꿈을 안고 사는 인생이 멋진 인생입니다. 고객님의 최근의 꿈은 승진이나 연봉인상이 아닐가 싶습니다. Cisco CCNP Security 300-206시험은 IT인증시험중 가장 인기있는 국제승인 자격증을 취득하는데서의 필수시험과목입니다.그만큼 시험문제가 어려워 시험도전할 용기가 없다구요? 이제 이런 걱정은 버리셔도 됩니다. Pass4Test의 Cisco CCNP Security 300-206덤프는 Cisco CCNP Security 300-206시험에 대비한 공부자료로서 시험적중율 100%입니다.
Implementing Cisco Edge Network Security Solutions
| Exam Number | 300-206 SENSS |
|---|---|
| Associated Certifications | CCNP Security |
| Duration | 90 minutes (65 - 75 questions) |
| Available Languages | English, Japanese |
| Register | Pearson VUE |
| Exam Policies | Read current policies and requirements |
| Exam Tutorial | Review type of exam questions |
The Implementing Cisco Edge Network Security (SENSS) (300-206) exam tests the knowledge of a network security engineer to configure and implement security on Cisco network perimeter edge devices such as a Cisco switch, Cisco router, and Cisco ASA firewall. This 90-minute exam consists of 65-75 questions and focuses on the technologies used to strengthen security of a network perimeter such as Network Address Translation (NAT), ASA policy and application inspect, and a zone-based firewall on Cisco routers. Candidates can prepare for this exam by taking the Cisco Edge Network Security (SENSS) course.
NO.1 What are three ways to add devices in Cisco Prime Infrastructure? (Choose three.)
A. Use an automated process.
B. Import devices from a CSV file.
C. Add devices manually.
D. Use RADIUS.
E. Use the Access Control Server.
F. Use Cisco Security Manager.
Answer: A,B,C
NO.2 Which two options are two purposes of the packet-tracer command? (Choose two.)
A. to filter and monitor ingress traffic to a switch
B. to configure an interface-specific packet trace
C. to inject virtual packets into the data path
D. to debug packet drops in a production network
E. to correct dropped packets in a production network
Answer: C,D
NO.3 You are the administrator of a Cisco ASA 9.0 firewall and have been tasked with ensuring that
the Firewall Admins Active Directory group has full access to the ASA configuration.
The Firewall Operators Active Directory group should have a more limited level of access.
Which statement describes how to set these access levels?
A. Use Cisco Directory Agent to configure the Firewall Admins group to have privilege level 15 access.
Also configure the Firewall Operators group to have privilege level 6 access.
B. Use TACACS+ for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA
server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure
level 15 access to be assigned to members of the Firewall Admins group.
C. Use RADIUS for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA
server. Configure ACS CLI command authorization sets for the Firewall Operators group. Configure
level 15 access to be assigned to members of the Firewall Admins group.
D. Active Directory Group membership cannot be used as a determining factor for accessing the Cisco
ASA CLI.
Answer: B
NO.4 In which two modes is zone-based firewall high availability available? (Choose two.)
A. IPv4 only
B. IPv6 only
C. IPv4 and IPv6
D. routed mode only
E. transparent mode only
F. both transparent and routed modes
Answer: C,D
NO.5 What are two high-level task areas in a Cisco Prime Infrastructure life-cycle workflow? (Choose
two.)
A. Design
B. Operate
C. Maintain
D. Log
E. Evaluate
Answer: A,B
NO.6 Which threat-detection feature is used to keep track of suspected attackers who create
connections to too many hosts or ports?
A. complex threat detection
B. scanning threat detection
C. basic threat detection
D. advanced threat detection
Answer: B
NO.7 An administrator is deploying port-security to restrict traffic from certain ports to specific MAC
addresses. Which two considerations must an administrator take into account when using the
switchport port-security mac-address sticky command? (Choose two.)
A. The configuration will be updated with MAC addresses from traffic seen ingressing the port. The
configuration will automatically be saved to NVRAM if no other changes to the configuration have
been made.
B. The configuration will be updated with MAC addresses from traffic seen ingressing the port. The
configuration will not automatically be saved to NVRAM.
C. Only MAC addresses with the 5th most significant bit of the address (the 'sticky' bit) set to 1 will be
learned.
D. If configured on a trunk port without the 'vlan' keyword, it will apply to all vlans.
E. If configured on a trunk port without the 'vlan' keyword, it will apply only to the native vlan.
Answer: B,E
NO.8 All 30 users on a single floor of a building are complaining about network slowness.
After investigating the access switch, the network administrator notices that the MAC address table is
full (10,000 entries) and all traffic is being flooded out of every port. Which action can the
administrator take to prevent this from occurring?
A. Configure port-security to limit the number of mac-addresses allowed on each port
B. Upgrade the switch to one that can handle 20,000 entries
C. Configure private-vlans to prevent hosts from communicating with one another
D. Enable storm-control to limit the traffic rate
E. Configure a VACL to block all IP traffic except traffic to and from that subnet
Answer: A