Latest Cisco 640-554 IINS Real Exam Download 21-30

Ensurepass

QUESTION  21

Which router management feature provides for the ability to configure multiple administrative views?

 

A.      role-based CLI

B.      virtual routing and forwarding

C.      secure config privilege {level}

D.      parser view view name

 

Correct Answer: A

 

 

 

 

QUESTION  22

You suspect that an attacker in your network has configured a rogue Layer 2 device to intercept traffic from multiple VLANs, which allows the attacker to capture potentially sensitive data. Which two methods will help to mitigate this type of activity? (Choose two.)

 

A.      Turn off all trunk ports and manually configure each VLAN as required on each port.

B.      Place unused active ports in an unused VLAN.

C.      Secure the native VLAN, VLAN 1, with encryption.

D.      Set the native VLAN on the trunk ports to an unused VLAN.

E.       Disable DTP on ports that require trunking.

 

Correct Answer: DE

 

 

QUESTION  23

Which statement describes a best practice when configuring trunking on a switch port?

 

A.      Disable double tagging by enabling DTP on the trunk port.

B.      Enable encryption on the trunk port.

C.      Enable authentication and encryption on the trunk port.

D.      Limit the allowed VLAN(s) on the trunk to the native VLAN only.

E.       Configure an unused VLAN as the native VLAN.

 

Correct Answer: E

 

 

QUESTION  24

Which type of Layer 2 attack causes a switch to flood all incoming traffic to all ports?

 

A.      MAC spoofing attack

B.      CAM overflow attack

C.      VLAN hopping attack

D.      STP attack

 

Correct Answer: B

 

 

QUESTION  25

What is the best way to prevent a VLAN hopping attack?

 

A.      Encapsulate trunk ports with IEEE 802.1Q.

B.      Physically secure data closets.

C.      Disable DTP negotiations.

D.      Enable BDPU guard.

 

Correct Answer: C

 

 

QUESTION  26

Which statement about PVLAN Edge is true?

 

A.      PVLAN Edge can be configured to restrict the number of MAC addresses that appear on a single port.

B.      The switch does not forward any traffic from one protected port to any other protected port.

C.      By default, when a port policy error occurs, the switchport shuts down.

D.      The switch only forwards traffic to ports within the same VLAN Edge.

 

Correct Answer: B

 

 

QUESTION  27

If you are implementing VLAN trunking, which additional configuration parameter should be added to the trunking configuration?

 

A.      no switchport mode access

B.      no switchport trunk native VLAN 1

C.      switchport mode DTP

D.      switchport nonnegotiate

 

Correct Answer: D

 

 

QUESTION  28

When Cisco IOS zone-based policy firewall is configured, which three actions can be applied to a traffic class? (Choose three.)

 

A.      pass

B.      police

C.      inspect

D.      drop

E.       queue

F.       shape

 

Correct Answer: ACD

 

 

QUESTION  29

With Cisco IOS zone-based policy firewall, by default, which three types of traffic are permitted by the router when some of the router interfaces are assigned to a zone? (Choose three.)

 

A.      traffic flowing between a zone member interface and any interface that is not a zone member

B.      traffic flowing to and from the router interfaces (the self zone)

C.      traffic flowing among the interfaces that are members of the same zone

D.      traffic flowing among the interfaces that are not assigned to any zone

E.       traffic flowing between a zone member interface and another interface that belongs in a different zone

F.       traffic flowing to the zone member interface that is returned traffic

 

Correct Answer: BCD

 

 

QUESTION  30

Which option is a key difference between Cisco IOS interface ACL configurations and Cisco ASA appliance interface ACL configurations?

 

A.      The Cisco IOS interface ACL has an implicit permit-all rule at the end of each interface ACL.

B.      Cisco IOS supports interface ACL and also global ACL. Global ACL is applied to all interfaces.

C.      The Cisco ASA appliance interface ACL configurations use netmasks instead of wildcard masks.

D.      The Cisco ASA appliance interface ACL also applies to traffic directed to the IP addresses of the Cisco ASA appliance interfaces.

E.       The Cisco ASA appliance does not support standard ACL. The Cisco ASA appliance only support extended ACL.

 

Correct Answer: C

 

 




Download Latest Cisco 640-554 IINS Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.