Latest Posts

[May-2018-New]100% Success-Braindump2go 300-206 Exam VCE and PDF 315Q Instant Download[119-129]

2018 May New Cisco 300-206 Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-206 Real Exam Questions:

1.|2018 Latest 300-206 Exam Dumps (PDF & VCE) 315Q Download:
https://www.braindump2go.com/300-206.html

2.|2018 Latest 300-206 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNOXZTcmdGNEh2UU0?usp=sharing

QUESTION 119
Which two configurations are necessary to enable password-less SSH login to an IOS router? (Choose two.)

A. Enter a copy of the administrator’s public key within the SSH key-chain
B. Enter a copy of the administrator’s private key within the SSH key-chain
C. Generate a 512-bit RSA key to enable SSH on the router
D. Generate an RSA key of at least 768 bits to enable SSH on the router
E. Generate a 512-bit ECDSA key to enable SSH on the router
F. Generate a ECDSA key of at least 768 bits to enable SSH on the router

Answer: AD

QUESTION 120
Which two features does Cisco Security Manager provide? (Choose two.)

A. Configuration and policy deployment before device discovery
B. Health and performance monitoring
C. Event management and alerting
D. Command line menu for troubleshooting
E. Ticketing management and tracking

Answer: BC

QUESTION 121
An administrator installed a Cisco ASA that runs version 9.1. You are asked to configure the firewall through Cisco ASDM.
When you attempt to connect to a Cisco ASA with a default configuration, which username and password grants you full access?

A. admin / admin
B. asaAdmin / (no password)
C. It is not possible to use Cisco ASDM until a username and password are created via the username usernamepassword password CLI command.
D. enable_15 / (no password)
E. cisco / cisco

Answer: D

QUESTION 122
Which three options are default settings for NTP parameters on a Cisco ASA? (Choose three.)

A. NTP authentication is enabled.
B. NTP authentication is disabled.
C. NTP logging is enabled.
D. NTP logging is disabled.
E. NTP traffic is not restricted.
F. NTP traffic is restricted.

Answer: BDE

QUESTION 123
Which two options are purposes of the packet-tracer command? (Choose two.)

A. to filter and monitor ingress traffic to a switch
B. to configure an interface-specific packet trace
C. to simulate network traffic through a data path
D. to debug packet drops in a production network
E. to automatically correct an ACL entry in an ASA

Answer: CD

QUESTION 124
Refer to the exhibit. Server A is a busy server that offers these services:
– World Wide Web
– DNS
Which command captures http traffic from Host A to Server A?

A. capture traffic match udp host 10.1.1.150 host 10.2.2.100
B. capture traffic match 80 host 10.1.1.150 host 10.2.2.100
C. capture traffic match ip 10.2.2.0 255.255.255.192 host 10.1.1.150
D. capture traffic match tcp host 10.1.1.150 host 10.2.2.100
E. capture traffic match tcp host 10.2.2.100 host 10.1.1.150 eq 80

Answer: D

QUESTION 125
Your company is replacing a high-availability pair of Cisco ASA 5550 firewalls with the newer Cisco ASA 5555-X models. Due to budget constraints, one Cisco ASA 5550 will be replaced at a time.
Which statement about the minimum requirements to set up stateful failover between these two firewalls is true?

A. You must install the USB failover cable between the two Cisco ASAs and provide a 1 Gigabit Ethernet interface for state exchange.
B. It is not possible to use failover between different Cisco ASA models.
C. You must have at least 1 Gigabit Ethernet interface between the two Cisco ASAs for state exchange.
D. You must use two dedicated interfaces. One link is dedicated to state exchange and the other link is for heartbeats.

Answer: B

QUESTION 126
In which two modes is zone-based firewall high availability available? (Choose two.)

A. IPv4 only
B. IPv6 only
C. IPv4 and IPv6
D. routed mode only
E. transparent mode only
F. both transparent and routed modes

Answer: CD

QUESTION 127
You are the administrator of a multicontext transparent-mode Cisco ASA that uses a shared interface that belongs to more than one context. Because the same interface will be used within all three contexts, which statement describes how you will ensure that return traffic will reach the correct context?

A. Interfaces may not be shared between contexts in routed mode.
B. Configure a unique MAC address per context with the no mac-address auto command.
C. Configure a unique MAC address per context with the mac-address auto command.
D. Use static routes on the Cisco ASA to ensure that traffic reaches the correct context.

