Pass4sure offers free demo for 300 206 dumps exam. "Implementing Cisco Edge Network Security Solutions", also known as 300 206 senss pdf exam, is a Cisco Certification. This set of posts, Passing the Cisco 300 206 senss pdf exam, will help you answer those questions. The ccnp security senss 300 206 official cert guide Questions & Answers covers all the knowledge points of the real exam. 100% real Cisco 300 206 senss exams and revised by experts!

Q101. Which two features block traffic that is sourced from non-topological IPv6 addresses? (Choose two.) 

A. DHCPv6 Guard 

B. IPv6 Prefix Guard 

C. IPv6 RA Guard 

D. IPv6 Source Guard 

Answer: B,D 


Q102. IPv6 addresses in an organization's network are assigned using Stateless Address Autoconfiguration. What is a security concern of using SLAAC for IPv6 address assignment? 

A. Man-In-The-Middle attacks or traffic interception using spoofed IPv6 Router Advertisements 

B. Smurf or amplification attacks using spoofed IPv6 ICMP Neighbor Solicitations 

C. Denial of service attacks using TCP SYN floods 

D. Denial of Service attacks using spoofed IPv6 Router Solicitations 

Answer:


Q103. Refer to the exhibit. What is the effect of this configuration? 

A. The firewall will inspect IP traffic only between networks 192.168.1.0 and 192.168.2.0. 

B. The firewall will inspect all IP traffic except traffic to 192.168.1.0 and 192.168.2.0. 

C. The firewall will inspect traffic only if it is defined within a standard ACL. 

D. The firewall will inspect all IP traffic. 

Answer:


Q104. What are two security features at the access port level that can help mitigate Layer 2 attacks? (Choose two.) 

A. DHCP snooping 

B. IP Source Guard 

C. Telnet 

D. Secure Shell 

E. SNMP 

Answer: A,B 


Q105. A router is being enabled for SSH command line access. The following steps have been taken: 

. The vty ports have been configured with transport input SSH and login local. 

. Local user accounts have been created. 

. The enable password has been configured. 

What additional step must be taken if users receive a 'connection refused' error when attempting to access the router via SSH? 

A. A RSA keypair must be generated on the router 

B. An access list permitting SSH inbound must be configured and applied to the vty ports 

C. An access list permitting SSH outbound must be configured and applied to the vty ports 

D. SSH v2.0 must be enabled on the router 

Answer:


Q106. Which two features does Cisco Security Manager provide? (Choose two.) 

A. Configuration and policy deployment before device discovery 

B. Health and performance monitoring 

C. Event management and alerting 

D. Command line menu for troubleshooting 

E. Ticketing management and tracking 

Answer: B,C 


Q107. When you configure a Cisco firewall in multiple context mode, where do you allocate interfaces? 

A. in the system execution space 

B. in the admin context 

C. in a user-defined context 

D. in the global configuration 

Answer:


Q108. Which three options are default settings for NTP parameters on a Cisco device? (Choose three.) 

A. NTP authentication is enabled. 

B. NTP authentication is disabled. 

C. NTP logging is enabled. 

D. NTP logging is disabled. 

E. NTP access is enabled. 

F. NTP access is disabled. 

Answer: B,D,E 


Q109. Which two voice protocols can the Cisco ASA inspect? (Choose two.) 

A. MGCP 

B. IAX 

C. Skype 

D. CTIQBE 

Answer: A,D 


Q110. In a Cisco ASAv failover deployment, which interface is preconfigured as the failover interface? 

A. GigabitEthernet0/2 

B. GigabitEthernet0/4 

C. GigabitEthernet0/6 

D. GigabitEthernet0/8 

Answer: