2017 Apr 300-206 exam answers

Q81. Which three statements about private VLANs are true? (Choose three.) 

A. Isolated ports can talk to promiscuous and community ports. 

B. Promiscuous ports can talk to isolated and community ports. 

C. Private VLANs run over VLAN Trunking Protocol in client mode. 

D. Private VLANS run over VLAN Trunking Protocol in transparent mode. 

E. Community ports can talk to each other as well as the promiscuous port. 

F. Primary, secondary, and tertiary VLANs are required for private VLAN implementation. 

Answer: B,D,E 

Q82. Which command displays syslog messages on the Cisco ASA console as they occur? 

A. Console logging <level> 

B. Logging console <level> 

C. Logging trap <level> 

D. Terminal monitor 

E. Logging monitor <level> 


Q83. Which Cisco product provides a GUI-based device management tool to configure Cisco access routers? 

A. Cisco ASDM 

B. Cisco CP Express 

C. Cisco ASA 5500 

D. Cisco CP 


Q84. Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525? 

A. A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in the global inspection policy 

B. A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy 

C. An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect option 

D. A class-map that matches port 2525 and applying it on an access-list using the inspect option 


Q85. When you install a Cisco ASA AIP-SSM, which statement about the main Cisco ASDM home page is true? 

A. It is replaced by the Cisco AIP-SSM home page. 

B. It must reconnect to the NAT policies database. 

C. The administrator can manually update the page. 

D. It displays a new Intrusion Prevention panel. 


Q86. Which cloud characteristic is used to describe the sharing of physical resources between various entities? 

A. Multitenancy 

B. Ubiquitous access 

C. Elasticity 

D. Resiliency 


Q87. In IOS routers, what configuration can ensure both prevention of ntp spoofing and accurate time ensured? 

A. ACL permitting udp 123 from ntp server 

B. ntp authentication 

C. multiple ntp servers 

D. local system clock 


Q88. Which two statements about Cisco IOS Firewall are true? (Choose two.) 

A. It provides stateful packet inspection. 

B. It provides faster processing of packets than Cisco ASA devices provide. 

C. It provides protocol-conformance checks against traffic. 

D. It eliminates the need to secure routers and switches throughout the network. 

E. It eliminates the need to secure host machines throughout the network. 

Answer: A,C 

Q89. Which command sets the source IP address of the NetFlow exports of a device? 

A. ip source flow-export 

B. ip source netflow-export 

C. ip flow-export source 

D. ip netflow-export source 


Q90. Which threat-detection feature is used to keep track of suspected attackers who create connections to too many hosts or ports? 

A. complex threat detection 

B. scanning threat detection 

C. basic threat detection 

D. advanced threat detection