Share your FIREWALL Experience
Cisco has made changes for the Security exams by replacing the old CCSP with the new CCNP Security Certification with 4 modules: Secure, Firewall, IPS and VPN. In fact, the old CCSP and the new CCNP Security are very similar. Many candidates have requested us to put up materials for these new exams but it is a time-consuming work. In the mean time, we created the “Share your experience” for the FIREWALL exam. We really hope anyone who read securitytut, 9tut, digitaltut, certprepare, networktut and voicetut contribute to these sections as your experience is invaluable for CCNP Security learners to complete their goals.
Please share with us your experience after taking the FIREWALL 642-617 exam, your materials, the way you learned, your recommendations…
NEW QUESTION 491
An engineer wants to ensure that a multicontext Cisco ASA determines the proper context to send a packet. Which two classification criteria must be unique for each context for this determination to occur? (Choose two.)
A. ARP table
B. transparent forwarding
C. session state
D. interfaefces
E. MAC addresses
Answer: DE
Hi guys, are there any updates ?
Hello guys, today i have checked both Spoto corrected and Frecco and there are some questions with different answers on both dumps. Will be great if someone helps to figure out which is the correct answer.
QUESTION 49
Which two voice and video protocols does the cisco ASA 5500 Series support with Cisco Unified
Communications Application inspection? (Choose two)
A. RSH
B. MGCP
C. TELNET
D. RTSP
E. SCCP
Correct Answer: BD
Q52 Which two voice and video protocols do the cisco ASA 5500 series support with cisco unified
communications Application inspection? (Choose two)
A. SCTP
B. SDP
C. H.323
D. H248
E. SCCP
F. SRTP
Answer: CE
——————————
Refer to the exhibit. A network engineer applies the configuration shown to set up a capture on a
Cisco adaptive security appliance. When attempting to start a capture this error message is
observed:
ERROR: capture doesn´t support access-list containing mixed policies
For which two reasons does this error message occur? (choose two)
A. Access list type is incorrect
B. IPv6 is enabled on the cisco ASA
C. A name ACL is required
D. IPV4 is not specified on the access list with ¨Any4¨ keyword
E. The ACL number is correct
Spoto gives AD, while Frecco CD
————————–
A customer has two ISPs for internet traffic and a firewall with one interface configured to
each ISP. An engineer discovers these is asymmetric routing when using the internet; traffic leaving
is using IPS 1 and returning traffic is using ISP 2. Which feature fixes this connectivity?
A. Network address translation
B. Routerd mode
C. Multiple contexts
D. Security zones
E. Failover
Spoto Answer: D Frecco Answer: E
———————-
Which two feature are supported with the ASA packet-tracer command? (choose Two)
A. Injecting tracer packets through the firewall into the data path
B. Debugging packets in noncluster nodes
C. Simulating a packet decrypt
D. Injecting modified ICMP packet through the firewall into the data path
E. Displaying each matching policy as a packet transits the firewall
Spoto Answer: A E; Frecco Answer: AC
—————
An engineer has found that threat detection has been turned on by default on a Cisco ASA.
Which two security events are monitored? (Choose two)
A. Concurrent NAT interface overload addresses
B. Denial of service attack occurrences
C. Packet allowed by the inspection engine
D. Number of times the rates were exceeded
E. Total number of malformed packet received
Spoto Answer: BE; Frecco Answer: BD
———–
You are executing the packet-trace command with the vlan-id keyword on an ASA running
in transparent firewall mode. Which statement about the destination MAC address is true?
A. if the input interface is the management interface, the destination MAC address is required
B. If the input interface is the management interface, the destination MAC address is disabled
C. If the input interface is the bridge group member interface, the destination MAC address is
required
Spoto Answer: C; Frecco Answer:B
——-
Refer to the exhibit. which two verification commands do you run on the perimeter firewall to
confirm that the packets reach the firewall?
ASA-Per# show access-list acl_web
.
.
Access-list acl_web line 6 extended
permit tcp 10.10.1.0 255.255.255.0
host 172.16.31.8 eq www (hitcnt=0)
0x9726335c
ASA-Per# sh run access-group
.
.
