Your success in Cisco cisco 300 206 is our sole target and we develop all our 300 206 senss braindumps in a way that facilitates the attainment of this target. Not only is our 300 206 dumps study material the best you can find, it is also the most detailed and the most updated. ccnp security senss 300 206 official cert guide Practice Exams for Cisco CCNP Security ccnp security senss 300 206 official cert guide are written to the highest standards of technical accuracy.

Q91. Which statement about the Cisco Security Manager 4.4 NAT Rediscovery feature is true? 

A. It provides NAT policies to existing clients that connect from a new switch port. 

B. It can update shared policies even when the NAT server is offline. 

C. It enables NAT policy discovery as it updates shared polices. 

D. It enables NAT policy rediscovery while leaving existing shared polices unchanged. 

Answer:


Q92. In your role as network security administrator, you have installed syslog server software on a server whose IP address is 10.10.2.40. According to the exhibits, why isn’t the syslog server receiving any syslog messages? 

A. Logging is not enabled globally on the Cisco ASA. 

B. The syslog server has failed. 

C. There have not been any events with a severity level of seven. 

D. The Cisco ASA is not configured to log messages to the syslog server at that IP address. 

Answer:

Explanation: By process of elimination, we know that the other answers choices are not correct so that only leaves us with the server must have failed. We can see from the following screen shots, that events are being generated with severity level of debugging and below, The 10.10.2.40 IP address has been configured as a syslog server, and that logging has been enabled globally: 

\\psf\Home\.Trash\Screen Shot 2015-06-11 at 8.38.59 PM.png 


Q93. What is the maximum jumbo frame size for IPS standalone appliances with 1G and 10G fixed or add-on interfaces? 

A. 1024 bytes 

B. 1518 bytes 

C. 2156 bytes 

D. 9216 bytes 

Answer:


Q94. What is the default behavior of an access list on a Cisco ASA? 

A. It will permit or deny traffic based on the access list criteria. 

B. It will permit or deny all traffic on a specified interface. 

C. It will have no affect until applied to an interface, tunnel-group or other traffic flow. 

D. It will allow all traffic. 

Answer:


Q95. Which threat-detection feature is used to keep track of suspected attackers who create connections to too many hosts or ports? 

A. complex threat detection 

B. scanning threat detection 

C. basic threat detection 

D. advanced threat detection 

Answer:


Q96. You are the administrator of a Cisco ASA 9.0 firewall and have been tasked with ensuring that the Firewall Admins Active Directory group has full access to the ASA configuration. The Firewall Operators Active Directory group should have a more limited level of access. 

Which statement describes how to set these access levels? 

A. Use Cisco Directory Agent to configure the Firewall Admins group to have privilege level 15 access. Also configure the Firewall Operators group to have privilege level 6 access. 

B. Use TACACS+ for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group. 

C. Use RADIUS for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure level 15 access to be assigned to members of the Firewall Admins group. 

D. Active Directory Group membership cannot be used as a determining factor for accessing the Cisco ASA CLI. 

Answer:


Q97. What is the primary purpose of stateful pattern recognition in Cisco IPS networks? 

A. mitigating man-in-the-middle attacks 

B. using multipacket inspection across all protocols to identify vulnerability-based attacks and to thwart attacks that hide within a data stream 

C. detecting and preventing MAC address spoofing in switched environments 

D. identifying Layer 2 ARP attacks 

Answer:


Q98. A network administrator is creating an ASA-CX administrative user account with the following parameters: 

The user will be responsible for configuring security policies on network devices. 

The user needs read-write access to policies. 

The account has no more rights than necessary for the job. 

What role will be assigned to the user? 

A. Administrator 

B. Security administrator 

C. System administrator 

D. Root Administrator 

E. Exec administrator 

Answer:


Q99. Refer to the exhibit. 

To protect Host A and Host B from communicating with each other, which type of PVLAN port should be used for each host? 

A. Host A on a promiscuous port and Host B on a community port 

B. Host A on a community port and Host B on a promiscuous port 

C. Host A on an isolated port and Host B on a promiscuous port 

D. Host A on a promiscuous port and Host B on a promiscuous port 

E. Host A on an isolated port and host B on an isolated port 

F. Host A on a community port and Host B on a community port 

Answer:


Q100. What are two primary purposes of Layer 2 detection in Cisco IPS networks? (Choose two.) 

A. identifying Layer 2 ARP attacks 

B. detecting spoofed MAC addresses and tracking 802.1X actions and data communication after a successful client association 

C. detecting and preventing MAC address spoofing in switched environments 

D. mitigating man-in-the-middle attacks 

Answer: A,D