Want to know Actualtests cisco 300 206 Exam practice test features? Want to lear more about Cisco Implementing Cisco Edge Network Security Solutions certification experience? Study Breathing Cisco cisco 300 206 answers to Replace cisco 300 206 questions at Actualtests. Gat a success with an absolute guarantee to pass Cisco ccnp security senss 300 206 official cert guide pdf (Implementing Cisco Edge Network Security Solutions) test on your first attempt.

Q31. What command alters the SSL ciphers used by the Cisco Email Security Appliance for TLS sessions and HTTPS access? 

A. sslconfig 

B. sslciphers 

C. tlsconifg 

D. certconfig 


Q32. For which management session types does ASDM allow a maximum simultaneous connection limit to be set? 

A. ASDM, Telnet, SSH 

B. ASDM, Telnet, SSH, console 

C. ASDM, Telnet, SSH, VTY 

D. ASDM, Telnet, SSH, other 



You are the network security engineer for the Secure-X network. The company has recently detected Increase of traffic to malware Infected destinations. The Chief Security Officer deduced that some PCs in the internal networks are infected with malware and communicate with malware infected destinations. 

The CSO has tasked you with enable Botnet traffic filter on the Cisco ASA to detect and deny further connection attempts from infected PCs to malware destinations. You are also required to test your configurations by initiating connections through the Cisco ASA and then display and observe the Real-Time Log Viewer in ASDM. 

To successfully complete this activity, you must perform the following tasks: 

* Download the dynamic database and enable use of it. 

. Enable the ASA to download of the dynamic database 

. Enable the ASA to download of the dynamic database. 

. Enable DNS snooping for existing DNS inspection service policy rules.. 

. Enable Botnet Traffic Filter classification on the outside interface for All Traffic. 

. Configure the Botnet Traffic Filter to drop blacklisted traffic on the outside interface. Use the default Threat Level settings 

NOTE: The database files are stored in running memory; they are not stored in flash memory. 

NOTE: DNS is enabled on the inside interface and set to the HQ-SRV ( 

NOTE: Not all ASDM screens are active for this exercise. 

. Verify that the ASA indeed drops traffic to blacklisted destinations by doing the following: 

. From the Employee PC, navigate to http://www.google.com to make sure that access to the Internet is working. 

. From the Employee PC, navigate to http://bot-sparta.no-ip.org. This destination is classified as malware destination by the Cisco SIO database. 

. From the Employee PC, navigate to http://superzarabotok-gid.ru/. This destination is classified as malware destination by the Cisco SIO database. 

. From Admin PC, launch ASDM to display and observe the Real-Time Log Viewer. 

You have completed this exercise when you have configured and successfully tested Botnet traffic filter on the Cisco ASA. 

Answer: See the explanation for detailed answer to this sim question. 

Q34. The Cisco Email Security Appliance can be managed with both local and external users of different privilege levels. What three external modes of authentication are supported? (Choose three.) 

A. LDAP authentication 

B. RADIUS Authentication 


D. SSH host keys 

E. Common Access Card Authentication 

F. RSA Single use tokens 

Answer: A,B,D 

Q35. Which ASA feature is used to keep track of suspected attackers who create connections to too many hosts or ports? 

A. complex threat detection 

B. scanning threat detection 

C. basic threat detection 

D. advanced threat detection 


Q36. Which two options are.protocols and tools that are used by the management plane when discussing Cisco ASA general management plane hardening? (Choose two.) 

A. ICMP unreachables 

B. NetFlow 

C. syslog 

D. Routing Protocol Authentication 

E. Cisco URL Filtering 

F. threat detection 

G. Unicast Reverse Path Forwarding 

Answer: B,C 

Q37. An attacker has gained physical access to a password protected router. Which command will prevent access to the startup-config in NVRAM? 

A. no service password-recovery 

B. no service startup-config 

C. service password-encryption 

D. no confreg 0x2142 


Q38. At which layer does Dynamic ARP Inspection validate packets? 

A. Layer 2 

B. Layer 3 

C. Layer 4 

D. Layer 7 


Q39. Which two options are private-VLAN secondary VLAN types? (Choose two) 

A. Isolated 

B. Secured 

C. Community 

D. Common 

E. Segregated 

Answer: A,C 


http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guid e/cli/ CLIConfigurationGuide/PrivateVLANs.html 

Q40. Which two router commands enable NetFlow on an interface? (Choose two.) 

A. ip flow ingress 

B. ip flow egress 

C. ip route-cache flow infer-fields 

D. ip flow ingress infer-fields 

E. ip flow-export version 9 

Answer: A,B