[May-2018-New]100% Valid 200-601 Dumps VCE and PDF 90Q Provided by Braindump2go[68-78]

2018 May New Cisco 200-601 Exam Dumps with PDF and VCE Just Updated Today! Following are some new 200-601 Real Exam Questions:

1.|2018 Latest 200-601 Exam Dumps (PDF & VCE) 90Q Download:
https://www.braindump2go.com/200-601.html

2.|2018 Latest 200-601 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNWTIxdF9WZmZqMms?usp=sharing

QUESTION 68
After commissioning several Stratix 5700 switches in a ring topology, you want to verify the installation against the network logical design. Specifically, you want to verify where the IGMP querier resides. What command can be issued in CLI to display the IP of the querier per VLAN?

A. switch# show ip igmp snooping querier
B. switch# show igmp snooping querier
C. switch# show igmp querier
D. switch# show ip igmp querier

Answer: A
QUESTION 69
Which in-depth approach is used when deploying defense in an industrial zone?

A. Use PLCs and control systems from multiple vendors in such a way that the process will become resilient for failures of one vendor.
B. Deploy two factor authentications for all operators which need to login remote while working from home.
C. Collect log files at a central location for easy back-up and encryption to provide privacy.
D. Create multiple zones in the industrial zone and protect / inspect traffic between the zones with firewalls and intrusion monitors.

Answer: D

QUESTION 70
How are I/O timeout and Safety I/O timeout calculated?

A. An I/O connection will timeout based on the lower of 4x RPI or 100ms.
Safety I/O timeout is calculated as 4xRPI.
B. An I/O connection will timeout based on the lower of 3x RPI or 100ms.
Safety I/O timeout is calculated as 3xRPI.
C. An I/O connection will timeout based on the lower of 4x RPI or 150ms.
Safety I/O timeout is calculated as 2xRPI.
D. An I/O connection will timeout based on the lower of 3x RPI or 150ms.
Safety I/O timeout is calculated as 3xRPI.

Answer: A

QUESTION 71
Refer to the exhibit. CCNA.com has the industrial network shown in the exhibit.
All switches are configured as layer 2 switches and are using VLAN 1 as their management VLAN.
Each VLAN 1 interface has been assigned the correct IP address.
What is the purpose of assigning a default gateway to SW-C switch?

A. allows connectivity between the VLAN 1 interface on SW-C and other devices in the network.
B. allows connectivity between Host A and other devices in the network.
C. allows connectivity between Host B and other devices in the network.
D. allows the switch to pass traffic between Host A and Host B

Answer: A

QUESTION 72
Refer to the exhibit. Host 3 on Network A is sending data to Host 8 on Network B.
Which address is the default gateway of Host 3?

A. the address of the switch interface that is connected to router interface Fa0/0
B. the address of the switch interface that is connected to router interface Fa0/1
C. the address of the host that is connected to Network A
D. the address of the host that is connected to Network B
E. the address of the router interface Fa0/0
F. the address of the router interface Fa0/1

Answer: E

QUESTION 73
What are the two most relevant factors in determining the class of administration that is required to maintain the telecommunications infrastructure? (Choose two.)

A. the size of the infrastructure
B. the complexity of the infrastructure
C. the age of the infrastructure
D. the industry that the infrastructure supports
E. the physical environment of the infrastructure

Answer: AB

QUESTION 74
Which two ports does EtherNet/IP use to communicate? (Choose two.)

A. TCP 44818
B. UDP 44818
C. TCP 502
D. UDP 502
E. TCP 2222
F. UDP 2222

Answer: AF

QUESTION 75
Which of the following correctly pairs the dotted decimal subnet mask with the correct number of binary bits that represent the subnet mask?

A. 255.255.255.192 and /25
B. 255.255.255.248 and /28
C. 255.255.255.224 and /26
D. 255.255.255.248 and /27
E. 255.255.255.240 and /28
F. 255.255.255.240 and /16

Answer: E

QUESTION 76
Refer to the exhibit. What are three traffic and interconnection requirements for the devices in the exhibit? (Choose three.)