Answer: C

QUESTION 128
A rogue device has connected to the network and has become the STP root bridge, which has caused a network availability issue.
Which two commands can protect against this problem? (Choose two.)

A. switch(config)#spanning-tree portfast bpduguard default
B. switch(config)#spanning-tree portfast bpdufilter default
C. switch(config-if)#spanning-tree portfast
D. switch(config-if)#spanning-tree portfast disable
E. switch(config-if)#switchport port-security violation protect
F. switch(config-if)#spanning-tree port-priority 0

Answer: AC

QUESTION 129
According to Cisco best practices, which two interface configuration commands help prevent VLAN hopping attacks? (Choose two.)

A. switchport mode access
B. switchport access vlan 2
C. switchport mode trunk
D. switchport access vlan 1
E. switchport trunk native vlan 1
F. switchport protected

Answer: AB


!!!REDOMMEND!!!
1.|2018 Latest 300-206 Exam Dumps (PDF & VCE) 315Q Download:
https://www.braindump2go.com/300-206.html

2.|2018 Latest 300-206 Study Guide Video:
https://youtu.be/_WvexFqQgoA

[May-2018-New]Exam Pass 100%!Braindump2go 300-206 Dumps PDF 315Q Instant Download[108-118]

2018 May New Cisco 300-206 Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-206 Real Exam Questions:

1.|2018 Latest 300-206 Exam Dumps (PDF & VCE) 315Q Download:
https://www.braindump2go.com/300-206.html

2.|2018 Latest 300-206 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNOXZTcmdGNEh2UU0?usp=sharing

QUESTION 108
When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of the remote peer when you set the SSH server to perform RSA-based authentication?

A. router(config-ssh-pubkey-user)#key
B. router(conf-ssh-pubkey-user)#key-string
C. router(config-ssh-pubkey)#key-string
D. router(conf-ssh-pubkey-user)#key-string enable ssh

Answer: B

QUESTION 109
Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP via a man-in-the-middle attack?

A. MACsec
B. Flex VPN
C. Control Plane Protection
D. Dynamic Arp Inspection

Answer: A

QUESTION 110
On an ASA running version 9.0, which command is used to nest objects in a pre-existing group?

A. object-group
B. network group-object
C. object-group network
D. group-object

Answer: D

QUESTION 11
Which ASA feature is used to keep track of suspected attackers who create connections to too many hosts or ports?

A. complex threat detection
B. scanning threat detection
C. basic threat detection
D. advanced threat detection

Answer: B

QUESTION 112
What is the default behavior of an access list on a Cisco ASA?

A. It will permit or deny traffic based on the access list criteria.
B. It will permit or deny all traffic on a specified interface.
C. It will have no affect until applied to an interface, tunnel-group or other traffic flow.
D. It will allow all traffic.

Answer: C

QUESTION 113
When configuring a new context on a Cisco ASA device, which command creates a domain for the context?

A. domain config name
B. domain-name
C. changeto/domain name change
D. domain context 2

Answer: B

QUESTION 114
Which statement describes the correct steps to enable Botnet Traffic Filtering on a Cisco ASA version 9.0 transparent-mode firewall with an active Botnet Traffic Filtering license?

A. Enable DNS snooping, traffic classification, and actions.
B. Botnet Traffic Filtering is not supported in transparent mode.
C. Enable the use of the dynamic database, enable DNS snooping, traffic classification, and actions.
D. Enable the use of dynamic database, enable traffic classification and actions.

Answer: C

QUESTION 115
Which Cisco switch technology prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast flood on a port?

A. port security
B. storm control
C. dynamic ARP inspection
D. BPDU guard
E. root guard
F. dot1x

Answer: B

QUESTION 116
You are a security engineer at a large multinational retailer. Your Chief Information Officer recently attended a security conference and has asked you to secure the network infrastructure from VLAN hopping.
Which statement describes how VLAN hopping can be avoided?

A. There is no such thing as VLAN hopping because VLANs are completely isolated.
B. VLAN hopping can be avoided by using IEEE 802.1X to dynamically assign the access VLAN to all endpoints and setting the default access VLAN to an unused VLAN ID.
C. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an ISL trunk to an unused VLAN ID.
D. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an IEEE 802.1Q trunk to an unused VLAN ID.

