Latest Cisco 640-554 IINS Real Exam Download 31-40

Ensurepass

QUESTION  31

Which two options are advantages of an application layer firewall? (Choose two.)

 

A.      provides high-performance filtering

B.      makes DoS attacks difficult

C.      supports a large number of applications

D.      authenticates devices

E.       authenticates individuals

 

Correct Answer: BE

 

QUESTION  32

Refer to the exhibit. Using a stateful packet firewall and given an inside ACL entry of permit ip 192.16.1.0 0.0.0.255 any, what would be the resulting dynamically configured ACL for the return traffic on the outside ACL?

 

clip_image002

 

A.      permit tcp host 172.16.16.10 eq 80 host 192.168.1.11 eq 2300

B.      permit ip 172.16.16.10 eq 80 192.168.1.0 0.0.0.255 eq 2300

C.      permit tcp any eq 80 host 192.168.1.11 eq 2300

D.      permit ip host 172.16.16.10 eq 80 host 192.168.1.0 0.0.0.255 eq 2300

 

Correct Answer: A

 

 

QUESTION  33

Which option is the resulting action in a zone-based policy firewall configuration with these conditions?

 

clip_image004

 

A.      no impact to zoning or policy

B.      no policy lookup (pass)

C.      drop

D.      apply default policy

 

Correct Answer: C

 

 

 

 

 

 

QUESTION  34

A Cisco ASA appliance has three interfaces configured. The first interface is the inside interface with a security level of 100. The second interface is the DMZ interface with a security level of 50. The third interface is the outside interface with a security level of 0. By default, without any access list configured, which five types of traffic are permitted? (Choose five.)

 

A.      outbound traffic initiated from the inside to the DMZ

B.      outbound traffic initiated from the DMZ to the outside

C.      outbound traffic initiated from the inside to the outside

D.      inbound traffic initiated from the outside to the DMZ

E.       inbound traffic initiated from the outside to the inside

F.       inbound traffic initiated from the DMZ to the inside

G.      HTTP return traffic originating from the inside network and returning via the outside interface

H.      HTTP return traffic originating from the inside network and returning via the DMZ interface

I.        HTTP return traffic originating from the DMZ network and returning via the inside interface

J.        HTTP return traffic originating from the outside network and returning via the inside interface

 

Correct Answer: ABCGH

 

 

QUESTION  35

Which two protocols enable Cisco Configuration Professional to pull IPS alerts from a Cisco ISR router? (Choose two.)

 

A.      syslog

B.      SDEE

C.      FTP

D.      TFTP

E.       SSH

F.       HTTPS

 

Correct Answer: AB

 

 

QUESTION  36

Which two functions are required for IPsec operation? (Choose two.)

 

A.      using SHA for encryption

B.      using PKI for pre-shared key authentication

C.      using IKE to negotiate the SA

D.      using AH protocols for encryption and authentication

E.       using Diffie-Hellman to establish a shared-secret key

 

Correct Answer: CE

 

 

QUESTION  37

On Cisco ISR routers, for what purpose is the realm-cisco.pub public encryption key used?

 

A.      used for SSH server/client authentication and encryption

B.      used to verify the digital signature of the IPS signature file

C.      used to generate a persistent self-signed identity certificate for the ISR so administrators can authenticate the ISR when accessing it using Cisco Configuration Professional

D.      used to enable asymmetric encryption on IPsec and SSL VPNs

E.       used during the DH exchanges on IPsec VPNs

 

Correct Answer: B

 

 

QUESTION  38

Which four tasks are required when you configure Cisco IOS IPS using the Cisco Configuration Professional IPS wizard? (Choose four.)

 

A.      Select the interface(s) to apply the IPS rule.

B.      Select the traffic flow direction that should be applied by the IPS rule.

C.      Add or remove IPS alerts actions based on the risk rating.

D.      Specify the signature file and the Cisco public key.

E.       Select the IPS bypass mode (fail-open or fail-close).

F.       Specify the configuration location and select the category of signatures to be applied to the selected interface(s).

 

Correct Answer: ABDF

 

 

QUESTION  39

Which statement is a benefit of using Cisco IOS IPS?

 

A.      It uses the underlying routing infrastructure to provide an additional layer of security.

B.      It works in passive mode so as not to impact traffic flow.

C.      It supports the complete signature database as a Cisco IPS sensor appliance.

D.      The signature database is tied closely with the Cisco IOS image.

 

Correct Answer: A

 

QUESTION  40

You are the security administrator for a large enterprise network with many remote locations. You have been given the assignment to deploy a Cisco IPS solution. Where in the network would be the best place to deploy Cisco IOS IPS?

 

A.      inside the firewall of the corporate headquarters Internet connection

B.      at the entry point into the data center

C.      outside the firewall of the corporate headquarters Internet connection

D.      at remote branch offices

 

Correct Answer: D

 

 



Download Latest Cisco 640-554 IINS Real Free Tests , help you to pass exam 100%.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.