Access-group acl_web global
A. ASA-Per# packet-tracer input outside tcp 10.10.1.100 49000 172.16.31.8 www
B. ASA-Per# capture capin interface inside match tcp 10.10.1.100 host 172.16.31.8 eq www
C. ASA-Per# show logging
D. ASA-Per# show capture capin
E. ASA-Per# packet-tracer input inside tcp 10.10.1.100 49000 172.16.31.8 www
Spoto Answer: AE; Frecco Answer: BE
—-
Hi Moraes can you share spoto dump i am ready to share the cost of the dump….please reach out to me on dannygonzopa @ gmail.com
@Danny
http*//s000*tinyupload*com/index*php?file_id=96189297463476186137
put . instead of *
Hi Moraes thanks for the link but it is not working for me….can you please post it again? Thanks…
I have opened it just today.
First * the one after http should be replaced with : and will work fine.
Thanks it worked…guess i should have tried the : in the first place……you were able to remove the spoto watermark thats great……thank you so much for the share buddy….God Bless you!!
Hello!
The new PassLeader 300-206 dumps (Updated Recently) now are available, here are part of 300-206 exam questions (FYI):
[Get the download link at the end of this post]
NEW QUESTION 491
An engineer wants to ensure that a multicontext Cisco ASA determines the proper context to send a packet. Which two classification criteria must be unique for each context for this determination to occur? (Choose two.)
A. ARP table
B. transparent forwarding
C. session state
D. interfaces
E. MAC addresses
Answer: DE
NEW QUESTION 492
Which two device types can you examine with a TrustSec Readiness Assessment report? (Choose two.)
A. SGACL devices
B. TrustSec incapable devices
C. enforcement devices
D. authentication devices
E. security group tagging devices
Answer: BC
NEW QUESTION 493
An engineer has found that threat detection has been turned on by default on a Cisco ASA. Which two security events are monitored? (Choose two.)
A. number of times the rates were exceeded
B. total number of malformed packets received
C. denial of service attack occurrences
D. packets allowed by the inspection engine
E. concurrent NAT interface overload addresses
Answer: AC
NEW QUESTION 494
Which two values must you provide when you use a CSV file to import devices into Cisco Prime Infrastructure? (Choose two.)
A. device model number
B. SNMP version
C. device serial number
D. device IP address
E. EtherType field
Answer: BD
NEW QUESTION 495
Which two features does DNSSEC leverage for proper functionality? (Choose two.)
A. It uses TCP to ensure reliable delivery.
B. It uses UDP to reduce the DNS responses time.
C. It uses EDNS to manage the larger DNS packets it requires.
D. It uses UDP to minimize packet size.
E. It uses AD and DO inside UDP to reduce response time.
Answer: CE
NEW QUESTION 496
Which two unified communications protocols can be inspected for an anomaly by using the Cisco ASA 5500 Series firewall? (Choose two.)
A. RSH
B. SCP
C. MGCP
D. TFTP
E. RTSP
Answer: CE
NEW QUESTION 497
Which purpose of MKA in a MACsec deployment is true?
A. It encrypts traffic between switches.
B. It transports EAP messages from access switches to the RADIUS server.
C. It provides additional security features beyond the default SAP key exchange.
D. It encrypts traffic between the downlink port and the endpoint of the switch.
Answer: D
NEW QUESTION 498
Due to a traffic storm on your network, two interfaces were error-disabled and both interfaces sent SNMP traps. In which two ways can the interfaces be back into service? (Choose two.)
A. If the snmp-server enable traps command is enabled, the ports return to service automatically after 300 seconds.
B. If EEM is configured, the ports return to service automatically in less than 300 seconds.
C. If the administrator enters the shutdown and no shutdown commands on the interfaces.
D. If the interfaces are configured with the error-disable detection and recovery feature, the interfaces will be returned to service automatically.
E. If Cisco Prime is configured, it issues an SNMP set command to re-enable the ports after the preconfigured interval.
Answer: CD
NEW QUESTION 499
You need to increase the level of security for the management traffic accessing a Cisco router. You plan to enable HTTPS. Which action do you take on the router?
A. Disable TCP port 23.
B. Generate an RSA key.
C. Enable SCP.
D. Enable TLS.
Answer: D
NEW QUESTION 500
Which action do you take on a Cisco router to limit the management traffic to only one interface?
A. Filter incoming connections by applying an extended ACL on a loopback interface.
B. Filter incoming connections by applying a standard ACL on a SVI.
C. Utilize the Management Plan Protection feature.
D. Add an interface by using the management-interface command.
Answer: C
NEW QUESTION 501
……
P.S.