Answer: D

QUESTION 117
You are the administrator of a Cisco ASA 9.0 firewall and have been tasked with ensuring that the Firewall Admins Active Directory group has full access to the ASA configuration. The Firewall Operators Active Directory group should have a more limited level of access.
Which statement describes how to set these access levels?

A. Use Cisco Directory Agent to configure the Firewall Admins group to have privilege level 15 access. Also configure the Firewall Operators group to have privilege level 6 access.
B. Use TACACS+ for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group.
Configure level 15 access to be assigned to members of the Firewall Admins group.
C. Use RADIUS for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group.
Configure level 15 access to be assigned to members of the Firewall Admins group.
D. Active Directory Group membership cannot be used as a determining factor for accessing the Cisco ASA CLI.

Answer: B

QUESTION 118
A router is being enabled for SSH command line access.
The following steps have been taken:
– The vty ports have been configured with transport input SSH and login local.
– Local user accounts have been created.
– The enable password has been configured.
What additional step must be taken if users receive a ‘connection refused’ error when attempting to access the router via SSH?

A. A RSA keypair must be generated on the router
B. An access list permitting SSH inbound must be configured and applied to the vty ports
C. An access list permitting SSH outbound must be configured and applied to the vty ports
D. SSH v2.0 must be enabled on the router

Answer: A


!!!REDOMMEND!!!
1.|2018 Latest 300-206 Exam Dumps (PDF & VCE) 315Q Download:
https://www.braindump2go.com/300-206.html

2.|2018 Latest 300-206 Study Guide Video:
https://youtu.be/_WvexFqQgoA

[May-2018-New]100% Real Exam Questions-Braindump2go 300-206 Exam PDF and 300-206 VCE Dumps 315Q Download[97-107]

2018 May New Cisco 300-206 Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-206 Real Exam Questions:

(more…)

[April-2018-New]Braindump2go 300-210 Exam Dumps in PDF and VCE 365Q Free Offer[210-220]

2018 April New Cisco 300-210 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-210 Real Exam Questions:

(more…)

[April-2018-New]100% Exam Pass-300-210 PDF and VCE Free from Braindump2go[187-197]

2018 April New Cisco 300-210 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-210 Real Exam Questions:

(more…)

[April-2018-New]300-210 Exam PDF and VCE 365Q Instant Download in Braindump2go[176-186]

2018 April New Cisco 300-210 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-210 Real Exam Questions:

(more…)

[April-2018-New]300-210 Exam Questions PDF 365Q Free Shared by Braindump2go[176-186]

2018 April New Cisco 300-210 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-210 Real Exam Questions:

(more…)

[April-2018-New]Free 300-210 VCE Dumps and 300-210 PDF Dumps Offered by Braindump2go[165-175]

2018 April New Cisco 300-210 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-210 Real Exam Questions:

(more…)

[April-2018-New]Instant Download Braindump2go 400-251 PDF and VCE Dumps 359Q[196-206]

2018 April New Cisco 400-251 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 400-251 Real Exam Questions:

(more…)

[April-2018-New]100% Real 400-251 Dumps PDF Free Download in Braindump2go[177-189]

2018 April New Cisco 400-251 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 400-251 Real Exam Questions:

(more…)

[April-2018-New]Download Braindump2go 400-251 Exam Questions PDF 359Q Free[166-176]

2018 April New Cisco 400-251 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 400-251 Real Exam Questions:

(more…)

[2018-April-Updated]300-209 Latest Dumps Free Download from Braindump2go 100% 300-209 Certification Got[180-190]

2018 April Latest Cisco 300-209 Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-209 Real Exam Questions:

(more…)

[2018-April-Updated]300-208 Exam Dumps-VCE and PDF(Full Version)365Q Download in Braindump2go[142-152]

2018 April Latest Cisco 300-208 Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-208 Real Exam Questions:

(more…)

[2018-April-New]352-001 Exam VCE and PDF Dumps Free Download in Braindump2go[265-275]

2018 April Latest Cisco 352-001 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 352-001 Real Exam Questions:

(more…)

[2018-April-New]Braindump2go 352-001 PDF and VCE Dumps 510Q for 100% Passing 352-001 Exam[243-253]

2018 April Latest Cisco 352-001 Exam Dumps with PDF and VCE Free Updated Today! Following are some new 352-001 Real Exam Questions:

(more…)

Pages: 1 2 ... 5 6 7 8 9 ... 150 151