|Exam Name||:||Implementing Cisco Edge Network Security(R) Solutions (SENSS)|
|Questions and Answers||:||343 Q & A|
|Updated On||:||Click to Check Update|
|PDF Download Mirror||:||300-206 Brain Dump|
|Get Full Version||:||Pass4sure 300-206 Full Version|
It will permit or deny traffic based on the access list criteria.
It will permit or deny all traffic on a specified interface.
It will have no affect until applied to an interface, tunnel-group or other traffic flow.
It will allow all traffic.
SNMP users have a specified username, a group to which the user belongs, authentication password, encryption password, and authentication and encryption algorithms to use. The authentication algorithm options are MD5 and SHA. The encryption algorithm options are DES, 3DES, andAES (which is available in 128,192, and 256 versions). When you create a user, with which option must you associate it?
an SNMP group
at least one interface
the SNMP inspection in the global_policy
at least two interfaces
This can be verified via the ASDM screen shot shown here:
If you disable PortFast on switch ports that are connected to a Cisco ASA and globally turn on BPDU filtering, what is the effect on the switch ports?
The switch ports are prevented from going into an err-disable state if a BPDU is received.
The switch ports are prevented from going into an err-disable state if a BPDU is sent.
The switch ports are prevented from going into an err-disable state if a BPDU is received and sent.
The switch ports are prevented from forming a trunk.
In which way are management packets classified on a firewall that operates in multiple context mode?
by their interface IP address
by the routing table
by their MAC addresses
Which set of commands creates a message list that includes all severity 2 (critical) messages on a Cisco security device?
logging list critical_messages level 2 console logging critical_messages
logging list critical_messages level 2 logging console critical_messages
logging list critical_messages level 2 logging console enable critical_messages
logging list enable critical_messages level 2 console logging critical_messages
Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525?
A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in the global inspection policy
A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy
An access-list that matches on TCP port 2525 traffic and applying it on an interface with the inspect option
A class-map that matches port 2525 and applying it on an access-list using the inspect option
When a Cisco ASA is configured in multicontext mode, which command is used to change between contexts?
changeto config context
changeto/config context change
changeto/config context 2
An administrator installed a Cisco ASA that runs version 9.1. You are asked to configure the firewall through Cisco ASDM. When you attempt to connect to a Cisco ASA with a default configuration, which username and password grants you full access?
admin / admin
asaAdmin / (no password)
It is not possible to use Cisco ASDM until a username and password are created via the username usernamepassword password CLI command.
enable_15 / (no password)
cisco / cisco
Where on a firewall does an administrator assign interfaces to contexts?
in the system execution space
in the admin context
in a user-defined context
in the console
How much storage is allotted to maintain system,configuration , and image files on the Cisco ASA 1000V during OVF template file deployment?
You are a security engineer at a large multinational retailer. Your Chief Information Officer recently attended a security conference and has asked you to secure the network infrastructure from VLAN hopping. Which statement describes how VLAN hopping can be avoided?
There is no such thing as VLAN hopping because VLANs are completely isolated.
VLAN hopping can be avoided by using IEEE 802.1X to dynamically assign the access VLAN to all endpoints and setting the default access VLAN to an unused VLAN ID.
VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an ISL trunk to an unused VLAN ID.
VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an IEEE 802.1Q trunk to an unused VLAN ID.
Which three options correctly identify the Cisco ASA1000V Cloud Firewall? (Choose three.)
operates at Layer 2
operates at Layer 3
secures tenant edge traffic
secures intraswitch traffic
secures data center edge traffic
replaces Cisco VSG
complements Cisco VSG
requires Cisco VSG
An administrator is deploying port-security to restrict traffic from certain ports to specific MAC addresses. Which two considerations must an administrator take into account when using the switchport port-security mac-address sticky command? (Choose two.)
The configuration will be updated with MAC addresses from traffic seen ingressing the port. The configuration will automatically be saved to NVRAM if no other changes to the configuration have been made.
The configuration will be updated with MAC addresses from traffic seen ingressing the port. The configuration will not automatically be saved to NVRAM.
Only MAC addresses with the 5th most significant bit of the address (the 'sticky' bit) set to 1 will be learned.
If configured on a trunk port without the 'vlan' keyword, it will apply to all vlans.
If configured on a trunk port without the 'vlan' keyword, it will apply only to the native vlan.