ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-206 All Questions

View all questions & answers for the 300-206 exam
Go to Exam

Exam 300-206 topic 1 question 153 discussion

Actual exam question from Cisco's 300-206
Question #: 153
Topic #: 1
[All 300-206 Questions]

SIMULATION -
You are the network security engineer for the Secure-X network. The company has recently detected Increase of traffic to malware Infected destinations. The
Chief Security Officer deduced that some PCs in the internal networks are infected with malware and communicate with malware infected destinations.
The CSO has tasked you with enable Botnet traffic filter on the Cisco ASA to detect and deny further connection attempts from infected PCs to malware destinations. You are also required to test your configurations by initiating connections through the Cisco ASA and then display and observe the Real-Time Log
Viewer in ASDM.
To successfully complete this activity, you must perform the following tasks:
✑ Download the dynamic database and enable use of it.
✑ Enable the ASA to download of the dynamic database
✑ Enable the ASA to download of the dynamic database.
✑ Enable DNS snooping for existing DNS inspection service policy rules..
✑ Enable Botnet Traffic Filter classification on the outside interface for All Traffic.
✑ Configure the Botnet Traffic Filter to drop blacklisted traffic on the outside interface. Use the default Threat Level settings
NOTE: The database files are stored in running memory; they are not stored in flash memory.
NOTE: DNS is enabled on the inside interface and set to the HQ-SRV (10.10.3.20).
NOTE: Not all ASDM screens are active for this exercise.
✑ Verify that the ASA indeed drops traffic to blacklisted destinations by doing the following:
✑ From the Employee PC, navigate to http://www.google.com to make sure that access to the Internet is working.
✑ From the Employee PC, navigate to http://bot-sparta.no-ip.org. This destination is classified as malware destination by the Cisco SIO database.
✑ From the Employee PC, navigate to http://superzarabotok-gid.ru/. This destination is classified as malware destination by the Cisco SIO database.
✑ From Admin PC, launch ASDM to display and observe the Real-Time Log Viewer.
You have completed this exercise when you have configured and successfully tested Botnet traffic filter on the Cisco ASA.



Show Suggested Answer Hide Answer
Suggested Answer: See the explanation for detailed answer to this sim question
First, click on both boxes on the Botnet Database as shown below and hit apply:

Click Yes to send the commands when prompted.
Then, click on the box on the DNS Snooping page as shown below and hit apply:

Click Yes to send the commands when prompted.
Then, click on the box on the Traffic Settings tab as shown:

At which point this pop-up box will appear when you click on the Add button:

Click OK. Then Apply. Then Send when prompted.
Then verify that all is working according to the instructions given in the question.
by thanhtq00104 at April 3, 2025, 10:50 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Currently there are no comments in this discussion, be the first to comment!
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel