Proper study guides for Update Cisco Implementing Cisco Edge Network Security Solutions certified begins with Cisco 300 206 senss pdf preparation products which designed to deliver the Real cisco 300 206 questions by making you pass the 300 206 senss pdf test at your first time. Try the free ccnp security senss 300 206 official cert guide demo right now.

Q21. Which Layer 2 security feature validates ARP packets? 

A. DAI 

B. DHCP server 

C. BPDU guard 

D. BPDU filtering 

Answer:


Q22. At which firewall severity level will debugs appear on a Cisco ASA? 

A. 7 

B. 6 

C. 5 

D. 4 

Answer:


Q23. Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security device? 

A. logging list critical_messages level 2 

console logging critical_messages 

B. logging list critical_messages level 2 

logging console critical_messages 

C. logging list critical_messages level 2 

logging console enable critical_messages 

D. logging list enable critical_messages level 2 

console logging critical_messages 

Answer:


Q24. You have explicitly added the line deny ipv6 any log to the end of an IPv6 ACL on a router interface. Which two ICMPv6 packet types must you explicitly allow to enable traffic to traverse the interface? (Choose two.) 

A. router solicitation 

B. router advertisement 

C. neighbor solicitation 

D. neighbor advertisement 

E. redirect 

Answer: C,D 


Q25. What is the default behavior of an access list on a Cisco ASA? 

A. It will permit or deny traffic based on the access list criteria. 

B. It will permit or deny all traffic on a specified interface. 

C. It will have no affect until applied to an interface, tunnel-group or other traffic flow. 

D. It will allow all traffic. 

Answer:


Q26. Which component does Cisco ASDM require on the host Cisco ASA 5500 Series or Cisco PIX security appliance? 

A. a DES or 3DES license 

B. a NAT policy server 

C. a SQL database 

D. a Kerberos key 

E. a digital certificate 

Answer:


Q27. SNMP users have a specified username, a group to which the user belongs, authentication password, encryption password, and authentication and encryption algorithms to use. The authentication algorithm options are MD5 and SHA. The encryption algorithm options are DES, 3DES, andAES (which is available in 128,192, and 256 versions). When you create a user, with which option must you associate it? 

A. an SNMP group 

B. at least one interface 

C. the SNMP inspection in the global_policy 

D. at least two interfaces 

Answer:

Explanation: This can be verified via the ASDM screen shot shown here: 


Q28. When configured in accordance to Cisco best practices, the ip verify source command can mitigate which two types of Layer 2 attacks? (Choose two.) 

A. rogue DHCP servers 

B. ARP attacks 

C. DHCP starvation 

D. MAC spoofing 

E. CAM attacks 

F. IP spoofing 

Answer: D,F 


Q29. Which two options are two purposes of the packet-tracer command? (Choose two.) 

A. to filter and monitor ingress traffic to a switch 

B. to configure an interface-specific packet trace 

C. to inject virtual packets into the data path 

D. to debug packet drops in a production network 

E. to correct dropped packets in a production network 

Answer: C,D 


Q30. Which two web browsers are supported for the Cisco ISE GUI? (Choose two.) 

A. HTTPS-enabled Mozilla Firefox version 3.x 

B. Netscape Navigator version 9 

C. Microsoft Internet Explorer version 8 in Internet Explorer 8-only mode 

D. Microsoft Internet Explorer version 8 in all Internet Explorer modes 

E. Google Chrome (all versions) 

Answer: A,C