A. The EtherNet/IP drive connections are in a high-voltage area and need protection from electromagnetic noise, so shielded cable that is rated for 600 V is advised.
B. EtherNet/IP devices such as the controller, drive, VoIP phone, and IP camera should be in the same VLAN.
C. CIP traffic has the highest bandwidth requirement so it needs the highest QoS setting.
D. EtherNet/IP drive traffic has high sensitivity to random drops, latency, and jitter.
E. Real-time motion control and VoIP traffic can share the same VLAN with the proper QoS setting.
F. IEEE1588 and PTP are important for ensuring real-time synchronization.

Answer: ADF

QUESTION 77
You are a called upon to troubleshoot connectivity problems to a network device on a production floor. You have used ping and traceroute to verify that you cannot connect to the device from the management network. The network is 209.165.202.128/27 and the device has been given the IP address 209.165.202.158 and mask 255.255.255.224. You have verified that you can reach the device with your computer connected to the same switch as the device. What could be the cause of this problem?

A. The device is set to the wrong subnet mask.
B. The device is set to the wrong IP address.
C. The device has no IP default gateway.
D. The device is connected to a switchport in the wrong VLAN.

Answer: C

QUESTION 78
Which prompt is used to configure parameters for the Ethernet ports of an industrial switch?

A. Switch(config-if)#
B. Switch(config-if-ind)#
C. Switch(config-line)#
D. Switch(config-ind)#
E. Switch(config-vlan)#

Answer: A


!!!REDOMMEND!!!

1.|2018 Latest 200-601 Exam Dumps (PDF & VCE) 90Q Download:
https://www.braindump2go.com/200-601.html

2.|2018 Latest 200-601 Study Guide Video:

https://youtu.be/07100ZztBOA

[May-2018-New]High Quality Braindump2go 200-601 Exam PDF and VCE Dumps 90Q Free Share[46-56]

2018 May New Cisco 200-601 Exam Dumps with PDF and VCE Just Updated Today! Following are some new 200-601 Real Exam Questions:

1.|2018 Latest 200-601 Exam Dumps (PDF & VCE) 90Q Download:
https://www.braindump2go.com/200-601.html

2.|2018 Latest 200-601 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNWTIxdF9WZmZqMms?usp=sharing

QUESTION 46
It is common to use Resilient Ethernet Protocol (REP) on the manufacturing floor as a resiliency protocol, as opposed to the Enterprise where it is not generally deployed. What are two reasons why REP is more suitable for the plant floor? (Choose two)

A. REP is only supported on Industrial Ethernet switches, it is not supported on Catalyst switches.
B. REP converges faster than Spanning Tree, allowing for greater network availability.
C. REP supports Industrial Ethernet protocols better because it moves the packets faster.
D. Running dual cables from access switches to an aggregation switch can have a much higher cost on the plant floor than in the Enterprise and running a ring protocol like REP provides resiliency at a lower cost.
E. Industrial protocols can be negatively impacted by the number of nodes the Ethernet frame traverses, REP provides a topology with no more than 3 nodes for any data path.

Answer: BD

QUESTION 47
Which scenario represents the correct configuration to support the SSIDs of this autonomous access point?

A. Missing
B. Missing
C. Missing
D. Missing

Answer: D

QUESTION 48
In which two ways could you minimize the impact of monitoring an industrial network? (Choose two.)

A. Send random messages to a device and see what the response is.
B. Do frequent ping sweeps to industrial devices to check for their proper operations.
C. Make a copy of all the network traffic and analyze it offline.
D. Use an industrial-network-grade IDS-IPS system.

Answer: CD

QUESTION 49
Which option best describes the ProfiNET Discovery and Configuration Protocol (DCP)?

A. Can be used to override both static and dynamically (DHCP/BOOTP) assigned IP addresses
B. Cannot be used to reset a device to factory defaults
C. Is only supported in Conformance Class B and C devices
D. Uses the ProfiNET-IRT communication class

Answer: A

QUESTION 50
When troubleshooting a high packet loss condition in the network, the inspection area has an assessed M.I.C.E. value of M=1, I=1, C=3 and E=1. Which condition could be suspect?

A. Use of shielded Patch Cables, Bonded on one end only.
B. Use of unshielded Patch Cables.
C. Broken seal on bulkhead connector.
D. Oxidation on Shielded RJ45 Patch Plug

Answer: D

QUESTION 51
Refer to the exhibit. You are required to implement traffic segmentation in the network. See the table for relevant device details:

L2SW4, L2SW5, and L2SW6 are connected to L3SW1 with 802.1Q trunks with VLAN 191 and VLAN 398 allowed on the trunk.
You have the following information from L3SW1:
L3SW1# show run interfaces
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 10.2.2.2 255.255.255.248
!
interface Vlan191
ip address 10.10.27.126 255.255.255.192
!
interface Vlan200
ip address 10.20.20.1 255.255.255.248
!
interface Vlan398
ip address 10.15.153.1 255.255.255.0
L3SW1# show ip route
*** Output Omitted ***
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 10.2.2.1/29 is directly connected, Vlan2
C 10.10.27.64/26 is directly connected, Vlan191
C 10.15.153.0/24 is directly connected, Vlan398
C 10.20.20.0/29 is directly connected, Vlan200
S 10.200.200.0/24 [1/0] via 10.20.20.2
S* 0.0.0.0/0 [1/0] via 10.2.2.1
You are required to implement a configuration that will meet the following connectivity requirements:
– The Administrator’s Station must have full access to PanelView
– PanelView should have limited access, based on specific TCP ports, to PLC#1 and I/O#1
– The Administrator’s Station should have no access to PLC#1 and I/O#1
– PLC#1 and I/O#1 should be able to communicate with each other on any port
Which action will allow you to meet the connectivity requirements?

A. Put interface VLAN 191 and interface VLAN 398 into different Virtual Routing and Forwarding (VRF) instances on L3SW1
B. Deploy an inbound ACL on interface VLAN 191 to control the traffic from the Administrator’s Station and PanelView to PLC#1 and I/O#1
C. No change is required, the traffic is already limited appropriately by the VLAN segmentation
D. Implement an ACL on Firewall1 to control the traffic flow between VLAN 191 and VLAN

Answer: B

QUESTION 52
It is determined that an intermittent high packet loss event is occurring within a segment of the network. The assigned task is to determine the cause.
Which of these conditions should be suspected?

A. Missing
B. Missing
C. Missing
D. Missing

Answer: D

QUESTION 53
You have been tasked to design an Ethernet network capable of Motion control with cycle times not to exceed 1ms. In order to create a more deterministic network, what characteristic/s should you primarily focus on?

A. Lattency and Jitter
B. Redundancy and high availability
C. Explicit and Implicit messaging
D. This cycle time is not possible on an Ethernet network
E. Gigabit port speed

Answer: A

QUESTION 54
ProfiNET has been disabled on a Cisco Industrial Ethernet switch. Which CLI command will correctly enable ProfiNET on the switch?

A. switch(config)#profinet
B. switch(config-if)#switchport profinet vlan 10
C. switch(config)#vlan 10 profinet
D. switch#enable profinet

Answer: A

QUESTION 55
Which describes a best practice rule for controlling traffic between the corporate network and the controls network?

A. Outbound traffic from the control network to the corporate network and outbound traffic from the corporate network to the control network can be restricted based on source and destination address only.
B. Outbound traffic from the corporate network to the control network should be restricted but outbound traffic from the control network to the corporate network should not be restricted.
C. Outbound traffic from the control network to the corporate network should be restricted based on source and destination address and service only.
D. Outbound traffic from the control network to the corporate network should be restricted based on source and destination address, service, and port.

Answer: D

QUESTION 56
Which statement is true regarding ProfiSAFE?

A. ProfiSAFE traffic must be carried on a network that is physically separated from automation traffic
B. ProfiSAFE relies on the error detection mechanisms of Ethernet and TCP/IP to determine if there are network errors
C. ProfiSAFE can be used in safety applications up to Safety Integrity Level 3 (SIL3)
D. ProfiSAFE is only used by ProfiBUS PA and ProfiBUS DA devices

Answer: C


!!!REDOMMEND!!!

1.|2018 Latest 200-601 Exam Dumps (PDF & VCE) 90Q Download:
https://www.braindump2go.com/200-601.html

2.|2018 Latest 200-601 Study Guide Video:

https://youtu.be/07100ZztBOA

[May-2018-New]Valid Braindump2go 300-206 Questions PDF 315Q Offer[133-143]

2018 May New Cisco 300-206 Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-206 Real Exam Questions:

1.|2018 Latest 300-206 Exam Dumps (PDF & VCE) 315Q Download:
https://www.braindump2go.com/300-206.html

2.|2018 Latest 300-206 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNOXZTcmdGNEh2UU0?usp=sharing

QUESTION 133
You have installed a web server on a private network. Which type of NAT must you implement to enable access to the web server for public Internet users?

A. static NAT
B. dynamic NAT
C. network object NAT
D. twice NAT

Answer: A

QUESTION 134
Which type of object group will allow configuration for both TCP 80 and TCP 443?

A. service
B. network
C. time range
D. user group

Answer: A

QUESTION 135
When you configure a Botnet Traffic Filter on a Cisco firewall, what are two optional tasks? (Choose two.)

A. Enable the use of dynamic databases.
B. Add static entries to the database.
C. Enable DNS snooping.
D. Enable traffic classification and actions.
E. Block traffic manually based on its syslog information.

Answer: BE

QUESTION 136
Refer to the exhibit. What is the effect of this configuration?

A. The firewall will inspect IP traffic only between networks 192.168.1.0 and 192.168.2.0.
B. The firewall will inspect all IP traffic except traffic to 192.168.1.0 and 192.168.2.0.
C. The firewall will inspect traffic only if it is defined within a standard ACL.
D. The firewall will inspect all IP traffic.

Answer: A

QUESTION 137
When you configure a Cisco firewall in multiple context mode, where do you allocate interfaces?

A. in the system execution space
B. in the admin context
C. in a user-defined context
D. in the global configuration

Answer: A

QUESTION 138
At which layer does Dynamic ARP Inspection validate packets?

A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 7

Answer: A

QUESTION 139
Which feature can suppress packet flooding in a network?

A. PortFast
B. BPDU guard
C. Dynamic ARP Inspection
D. storm control

Answer: D

QUESTION 140
What is the default violation mode that is applied by port security?

A. restrict
B. protect
C. shutdown
D. shutdown VLAN

Answer: C

QUESTION 141
What are two security features at the access port level that can help mitigate Layer 2 attacks? (Choose two.)

A. DHCP snooping
B. IP Source Guard
C. Telnet
D. Secure Shell
E. SNMP

Answer: AB

QUESTION 142
At which layer does MACsec provide encryption?

A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4

Answer: B

QUESTION 143
What are two enhancements of SSHv2 over SSHv1? (Choose two.)

A. VRF-aware SSH support
B. DH group exchange support
C. RSA support
D. keyboard-interactive authentication
E. SHA support

Answer: AB


!!!REDOMMEND!!!
1.|2018 Latest 300-206 Exam Dumps (PDF & VCE) 315Q Download:
https://www.braindump2go.com/300-206.html

2.|2018 Latest 300-206 Study Guide Video:
https://youtu.be/_WvexFqQgoA

[May-2018-New]100% Success-Braindump2go 300-206 VCE and PDF Dumps 315Q Instant Download[119-129]

2018 May New Cisco 300-206 Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-206 Real Exam Questions:

1.|2018 Latest 300-206 Exam Dumps (PDF & VCE) 315Q Download:
https://www.braindump2go.com/300-206.html

2.|2018 Latest 300-206 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNOXZTcmdGNEh2UU0?usp=sharing

QUESTION 119
Which two configurations are necessary to enable password-less SSH login to an IOS router? (Choose two.)