PassLeader 300-206 dumps FYI:
od.lk/fl/NjFfMTUyNjc0M18
(501q~~~NEW VERSION DUMPS!!!)
Good Luck!!!
[(copy that link and open it in your web browser!!!)]
What’s more:
1. PassLeader 300-208 dumps FYI:
od.lk/fl/NjFfMTUyNjc0NV8
(521q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
2. PassLeader 300-209 dumps FYI:
od.lk/fl/NjFfMTUyNjc0N18
(459q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
3. PassLeader 300-210 dumps FYI:
od.lk/fl/NjFfMTUyNjc0OV8
(508q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
Good Luck!!!
[(copy those links and open them in your web browser!!!)]
friends,
I have a summary of the exam 210-260, 300-206, 300-208, 300-209 and 300-210.
You only need these files to pass 100% confirmed.
Many know me, if you are interested please write to the following email.
ccnpswicth@ gmail. com*
Anybody pass this week using Gon Jan? @Moraes when do u plan on giving the exam?
Passed today with 964/1000
Labs -> SIM & check config to answer
D&D -> portals
Good luck to all
Copy link and paste in your browser
poweredbydialup.online/WV4VYT
NEW QUESTION 497
Which purpose of MKA in a MACsec deployment is true?
A. It encrypts traffic between switches.
B. It transports EAP messages from access switches to the RADIUS server.
C. It provides additional security features beyond the default SAP key exchange.
D. It encrypts traffic between the downlink port and the endpoint of the switch.
Answer: D….
hi, anyone has taken the exam these last days? I heard there’s a D&D about trustsec and GON PDF has only about 50% of the questions.
oh really!! guys please reply nobody has replied since Jan 31st….i still have a chance to reschedule my exam…..has anybody passed since Jan 31st using Gon Jan?
Hi All,
I am looking for stable 300-208 dumps. If someone need 300-210 exam I have a very short version of questions only 100 questions many people already passed the exam.
Please share your experience nikolai112….@аbv.bg Remove ….
Thank you very much in advance!
I have pushed my exam looking for updated from someone who has taken the exam after Jan 31st….
Come on Danny! I was hoping on you to share your feedback before my exam. :)
I took the exam few days ago. GON PDF has ~70% of the questions. I saw ~15 new questions.
unfortunately, I don’t remember any of the new questions. Good Luck
Wow, thanks God! for being so lovely
@God is Love
Bullshit, you’re a liar
Hello All, I passed my 300-206 today 9xx. I used GON dumps, it’s very good.
I saw about 5 new questions that I haven’t seen yet but they’re not too difficult if you know the basics. Sorry but I can’t remember the new questions.
Or maybe another dump might have them but I only used the GON dump file.
Can any one recommend a good dump for 300-209 & 300-210 please.
btw, I was being sarcastic
@chuck
Thanks for clearing that up, it wasn’t obvious…
Anyone used the Gon dump to pass since January?
People are talking about new questions?
Guys! I’m taking the 300-206 in about four days, using SPOTO Corrected dumps, PL dumps and Gon dumps. Are these still valid?
cheers!
I’m in the same situation. There are updates?
I actually moved my exam because of reports of new questions….need to give this before the 24th can anyone please confirm if the questions are still valid?
Also can someone please share the PL dumps with me on dannygonzopa at gmail.com… thanks in advance…
please i need know that the Gon DUMP is still valid?
the gon dump is enough?
LOL @Javier, read the damn comments. Nobody knows.
Hello!
The new PassLeader 300-206 dumps (Updated Recently) now are available, here are part of 300-206 exam questions (FYI):
[Get the download link at the end of this post]
NEW QUESTION 481
An engineer wants to ensure that a multicontext Cisco ASA determines the proper context to send a packet. Which two classification criteria must be unique for each context for this determination to occur? (Choose two.)
A. ARP table
B. transparent forwarding
C. session state
D. interfaces
E. MAC addresses
Answer: DE
NEW QUESTION 482
Which two device types can you examine with a TrustSec Readiness Assessment report? (Choose two.)
A. SGACL devices
B. TrustSec incapable devices
C. enforcement devices
D. authentication devices
E. security group tagging devices
Answer: BC
NEW QUESTION 483
An engineer has found that threat detection has been turned on by default on a Cisco ASA. Which two security events are monitored? (Choose two.)
A. number of times the rates were exceeded
B. total number of malformed packets received
C. denial of service attack occurrences
D. packets allowed by the inspection engine
E. concurrent NAT interface overload addresses
Answer: AC
NEW QUESTION 484
Which two values must you provide when you use a CSV file to import devices into Cisco Prime Infrastructure? (Choose two.)
A. device model number
B. SNMP version
C. device serial number
D. device IP address
E. EtherType field
Answer: BD
NEW QUESTION 485
Which two features does DNSSEC leverage for proper functionality? (Choose two.)
A. It uses TCP to ensure reliable delivery.
B. It uses UDP to reduce the DNS responses time.
C. It uses EDNS to manage the larger DNS packets it requires.
D. It uses UDP to minimize packet size.
E. It uses AD and DO inside UDP to reduce response time.
Answer: CE
NEW QUESTION 486
Which two unified communications protocols can be inspected for an anomaly by using the Cisco ASA 5500 Series firewall? (Choose two.)
A. RSH
B. SCP
C. MGCP
D. TFTP
E. RTSP
Answer: CE
NEW QUESTION 487
Which purpose of MKA in a MACsec deployment is true?
A. It encrypts traffic between switches.
B. It transports EAP messages from access switches to the RADIUS server.
C. It provides additional security features beyond the default SAP key exchange.
D. It encrypts traffic between the downlink port and the endpoint of the switch.
Answer: D
NEW QUESTION 488
Due to a traffic storm on your network, two interfaces were error-disabled and both interfaces sent SNMP traps. In which two ways can the interfaces be back into service? (Choose two.)
A. If the snmp-server enable traps command is enabled, the ports return to service automatically after 300 seconds.
B. If EEM is configured, the ports return to service automatically in less than 300 seconds.
C. If the administrator enters the shutdown and no shutdown commands on the interfaces.
D. If the interfaces are configured with the error-disable detection and recovery feature, the interfaces will be returned to service automatically.
E. If Cisco Prime is configured, it issues an SNMP set command to re-enable the ports after the preconfigured interval.
Answer: CD
NEW QUESTION 489
You need to increase the level of security for the management traffic accessing a Cisco router. You plan to enable HTTPS. Which action do you take on the router?
A. Disable TCP port 23.
B. Generate an RSA key.
C. Enable SCP.
D. Enable TLS.
Answer: D
NEW QUESTION 490
Which action do you take on a Cisco router to limit the management traffic to only one interface?
A. Filter incoming connections by applying an extended ACL on a loopback interface.
B. Filter incoming connections by applying a standard ACL on a SVI.
C. Utilize the Management Plan Protection feature.
D. Add an interface by using the management-interface command.
Answer: C
NEW QUESTION 491
……
P.S.
PassLeader 300-206 dumps FYI:
od.lk/fl/NjFfMTUyNjc0M18
(494q~~~NEW VERSION DUMPS!!!)
Good Luck!!!
[(copy that link and open it in your web browser!!!)]
What’s more:
1. PassLeader 300-208 dumps FYI:
od.lk/fl/NjFfMTUyNjc0NV8
(521q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
2. PassLeader 300-209 dumps FYI:
od.lk/fl/NjFfMTUyNjc0N18
(459q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
3. PassLeader 300-210 dumps FYI:
od.lk/fl/NjFfMTUyNjc0OV8
(499q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
Good Luck!!!
[(copy those links and open them in your web browser!!!)]
Hi!
Passed my 300-206 exam with 9xx on 7/Feb/2020.
I used PassLeader 300-206 dumps, very stable and valid for passing.
I saw about 5 new questions, not too difficult if you know the basics.
Good luck, all!
Passed today with 964!
Labs -> SIM & check config to answer
D&D -> portals
Good luck to all
Copy link and paste in your browser
poweredbydialup.online/WV4VY
NEW QUESTION 487
Which purpose of MKA in a MACsec deployment is true?
A. It encrypts traffic between switches.
B. It transports EAP messages from access switches to the RADIUS server.
C. It provides additional security features beyond the default SAP key exchange.
D. It encrypts traffic between the downlink port and the endpoint of the switch.
Answer: D….
@Elmore NN
Can you share latest PL dump file please?
Any updates?
Is Gon Freecs valid?
PL dumps are on here. Are they valid?
@krilin best of luck…..please let us know your results and the material u used…thanks in advance..
@krillin
Good luck, let us know news and dumps
@slipper @Danny
Guys, passed with 95X.
Gon dumps and SPOTO (Corrected) are still valid, PL dumps as well but version 20.011 I think.
There were like 4 or 5 new questions, they were not difficult but a little bit tricky, if you know the SENSS foundation you’ll be okay. Also, try study TrustSec + ISE + ASA, I had like two questions involving these three technologies at the same time.
All Labs and D&D are basically the same.
Best of luck!!!!
@Krillin,
Did you have a D&D about trutsec? I heard there’s a new one.
Hi Guys,
just passed 9xx! yes Gon/spoto dump are enough to pass, 4 or 5 new questions:one about CSM,a D&D about RBAC never seen anywhere, one question about packet capture troubleshooting.
Don’t forget Cisco add new questions but some are not scored just to evaluate the behaviour of the candidates.
No stress believe me Gon is enough to pass.
Good luck guys and special thanks to GON/SPOTO and the people that contribute in this forum
I hope that Gon/spoto are valid, I will take 300-206 on Feb 18, no other schedule is available in my city.
Planning to give 300 – 209 which dumps should i follow and are they enough to pass the exam?
Hi Guys
I present the exam 10 of february those are the questions appear in my exam (pass):
https:// mega.nz/#!7ldFCSLC!cLBhRldypzJ9ChnzEBv4ZhlitXu96DPBUybczfi6WKM
Also i put some new questions
Thanks to the community
Gon freecs, how is your score
Hi Gon Freecs, I got the same pool of questions than you….Many thanks for your help!
How can you remember all these questions ;-)?
My score was 930
@karmansbo, i dont know ahahahahaha
Gon freecs!!! Thank you!!!!
@Gon
Link doesn’t work.
You need to remove the space in the link.
I did, just times out.
Would it be possible to post into forum?
Thanks Gon Freecs! For the Trustsec D&D I will say the answer is in this order:
asa downloads PCAP
asa register with ISE
asa receives petition and looks for SGT
access devices send SGT to upstream devices
devices authenticates using trustsec
Answers in dumps are different for same dumps
Why is this? NTP and packet decrypt among them
A customer has two ISPs for internet traffic and a firewall with one interface configured to each ISP. An engineer discovers these is asymmetric routing when using the internet; traffic leaving is using IPS 1 and returning traffic is using ISP 2. Which feature fixes this connectivity?
A. Network address translation
B. Routed mode
C. Multiple contexts
D. Security zones
Where is E – Failover?
Correct Answer: Which two feature are supported with the ASA packet-tracer command? (choose Two)
A. Injecting tracer packets through the firewall into the data path
B. Debugging packets in noncluster nodes
C. Simulating a packet decrypt
D. Injecting modified ICMP packet through the firewall into the data path
E. Displaying each matching policy as a packet transits the firewall
Surely this is A and E
Why is there confusion?
@Chunky,
Failover will not appear in the real exam. D is the correct answer.
Thanks Chuck.
What about NTP D & D – why does it change?
Passed today with 964!.
Labs -> SIM & check config to answer
D&D -> portals
Good luck to all
Copy link and paste in your browser
poweredbydialup.online/WV4VY
Hi chunky
About the NTP D&D i double check the spoto file and they put that answer and in first file i make a mistake that is why i change it.
@Gon
can you post the new questions please? mega.nz link doesn’t work for me?
@Gon awesome thank you!!
Enuf said! thanks to the wonderful community i have confidence when i will be going for my exam tomorrow…..thanks Gon Freecs will let you guys know my result….
@Danny
Good luck with your exam, let us know how you do?
@All
Can the updated Gon be shared via another share not mega.nz please.
taking the exam today. I’ll keep you guys posted
@Chuck
Good luck.
@Gon,
for this question…
New Question. Cisco prime Infrastructure allow location and IPS in wireless?
A. Cisco Security manager
B. ISE
C. WLC
D.
Was D, MSE? Do you remember?
Those are the questions.
QUESTION 50
New Question. Which command you can use to enable TrustSEc in ASA (CLI)
A.
B.
C. cts sxp enable
D.
Correct Answer: C
QUESTION 51
Question Change. An engineer is configuring MACsec encryption. Which component does MACsec encryption
support?
A. Switch-to-switch connection
B. User-facing downlink support
C. Switch port connected to other switches
D. Host-facing links
Correct Answer: B
QUESTION 52
New question. something about deploy…. in datacenter enviroment with VMs
A. AsaV in front-end
B. VSG in front-end
C. AsaV in Back-end
D. VSG in back-end
Correct Answer: ??
