Exam 27 December 2019, Latest Cisco CCNA Security 640-554 exam questions and answers PDF
| Title | Exam 27 December 2019, Latest Cisco CCNA Security 640-554 exam questions and answers |
|---|---|
| Course | ECE |
| Institution | Univerzitet u Beogradu |
| Pages | 15 |
| File Size | 1.1 MB |
| File Type | |
| Total Downloads | 96 |
| Total Views | 128 |
Summary
Exam 640-554 "Implementing Cisco IOS Network Security (IINS v2.0)" lead4pass.com share for free...
Description
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
640-554Q&As Implementing Cisco IOS Network Security (IINS v2.0)
Pass Cisco 640-554 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: https://www.lead4pass.com/640-554.html
100% Passing Guarantee 100% Money Back Assurance Following Questions and Answers are all new published by Cisco Official Exam Center
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
1 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
QUESTION 1 Which statement about the Atomic signature engine is true? A. It can perform signature matching on a single packet only. B. It can perform signature matching on multiple packets. C. It can examine applications independent of the platform. D. It can flexibly match patterns in a session. Correct Answer: A
QUESTION 2 Scenario: You are the security admin for a small company. This morning your manager has supplied you with a list of Cisco ISR and CCP configuration questions. Using CCP, your job is to navigate the pre-configured CCP in order to find answers to your business question.
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
2 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
What NAT address will be assigned by ACL 1? A. 192.168.1.0/25 B. GlobalEthernet0/0 interface address. C. 172.25.223.0/24 D. 10.0.10.0/24 Correct Answer: C
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
3 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
QUESTION 3 What does level 5 in this enable secret global configuration mode command indicate? router#enable secret level 5 password A. The enable secret password is hashed using MD5. B. The enable secret password is hashed using SHA.
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
4 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
C. The enable secret password is encrypted using Cisco proprietary level 5 encryption. D. Set the enable secret command to privilege level 5. E. The enable secret password is for accessing exec privilege level 5. Correct Answer: D To configure the router to require an enable password, use either of the following commands in global configuration mode: Router(config)# enable password [level level] {password| encryption-type encrypted-password} Establishes a password for a privilege command mode. Router(config)# enable secret [level level] {password | encryption-type encrypted-password} Specifies a secret password, saved using a non-reversible encryption method. (If enable password and enable secret are both set, users must enter the enable secret password.) Use either of these commands with the level option to define a password for a specific privilege level. After you specify the level and set a password, give the password only to users who need to have access at this level. Use the privilege level configuration command to specify commands accessible at various levels. Reference: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfpass.html
QUESTION 4 What are three of the security conditions that Cisco Configuration Professional One-Step Lockdown can automatically detect and correct on a Cisco router? (Choose three.) A. One-Step Lockdown can set the enable secret password. B. One-Step Lockdown can disable unused ports. C. One-Step Lockdown can disable the TCP small servers service. D. One-Step Lockdown can enable IP Cisco Express Forwarding. E. One-Step Lockdown can enable DHCP snooping. F. One-Step Lockdown can enable SNMP version 3. Correct Answer: ACD One-Step Lockdown This option tests you router configuration for any potential security problems and automatically makes any necessary configuration changes to correct any problems found. The conditions checked for and, if needed, corrected are as follows: ?Disable Finger Service ?Disable PAD Service ?Disable TCP Small Servers Service ?Disable UDP Small Servers Service ?Disable IP BOOTP Server Service ?Disable IP Identification Service ?Disable CDP ?Disable IP Source Route ?Enable Password Encryption Service ?Enable TCP Keepalives for Inbound Telnet Sessions ?Enable TCP Keepalives for Outbound Telnet Sessions ?Enable Sequence Numbers and Time Stamps on Debugs ?Enable IP CEF ?Disable IP Gratuitous ARPs ?Set Minimum Password Length to Less Than 6 Characters ?Set Authentication Failure Rate to Less Than 3 Retries ?Set TCP Synwait Time ?Set Banner ?Enable Logging ?Set Enable Secret Password ?Disable SNMP ?Set Scheduler Interval ?Set Scheduler Allocate ?Set Users ?Enable Telnet Settings
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
5 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
?Enable NetFlow Switching ?Disable IP Redirects ?Disable IP Proxy ARP ?Disable IP Directed Broadcast ?Disable MOP Service ?Disable IP Unreachables ?Disable IP Mask Reply ?Disable IP Unreachables on NULL Interface ?Enable Unicast RPF on Outside Interfaces ?Enable Firewall on All of the Outside Interfaces ?Set Access Class on HTTP Server Service ?Set Access Class on VTY Lines ?Enable SSH for Access to the Router Reference: http://www.cisco.com/c/en/us/td/docs/routers/access/cisco_router_and_security_device_manager/24/softwar e/user/guide/SAudt.html