A. Enter a copy of the administrator’s public key within the SSH key-chain
B. Enter a copy of the administrator’s private key within the SSH key-chain
C. Generate a 512-bit RSA key to enable SSH on the router
D. Generate an RSA key of at least 768 bits to enable SSH on the router
E. Generate a 512-bit ECDSA key to enable SSH on the router
F. Generate a ECDSA key of at least 768 bits to enable SSH on the router

Answer: AD

QUESTION 120
Which two features does Cisco Security Manager provide? (Choose two.)

A. Configuration and policy deployment before device discovery
B. Health and performance monitoring
C. Event management and alerting
D. Command line menu for troubleshooting
E. Ticketing management and tracking

Answer: BC

QUESTION 121
An administrator installed a Cisco ASA that runs version 9.1. You are asked to configure the firewall through Cisco ASDM.
When you attempt to connect to a Cisco ASA with a default configuration, which username and password grants you full access?

A. admin / admin
B. asaAdmin / (no password)
C. It is not possible to use Cisco ASDM until a username and password are created via the username usernamepassword password CLI command.
D. enable_15 / (no password)
E. cisco / cisco

Answer: D

QUESTION 122
Which three options are default settings for NTP parameters on a Cisco ASA? (Choose three.)

A. NTP authentication is enabled.
B. NTP authentication is disabled.
C. NTP logging is enabled.
D. NTP logging is disabled.
E. NTP traffic is not restricted.
F. NTP traffic is restricted.

Answer: BDE

QUESTION 123
Which two options are purposes of the packet-tracer command? (Choose two.)

A. to filter and monitor ingress traffic to a switch
B. to configure an interface-specific packet trace
C. to simulate network traffic through a data path
D. to debug packet drops in a production network
E. to automatically correct an ACL entry in an ASA

Answer: CD

QUESTION 124
Refer to the exhibit. Server A is a busy server that offers these services:
– World Wide Web
– DNS
Which command captures http traffic from Host A to Server A?

A. capture traffic match udp host 10.1.1.150 host 10.2.2.100
B. capture traffic match 80 host 10.1.1.150 host 10.2.2.100
C. capture traffic match ip 10.2.2.0 255.255.255.192 host 10.1.1.150
D. capture traffic match tcp host 10.1.1.150 host 10.2.2.100
E. capture traffic match tcp host 10.2.2.100 host 10.1.1.150 eq 80

Answer: D

QUESTION 125
Your company is replacing a high-availability pair of Cisco ASA 5550 firewalls with the newer Cisco ASA 5555-X models. Due to budget constraints, one Cisco ASA 5550 will be replaced at a time.
Which statement about the minimum requirements to set up stateful failover between these two firewalls is true?

A. You must install the USB failover cable between the two Cisco ASAs and provide a 1 Gigabit Ethernet interface for state exchange.
B. It is not possible to use failover between different Cisco ASA models.
C. You must have at least 1 Gigabit Ethernet interface between the two Cisco ASAs for state exchange.
D. You must use two dedicated interfaces. One link is dedicated to state exchange and the other link is for heartbeats.

Answer: B

QUESTION 126
In which two modes is zone-based firewall high availability available? (Choose two.)

A. IPv4 only
B. IPv6 only
C. IPv4 and IPv6
D. routed mode only
E. transparent mode only
F. both transparent and routed modes

Answer: CD

QUESTION 127
You are the administrator of a multicontext transparent-mode Cisco ASA that uses a shared interface that belongs to more than one context. Because the same interface will be used within all three contexts, which statement describes how you will ensure that return traffic will reach the correct context?

A. Interfaces may not be shared between contexts in routed mode.
B. Configure a unique MAC address per context with the no mac-address auto command.
C. Configure a unique MAC address per context with the mac-address auto command.
D. Use static routes on the Cisco ASA to ensure that traffic reaches the correct context.