QUESTION 53
New Question. Something about MKA and MACSec?
A.
B.
C.
D.
Correct Answer: ??
QUESTION 54
New Question. Which would prevent when you use DHCP snooping?
A.
B. DHCP starvation
C.
D.
Correct Answer: B
QUESTION 55
Question Change. Which two best practice can mitigate layer 2 attack on the network? (choose two)
A. Disabling DTP on all user access.
B. Enable DTP…….
C. Enable DTP…..
D. Put vlan 1 native in trunk ports
E. ……………
Correct Answer: AE
QUESTION 56
Question Change. HTTPS server is configured on a router for management. Which command will enable
ASDM?
A. Ip http secure-server 443
B. Ip http server secure-port 443
C. Ip http secure-port 443
D. Ip https secure-port 4443
Correct Answer: C
QUESTION 57
New Question. When you use ASA in transparent mode?
A. When you want ASA as default Gateway
B. When you want to put between two routers in differents IPs
C. When you want to put between two routers (same network)
D.
Correct Answer: C
QUESTION 58
New Question. Cisco prime Infrastructure allow location and IPS in wireless?
A. Cisco Security manager
B. ISE
C. WLC
D.
Correct Answer: A
QUESTION 59
New Question. Refer the exibit why the traffic drop?
A. The source reach internet
B. both ips are in the same interface
C.
D.
Correct Answer: B
QUESTION 60
New Question. Refer the exibit why the traffic drop?
A. …………
B. Destination port ….
C. Source port ….
D. Complete three hand-shake
Correct Answer: A
QUESTION 61
D&D Please define the process for TrustSEc in ASA
For Trustsec D&D based on the options Gon a friend told me, I believe this is the order. Wording of the options might not be exact. Reference: https:**www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/aaa_trustsec.html
Register with iSE
ASA downloads PAC
Device authenticates using Trustsec
Devices sends SGT to upstream switches
Receives petition and lookup for SGT
Enforces policy (not sure if this one is in the exam, but following the flow as per cisco document)
Good luck all!!!!
@All
Thanks for the updates. Really appreciated.
Chuck – any updates? Hope you did good
testing command
can’t post my message
Sorry for the late response but somehow, I was not able to post new messages in the forum this afternoon.
I passed with 9xx
I got new questions and I’m correcting a few ones from Gon’s last post.
Trustsec D&D – this is how I answered it
Register with iSE
ASA downloads PAC
Device authenticates using Trustsec
Devices sends SGT to upstream switches
Receives petition and lookup for SGT
the following are new
Attacks that can be avoided with Dynamic Arp
a. Man-in-the-middle (this is my answer)
How to enable IPV6 on Cisco ESA
A,b,c,d shows different commands
e. IPV6 is not supported (this is my answer, but I believe it was wrong)
Question showing the following screenshot: (https**//community.cisco.com/t5/firewalls/completely-disabling-cisco-asa-threat-detection/td-p/2519711) and asking which network will be excluded in shun
a.MGMT (this was my answer)
b.inside
c.outside
d.DMZ
question about the purpose of CSM
a. Facilitate management tasks (this was my answer)
Question about a true factor of CSM
a. CSM standard and UCS bundle supports FWSM
b. Only CSM Pro supports FWSM
c. Only CSM standard supports FWSM
d. Both CSM standard and PRO supports FWSM (this was my answer but not sure if it was correct)
The rest of the new questions are in Gon’s file.
Good luck
the question about Cisco prime needs an integration that allows WIPS and location for wireless.
The missing option in Gon’s file is MSE. That was my answer.
@Chuck, well done and thanks for the update.
Was below question on the exam?
Refer to the exhibit.
A network engineer applies the configuration shown to set up a capture on a Cisco adaptive security appliance.
When attempting to start a capture this error message is observed:
ERROR: capture doesn´t support access-list containing mixed policies
For which two reasons does this error message occur? (choose two)
A. Access list type is incorrect
B. IPv6 is enabled on the cisco ASA
C. A name ACL is required
D. IPV4 is not specified on the access list with ¨Any4¨ keyword
E. The ACL number is correct
Because I’ve tried this, and D is correct for certain, but I don’t think C is correct as I created a numbered ACL (20) and it worked OK?
https**//www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-1/administrator/guide/PIAdminBook/licensing.html
MSE Licensing
The MSE packages together multiple product features related to network topology, design such as NMSP, Network Repository along with related Service Engines, and application processes, such as the following:
– Context-Aware Service
– Wireless Intrusion Prevention System (WIPS)
To enable smooth management of MSE and its services, various licenses are offered.
