Which of the following would need to be created to configure an application-layer inspection of SMTP traffic operating on port 2525?

Which of the following would need to be created to configure an application-layer inspection of
SMTP traffic operating on port 2525?

Which of the following would need to be created to configure an application-layer inspection of
SMTP traffic operating on port 2525?

A.
A class-map that matches port 2525 and applying an inspect ESMTP policy-map for that class in
the global inspection policy

B.
A policy-map that matches port 2525 and applying an inspect ESMTP class-map for that policy

C.
An access-list that matches on TCP port 2525 traffic and applying it on an interface with the
inspect option

D.
A class-map that matches port 2525 and applying it on an access-list using the inspect option



Leave a Reply 3

Your email address will not be published. Required fields are marked *


Chloe

Chloe

2017 new updated 300-206 exam questions:
QUESTION 101
Which two statements about zone-based firewalls are true? (Choose two.)

A. More than one interface can be assigned to the same zone.
B. Only one interface can be in a given zone.
C. An interface can only be in one zone.
D. An interface can be a member of multiple zones.
E. Every device interface must be a member of a zone.

Answer: AC

QUESTION 102
An attacker has gained physical access to a password protected router. Which command will prevent access to the startup-config in NVRAM?

A. no service password-recovery
B. no service startup-config
C. service password-encryption
D. no confreg 0x2142

Answer: A

QUESTION 103
Which command tests authentication with SSH and shows a generated key?

A. show key mypubkey rsa
B. show crypto key mypubkey rsa
C. show crypto key
D. show key mypubkey

Answer: B

QUESTION 104
Which configuration keyword will configure SNMPv3 with authentication but no encryption?

A. Auth
B. Priv
C. No auth
D. Auth priv

Answer: A

QUESTION 105
In IOS routers, what configuration can ensure both prevention of ntp spoofing and accurate time ensured?

A. ACL permitting udp 123 from ntp server
B. ntp authentication
C. multiple ntp servers
D. local system clock

Answer: B

QUESTION 106
Which product can manage licenses, updates, and a single signature policy for 15 separate IPS appliances?

A. Cisco Security Manager
B. Cisco IPS Manager Express
C. Cisco IPS Device Manager
D. Cisco Adaptive Security Device Manager

Answer: A

QUESTION 107
Which three statements about private VLANs are true? (Choose three.)

A. Isolated ports can talk to promiscuous and community ports.
B. Promiscuous ports can talk to isolated and community ports.
C. Private VLANs run over VLAN Trunking Protocol in client mode.
D. Private VLANS run over VLAN Trunking Protocol in transparent mode.
E. Community ports can talk to each other as well as the promiscuous port.
F. Primary, secondary, and tertiary VLANs are required for private VLAN implementation.

Answer: BDE

QUESTION 108
When you set a Cisco IOS Router as an SSH server, which command specifies the RSA public key of the remote peer when you set the SSH server to perform RSA-based authentication?

A. router(config-ssh-pubkey-user)#key
B. router(conf-ssh-pubkey-user)#key-string
C. router(config-ssh-pubkey)#key-string
D. router(conf-ssh-pubkey-user)#key-string enable ssh

Answer: B

QUESTION 109
Enabling what security mechanism can prevent an attacker from gaining network topology information from CDP via a man-in-the-middle attack?

A. MACsec
B. Flex VPN
C. Control Plane Protection
D. Dynamic Arp Inspection

Answer: A

QUESTION 110
On an ASA running version 9.0, which command is used to nest objects in a pre-existing group?

A. object-group
B. network group-object
C. object-group network
D. group-object

Answer: D

more new 300-206 exam questions:
https://drive.google.com/folderview?id=0B272WrTALRHcSzRwRV9LM1pOcWs&usp=sharing

Chloe

Chloe

and if you don’t have enough time for exam preparation, you also can try this:https://www.braindump2go.com/300-206.html, this file covers all new questions in step with the cisco official exam center. you can have a try on this 300-206 pdf and 300-206 vce