Answer: C

QUESTION 128
A rogue device has connected to the network and has become the STP root bridge, which has caused a network availability issue.
Which two commands can protect against this problem? (Choose two.)

A. switch(config)#spanning-tree portfast bpduguard default
B. switch(config)#spanning-tree portfast bpdufilter default
C. switch(config-if)#spanning-tree portfast
D. switch(config-if)#spanning-tree portfast disable
E. switch(config-if)#switchport port-security violation protect
F. switch(config-if)#spanning-tree port-priority 0

Answer: AC

QUESTION 129
According to Cisco best practices, which two interface configuration commands help prevent VLAN hopping attacks? (Choose two.)

A. switchport mode access
B. switchport access vlan 2
C. switchport mode trunk
D. switchport access vlan 1
E. switchport trunk native vlan 1
F. switchport protected

Answer: AB


!!!REDOMMEND!!!
1.|2018 Latest 300-206 Exam Dumps (PDF & VCE) 315Q Download:
https://www.braindump2go.com/300-206.html

2.|2018 Latest 300-206 Study Guide Video:
https://youtu.be/_WvexFqQgoA

[May-2018-New]Exam Pass 100%!Braindump2go 300-206 PDF Dumps 315Q Instant Download[108-118]

2018 May New Cisco 300-206 Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-206 Real Exam Questions:

1.|2018 Latest 300-206 Exam Dumps (PDF & VCE) 315Q Download:
https://www.braindump2go.com/300-206.html

2.|2018 Latest 300-206 Exam Questions & Answers Download:
https://drive.google.com/drive/folders/0B75b5xYLjSSNOXZTcmdGNEh2UU0?usp=sharing

QUESTION 108
When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of the remote peer when you set the SSH server to perform RSA-based authentication?

A. router(config-ssh-pubkey-user)#key
B. router(conf-ssh-pubkey-user)#key-string
C. router(config-ssh-pubkey)#key-string
D. router(conf-ssh-pubkey-user)#key-string enable ssh

Answer: B

QUESTION 109
Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP via a man-in-the-middle attack?

A. MACsec
B. Flex VPN
C. Control Plane Protection
D. Dynamic Arp Inspection

Answer: A

QUESTION 110
On an ASA running version 9.0, which command is used to nest objects in a pre-existing group?

A. object-group
B. network group-object
C. object-group network
D. group-object

Answer: D

QUESTION 11
Which ASA feature is used to keep track of suspected attackers who create connections to too many hosts or ports?

A. complex threat detection
B. scanning threat detection
C. basic threat detection
D. advanced threat detection

Answer: B

QUESTION 112
What is the default behavior of an access list on a Cisco ASA?

A. It will permit or deny traffic based on the access list criteria.
B. It will permit or deny all traffic on a specified interface.
C. It will have no affect until applied to an interface, tunnel-group or other traffic flow.
D. It will allow all traffic.

Answer: C

QUESTION 113
When configuring a new context on a Cisco ASA device, which command creates a domain for the context?

A. domain config name
B. domain-name
C. changeto/domain name change
D. domain context 2

Answer: B

QUESTION 114
Which statement describes the correct steps to enable Botnet Traffic Filtering on a Cisco ASA version 9.0 transparent-mode firewall with an active Botnet Traffic Filtering license?

A. Enable DNS snooping, traffic classification, and actions.
B. Botnet Traffic Filtering is not supported in transparent mode.
C. Enable the use of the dynamic database, enable DNS snooping, traffic classification, and actions.
D. Enable the use of dynamic database, enable traffic classification and actions.

Answer: C

QUESTION 115
Which Cisco switch technology prevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast flood on a port?

A. port security
B. storm control
C. dynamic ARP inspection
D. BPDU guard
E. root guard
F. dot1x

Answer: B

QUESTION 116
You are a security engineer at a large multinational retailer. Your Chief Information Officer recently attended a security conference and has asked you to secure the network infrastructure from VLAN hopping.
Which statement describes how VLAN hopping can be avoided?

