Latest Cisco CCNP Security 300-206 EXAM QUESTIONS [Dec-2017 Dumps]

Cisco 300-206 exam is very helpful for applicants to identify IT Operations Manager, Network Security Engineer and Security Consultant. Applicants will also learn how to improve Describe common Layer 2 threats and attacks and mitigation. Applicants, who will clear this 300-206 Cisco Certified Network Professional Security certification exam, will receive CCNP Security certifications. CCNPtips provides you updated 300-206 exam questions for your 300-206 exam preparation.

300-206 exam questions, 300-206 PDF dumps; 300-206 exam dumps:: (202 Q&A) (New Questions Are 100% Available! Also Free Practice Test Software!)

Latest and Most Accurate Cisco 300-206 Exam Questions:

Question: 12

A network engineer is asked to configure NetFlow to sample one of every 100 packets on a router’s fa0/0 interface. Which configuration enables sampling, assuming that NetFlow is already configured and running on the router’s fa0/0 interface?

A. flow-sampler-map flow1mode random one-out-of 100
interface fas0/0 flow-sampler flow1
B. flow monitor flow1mode random one-out-of 100
interface fas0/0 IP flow monitor flow1
C. flow-sampler-map flow1one-out-of 100 interface fas0/0 flow-sampler flow1
D. is flow-export source fas0/0 one-out-of 100

Answer: A

Question: 13

What is the default log level on the Cisco Web Security Appliance?

A. Trace
B. Debug
C. Informational
D. Critical

Answer: C

Question: 14

New Updated 300-206 Exam Questions 300-206 PDF dumps 300-206 practice exam dumps:

Which command sets the source IP address of the NetFlow exports of a device?

A.  ip source flow-export
B. ip source NetFlow-export
C. ip flow-export source
D. ip NetFlow-export source

Answer: C

Question: 15

Which two SNMPv3 features ensure that SNMP packets have been sent securely?” Choose two.

A. host authorization
B. authentication
C. encryption
D. compression

Answer: BC

Question: 16

Which three logging methods are supported by Cisco routers? (Choose three.)

A. console logging
B. TACACS+ logging
C. terminal logging
D. Syslog logging
E. ACL logging
F. RADIUS logging

Answer: ACD

Question: 17

Which three options are default settings for NTP parameters on a Cisco device? (Choose three.)

A. NTP authentication is enabled.
B. NTP authentication is disabled.
C. NTP logging is enabled.
D. NTP logging is disabled.
E. NTP access is enabled.
F. NTP access is disabled.

Answer: BDE

Question: 18

A Cisco ASA is configured for TLS proxy. When should the security appliance force remote IP phones connecting to the phone proxy through the internet to be in secured mode?

A. When the Cisco Unified Communications Manager cluster is in non-secure mode
B. When the Cisco Unified Communications Manager cluster is in secure mode only
C. When the Cisco Unified Communications Manager is not part of a cluster
D. When the Cisco ASA is configured for IPSec VPN

Answer: A

Question: 19

Which two features are supported when configuring clustering of multiple Cisco ASA appliances? (Choose two.)

B. dynamic routing
C. SSL remote access VPN
D. IPSec remote access VPN

Answer: AB

Question: 20

Which two device types can Cisco Prime Security Manager manage in Multiple Device mode? (Choose two.)

A. Cisco ESA
B. Cisco ASA
C. Cisco WSA
D. Cisco ASA CX

Answer: BD

Question: 21

Which technology provides a forwarding-plane abstraction to support Layer 2 to Layer 7 network services in Cisco Nexus 1000V?

A. Virtual Service Node
B. Virtual Service Gateway
C. Virtual Service Data Path
D. Virtual Service Agent

Answer: C

Question: 22

To which interface on a Cisco ASA 1000V firewall should a security profile be applied when a VM sits behind it?

A. outside
B. inside
C. management

Answer: B

Question: 23

You are configuring a Cisco IOS Firewall on a WAN router that is operating as a Trusted Relay Point (TRP) in a voice network. Which feature must you configure to open data- channel pinholes for voice packets that are sourced from a TRP within the WAN?


Answer: D