QUESTION 5 Which characteristic is a potential security weakness of a traditional stateful firewall? A. It cannot support UDP flows. B. It cannot detect application-layer attacks. C. It cannot ensure each TCP connection follows a legitimate TCP three-way handshake. D. It works only in promiscuous mode. E. The status of TCP sessions is retained in the state table after the sessions terminate. F. It has low performance due to the use of syn-cookies. Correct Answer: B http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/product_implementation_design_guide091 86a00800fd670.html Cisco IOS Firewall consists of several major subsystems: ?Stateful Packet Inspection provides a granular firewall engine ?Authentication Proxy offers a per-host access control mechanism ?Application Inspection features add protocol conformance checking and network use policy control Enhancements to these features extend these capabilities to VRF instances to support multiple virtual routers per device, and to Cisco Integrated Route-Bridging features to allow greater deployment flexibility, reduce implementation timelines, and ease requirements to add security to existing networks.
QUESTION 6 DRAG DROP Select and Place:
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
6 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
Correct Answer:
QUESTION 7 HOTSPOT
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
7 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
8 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
Hot Area:
Correct Answer:
QUESTION 8 DRAG DROP Select and Place:
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
9 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
Correct Answer:
QUESTION 9 What Cisco Security Agent Interceptor is in charge of intercepting all read/write requests to the rc files in UNIX? A. Configuration interceptor B. Network interceptor C. File system interceptor D. Execution space interceptor Correct Answer: A Configuration interceptor: Read/write requests to the Registry in Windows or to rc configuration files on UNIX are intercepted. This interception occurs because modification of the operating system configuration can have serious consequences. Therefore, Cisco Security Agent tightly controls read/write requests to the Registry.
QUESTION 10 With Cisco IOS zone-based policy firewall, by default, which three types of traffic are permitted by the router when some of the router interfaces are assigned to a zone? (Choose three.) A. traffic flowing between a zone member interface and any interface that is not a zone member
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
10 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
B. traffic flowing to and from the router interfaces (the self zone) C. traffic flowing among the interfaces that are members of the same zone D. traffic flowing among the interfaces that are not assigned to any zone E. traffic flowing between a zone member interface and another interface that belongs in a different zone F. traffic flowing to the zone member interface that is returned traffic Correct Answer: BCD http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml Rules For Applying Zone-Based Policy Firewall Router network interfaces\\' membership in zones is subject to several rules that govern interface behavior, as is the traffic moving between zone member interfaces: A zone must be configured before interfaces can be assigned to the zone. An interface can be assigned to only one security zone. All traffic to and from a given interface is implicitly blocked when the interface is assigned to a zone, except traffic to and from other interfaces in the same zone, and traffic to any interface on the router. Traffic is implicitly allowed to flow by default among interfaces that are members of the same zone. In order to permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone and any other zone. The self zone is the only exception to the default deny all policy. All traffic to any router interface is allowed until traffic is explicitly denied. Traffic cannot flow between a zone member interface and any interface that is not a zone member. Pass, inspect, and drop actions can only be applied between two zones. Interfaces that have not been assigned to a zone function as classical router ports and might still use classical stateful inspection/CBAC configuration. If it is required that an interface on the box not be part of the zoning/firewall policy. It might still be necessary to put that interface in a zone and configure a pass all policy (sort of a dummy policy) between that zone and any other zone to which traffic flow is desired. From the preceding it follows that, if traffic is to flow among all the interfaces in a router, all the interfaces must be part of the zoning model (each interface must be a member of one zone or another). The only exception to the preceding deny by default approach is the traffic to and from the router, which will be permitted by default. An explicit policy can be configured to restrict such traffic.
QUESTION 11 What are three features of IPsec tunnel mode? (Choose three.) A. IPsec tunnel mode supports multicast.