A. There is no such thing as VLAN hopping because VLANs are completely isolated.
B. VLAN hopping can be avoided by using IEEE 802.1X to dynamically assign the access VLAN to all endpoints and setting the default access VLAN to an unused VLAN ID.
C. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an ISL trunk to an unused VLAN ID.
D. VLAN hopping is avoided by configuring the native (untagged) VLAN on both sides of an IEEE 802.1Q trunk to an unused VLAN ID.

Answer: D

QUESTION 117
You are the administrator of a Cisco ASA 9.0 firewall and have been tasked with ensuring that the Firewall Admins Active Directory group has full access to the ASA configuration. The Firewall Operators Active Directory group should have a more limited level of access.
Which statement describes how to set these access levels?

A. Use Cisco Directory Agent to configure the Firewall Admins group to have privilege level 15 access. Also configure the Firewall Operators group to have privilege level 6 access.
B. Use TACACS+ for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group.
Configure level 15 access to be assigned to members of the Firewall Admins group.
C. Use RADIUS for Authentication and Authorization into the Cisco ASA CLI, with ACS as the AAA server. Configure ACS CLI command authorization sets for the Firewall Operators group.
Configure level 15 access to be assigned to members of the Firewall Admins group.
D. Active Directory Group membership cannot be used as a determining factor for accessing the Cisco ASA CLI.

Answer: B

QUESTION 118
A router is being enabled for SSH command line access.
The following steps have been taken:
– The vty ports have been configured with transport input SSH and login local.
– Local user accounts have been created.
– The enable password has been configured.
What additional step must be taken if users receive a ‘connection refused’ error when attempting to access the router via SSH?

A. A RSA keypair must be generated on the router
B. An access list permitting SSH inbound must be configured and applied to the vty ports
C. An access list permitting SSH outbound must be configured and applied to the vty ports
D. SSH v2.0 must be enabled on the router

Answer: A


!!!REDOMMEND!!!
1.|2018 Latest 300-206 Exam Dumps (PDF & VCE) 315Q Download:
https://www.braindump2go.com/300-206.html

2.|2018 Latest 300-206 Study Guide Video:
https://youtu.be/_WvexFqQgoA

[May-2018-New]100% Real Exam Questions-Braindump2go 300-206 Exam Dumps PDF and VCE Dumps 315Q Download[97-107]

2018 May New Cisco 300-206 Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-206 Real Exam Questions:

Continue reading “[May-2018-New]100% Real Exam Questions-Braindump2go 300-206 Exam Dumps PDF and VCE Dumps 315Q Download[97-107]”

[May-2018-New]100% Real Exam Questions-Braindump2go 300-206 Exam Dumps PDF and VCE Dumps 315Q Download[97-107]

2018 May New Cisco 300-206 Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-206 Real Exam Questions:

Continue reading “[May-2018-New]100% Real Exam Questions-Braindump2go 300-206 Exam Dumps PDF and VCE Dumps 315Q Download[97-107]”

[April-2018-New]Braindump2go 300-210 Exam Dumps 365Q Free Offer[187-197]

2018 April New Cisco 300-210 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-210 Real Exam Questions:

Continue reading “[April-2018-New]Braindump2go 300-210 Exam Dumps 365Q Free Offer[187-197]”

[April-2018-New]300-210 Brain Dumps PDF 365Q Instant Download in Braindump2go[176-186]

2018 April New Cisco 300-210 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-210 Real Exam Questions:

Continue reading “[April-2018-New]300-210 Brain Dumps PDF 365Q Instant Download in Braindump2go[176-186]”

[April-2018-New]Free 300-210 PDF Brain Dumps Offered by Braindump2go[165-175]

2018 April New Cisco 300-210 Real Exam Dumps with PDF and VCE Just Updated Today! Following are some new 300-210 Real Exam Questions:

Continue reading “[April-2018-New]Free 300-210 PDF Brain Dumps Offered by Braindump2go[165-175]”

Pages: 1 2 3 4 5 6 7 ... 97 98