A,B,C