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
11 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
B. IPsec tunnel mode is used between gateways. C. IPsec tunnel mode is used between end stations. D. IPsec tunnel mode supports unicast traffic. E. IPsec tunnel mode encrypts only the payload. F. IPsec tunnel mode encrypts the entire packet. Correct Answer: BDF
QUESTION 12 Scenario: You are the security admin for a small company. This morning your manager has supplied you with a list of Cisco ISR and CCP configuration questions. Using CCP, your job is to navigate the pre-configured CCP in order to find answers to your business question.
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
12 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
Which policy is assigned to Zone Pair sdm-zip-OUT-IN? A. Sdm-cls-http B. OUT_SERVICE C. Ccp-policy-ccp-cls-1 D. Ccp-policy-ccp-cls-2 Correct Answer: D
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
13 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
QUESTION 13 Which option describes the purpose of Diffie-Hellman? A. used between the initiator and the responder to establish a basic security policy B. used to verify the identity of the peer C. used for asymmetric public key encryption D. used to establish a symmetric shared key via a public key exchange process Correct Answer: D http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/user/guide/IK E.html D-H Group Diffie-Hellman (D-H) Group. Diffie-Hellman is a public-key cryptography protocol that allows two routers to establish a shared secret over an unsecure communications channel. The options are as follows: ?group1 -- 768-bit D-H Group. D-H Group 1. ?group2 -- 1024-bit D-H Group. D-H Group 2. This group provides more security than group 1, but requires more processing time. ?group5 -- 1536-bit D-H Group. D-H Group 5. This group provides more security than group 2, but requires more processing time. Note ?If your router does not support group5, it will not appear in the list. ?Easy VPN servers do not support D-H Group 1.
640-554 VCE Dumps
640-554 Exam Questions
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
640-554 Braindumps
14 / 15
https://www.lead4pass.com/640-554.html 2019 Latest lead4pass 640-554 PDF and VCE dumps Download
To Read the Whole Q&As, please purchase the Complete Version from Our website.
Try our product ! 100% Guaranteed Success 100% Money Back Guarantee 365 Days Free Update Instant Download After Purchase 24x7 Customer Support Average 99.9% Success Rate More than 800,000 Satisfied Customers Worldwide Multi-Platform capabilities - Windows, Mac, Android, iPhone, iPod, iPad, Kindle
We provide exam PDF and VCE of Cisco, Microsoft, IBM, CompTIA, Oracle and other IT Certifications. You can view Vendor list of All Certification Exams offered: https://www.lead4pass.com/allproducts
Need Help Please provide as much detail as possible so we can best assist you. To update a previously submitted ticket:
Any charges made through this site will appear as Global Simulators Limited. All trademarks are the property of their respective owners. Copyright © lead4pass, All Rights Reserved.
640-554 VCE Dumps | 640-554 Exam Questions | 640-554 Braindumps
15 / 15...
Similar Free PDFs
Exam December 2019, answers
- 1 Pages
Popular Institutions
- Tinajero National High School - Annex
- Politeknik Caltex Riau
- Yokohama City University
- SGT University
- University of Al-Qadisiyah
- Divine Word College of Vigan
- Techniek College Rotterdam
- Universidade de Santiago
- Universiti Teknologi MARA Cawangan Johor Kampus Pasir Gudang
- Poltekkes Kemenkes Yogyakarta
- Baguio City National High School
- Colegio san marcos
- preparatoria uno
- Centro de Bachillerato Tecnológico Industrial y de Servicios No. 107
- Dalian Maritime University
- Quang Trung Secondary School
- Colegio Tecnológico en Informática
- Corporación Regional de Educación Superior
- Grupo CEDVA
- Dar Al Uloom University
- Centro de Estudios Preuniversitarios de la Universidad Nacional de Ingeniería
- 上智大学
- Aakash International School, Nuna Majara
- San Felipe Neri Catholic School
- Kang Chiao International School - New Taipei City
- Misamis Occidental National High School
- Institución Educativa Escuela Normal Juan Ladrilleros
- Kolehiyo ng Pantukan
- Batanes State College
- Instituto Continental
- Sekolah Menengah Kejuruan Kesehatan Kaltara (Tarakan)
- Colegio de La Inmaculada Concepcion - Cebu