You must have a Cisco Prime Infrastructure license to use MSE and its associated services.
Well done Chuck thanks for updates!! You relax now!!
Not sure if this question is regarding license, but from the link below, table 2-2 would suggest the answer is B
https**//www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-8/installation/guide/IG/licensing.html
Table 2-2 Comparison of Professional Base Versions with Standard Base Versions
Feature –> Support for the management of firewall service modules
Supported in Professional? –> Yes Supported in Standard? –> No
Question about a true factor of CSM
a. CSM standard and UCS bundle supports FWSM
b. Only CSM Pro supports FWSM
c. Only CSM standard supports FWSM
d. Both CSM standard and PRO supports FWSM (this was my answer but not sure if it was correct)
What do you think?
Link below would suggest ESA does support IPv6
https**//www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_chapter_010.html
@scubasteve, no I didn’t get that question in my exam.
QUESTION 52
New question. something about deploy…. in datacenter enviroment with VMs
A. AsaV in front-end
B. VSG in front-end
C. AsaV in Back-end
D. VSG in back-end
Correct Answer: A e B ?
Any updates? Things are close to end… there must be answers
NTP D&D
https**www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/basic_hostname_pw.html#94744
Asa CLI, 8.4 and 8.6
Step 1 ntp authenticate
Step 2 ntp trusted-key key_id
Step 3 ntp authentication-key key_id md5 key
Step 4 ntp server ip_address [ key key_id ] [ source interface_name ] [ prefer ]
QUESTION 52
New question. something about deploy…. in datacenter enviroment with VMs
A. AsaV in front-end
B. VSG in front-end
C. AsaV in Back-end
D. VSG in back-end
Correct Answer: A e B ?
I think AD, but not 100% sure.
https**//www.ciscolive.com/c/dam/r/ciscolive/us/docs/2016/pdf/BRKSEC-3000.pdf
How will Send updates? They must share!!
A customer has two ISPs for internet traffic and a firewall with one interface configured to each ISP. An engineer discovers these is asymmetric routing when using the internet; traffic leaving is using IPS 1 and returning traffic is using ISP 2. Which feature fixes this connectivity?
A. Network address translation
B. Routed mode
C. Multiple contexts
D. Security zones
I think “A” is the correct answer, but in comment I read D is the answer.
@dOres1
Really? You think of NAT? You are silly my friend
Further d0re1 learning ant provide useful posts
is gon 61 question dumps still valid? is that ok to depend on gon only? Appreciate if anyone given exam today or can confirm.
@Chunky
Which two feature are supported with the ASA packet-tracer command? (choose Two)
A. Injecting tracer packets through the firewall into the data path – (Correct)
B. Debugging packets in noncluster nodes – (Incorrect, debugging packets across cluster nodes)
C. Simulating a packet decrypt – (Correct, as per the link)
D. Injecting modified ICMP packet through the firewall into the data path – (Incorrect)
E. Displaying each matching policy as a packet transits the firewall – (Wording?)
AC looks correct, the wording of E for me doesn’t sound correct. Also, follow the link below, it mentions Simulating a packet decrypt.
https**//www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/p1.html
It is possible to inject a decrypted packet in a VPN tunnel, which is generic and applicable for both IPSec and TLS. It is also possible to simulate a packet that comes across a VPN tunnel. The simulated ‘decrypted’ packet would be matched against an existing VPN tunnel and the associated tunnel policies would be applied.
Hi!
Passed my 300-206 exam with 9xx on 14/Feb/2020.
I used PassLeader 300-206 dumps (494q NEW version), very stable and valid for passing.
I saw about 5 new questions, not too difficult if you know the basics.
Good luck, all!
And,
The new PassLeader 300-206 dumps (Updated Recently) now are available, here are part of 300-206 exam questions (FYI):
[Get the download link at the end of this post]
NEW QUESTION 481
An engineer wants to ensure that a multicontext Cisco ASA determines the proper context to send a packet. Which two classification criteria must be unique for each context for this determination to occur? (Choose two.)
A. ARP table
B. transparent forwarding
C. session state
D. interfaces
E. MAC addresses
Answer: DE
NEW QUESTION 482
Which two device types can you examine with a TrustSec Readiness Assessment report? (Choose two.)
A. SGACL devices
B. TrustSec incapable devices
C. enforcement devices
D. authentication devices
E. security group tagging devices
Answer: BC
NEW QUESTION 483
An engineer has found that threat detection has been turned on by default on a Cisco ASA. Which two security events are monitored? (Choose two.)
A. number of times the rates were exceeded
B. total number of malformed packets received
C. denial of service attack occurrences
D. packets allowed by the inspection engine
E. concurrent NAT interface overload addresses
Answer: AC
NEW QUESTION 484
Which two values must you provide when you use a CSV file to import devices into Cisco Prime Infrastructure? (Choose two.)
A. device model number
B. SNMP version
C. device serial number
D. device IP address
E. EtherType field
Answer: BD
NEW QUESTION 485
Which two features does DNSSEC leverage for proper functionality? (Choose two.)
A. It uses TCP to ensure reliable delivery.
B. It uses UDP to reduce the DNS responses time.
C. It uses EDNS to manage the larger DNS packets it requires.
D. It uses UDP to minimize packet size.
E. It uses AD and DO inside UDP to reduce response time.
Answer: CE
NEW QUESTION 486
Which two unified communications protocols can be inspected for an anomaly by using the Cisco ASA 5500 Series firewall? (Choose two.)
A. RSH
B. SCP
C. MGCP
D. TFTP
E. RTSP
Answer: CE
NEW QUESTION 487
Which purpose of MKA in a MACsec deployment is true?
A. It encrypts traffic between switches.
B. It transports EAP messages from access switches to the RADIUS server.
C. It provides additional security features beyond the default SAP key exchange.
D. It encrypts traffic between the downlink port and the endpoint of the switch.
Answer: D
NEW QUESTION 488
Due to a traffic storm on your network, two interfaces were error-disabled and both interfaces sent SNMP traps. In which two ways can the interfaces be back into service? (Choose two.)
A. If the snmp-server enable traps command is enabled, the ports return to service automatically after 300 seconds.
B. If EEM is configured, the ports return to service automatically in less than 300 seconds.
C. If the administrator enters the shutdown and no shutdown commands on the interfaces.
D. If the interfaces are configured with the error-disable detection and recovery feature, the interfaces will be returned to service automatically.
E. If Cisco Prime is configured, it issues an SNMP set command to re-enable the ports after the preconfigured interval.
Answer: CD
NEW QUESTION 489
You need to increase the level of security for the management traffic accessing a Cisco router. You plan to enable HTTPS. Which action do you take on the router?
A. Disable TCP port 23.
B. Generate an RSA key.
C. Enable SCP.
D. Enable TLS.
Answer: D
NEW QUESTION 490
Which action do you take on a Cisco router to limit the management traffic to only one interface?
A. Filter incoming connections by applying an extended ACL on a loopback interface.
B. Filter incoming connections by applying a standard ACL on a SVI.
C. Utilize the Management Plan Protection feature.
D. Add an interface by using the management-interface command.
Answer: C
NEW QUESTION 491
……
P.S.
PassLeader 300-206 dumps FYI:
od.lk/fl/NjFfMTUyNjc0M18
(494q~~~NEW VERSION DUMPS!!!)
Good Luck!!!
[(copy that link and open it in your web browser!!!)]
What’s more:
1. PassLeader 300-208 dumps FYI:
od.lk/fl/NjFfMTUyNjc0NV8
(521q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
2. PassLeader 300-209 dumps FYI:
od.lk/fl/NjFfMTUyNjc0N18
(459q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
3. PassLeader 300-210 dumps FYI:
od.lk/fl/NjFfMTUyNjc0OV8
(499q~~~NEW VERSION DUMPS!!!)
~~~~~~~~~~~~~~~~~~~~~~~~~
Good Luck!!!
[(copy those links and open them in your web browser!!!)]
The ISAKMP MM1 main mode message is sent from the spoke to the hub using the default IKE port.
The hub processes received MM1 and replies with an appropriate ISAKMP policy MM2 message.
The spoke receives an MM2 message, sends an MM3.
The hub receives MM3 and replies by sending MM4.
The spoke replies on pofwdrt UDP4500 if NAT is detected in the transit path or UDP500 when NAT-T is not detected.
The hub replies by sending MM6, which completes the main mode exchange.
The spoke validates the received ISAKMP policy.
The NHRP Registration Request is encapsulated in GRE….