Latest Cisco 640-554 IINS Real Exam Download 51-60

Ensurepass

QUESTION  51

Which two options are characteristics of the Cisco Configuration Professional Security Audit wizard? (Choose two.)

 

A.      displays a screen with fix-it check boxes to let you choose which potential security-related configuration changes to implement

B.      has two modes of operation: interactive and non-interactive

C.      automatically enables Cisco IOS firewall and Cisco IOS IPS to secure the router

D.      uses interactive dialogs and prompts to implement role-based CLI

E.       requires users to first identify which router interfaces connect to the inside network and which connect to the outside network

 

Correct Answer: AE

 

 

QUESTION  52

Which statement describes a result of securing the Cisco IOS image using the Cisco IOS image resilience feature?

 

A.      The show version command does not show the Cisco IOS image file location.

B.      The Cisco IOS image file is not visible in the output from the show flash command.

C.      When the router boots up, the Cisco IOS image is loaded from a secured FTP location.

D.      The running Cisco IOS image is encrypted and then automatically backed up to the NVRAM.

E.       The running Cisco IOS image is encrypted and then automatically backed up to a TFTP server.

 

Correct Answer: B

 

 

QUESTION  53

Which aaa accounting command is used to enable logging of the start and stop records for user terminal sessions on the router?

 

A.      aaa accounting network start-stop tacacs+

B.      aaa accounting system start-stop tacacs+

C.      aaa accounting exec start-stop tacacs+

D.      aaa accounting connection start-stop tacacs+

E.       aaa accounting commands 15 start-stop tacacs+

 

Correct Answer: C

 

 

QUESTION  54

Which access list permits HTTP traffic sourced from host 10.1.129.100 port 3030 destined to host 192.168.1.10?

 

A.      access-list 101 permit tcp any eq 3030

B.      access-list 101 permit tcp 10.1.128.0 0.0.1 .255 eq 3030 192.1 68.1 .0 0.0.0.15 eq www

C.      access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.1.10 0.0.0.0 eq www

D.      access-list 101 permit tcp host 192.1 68.1 .10 eq 80 10.1.0.0 0.0.255.255 eq 3030

E.       access-list 101 permit tcp 192.168.1.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255

F.       access-list 101 permit ip host 10.1.129.100 eq 3030 host 192.168.1.10 eq 80

 

Correct Answer: B

 

 

QUESTION  55

Which location is recommended for extended or extended named ACLs?

 

A.      an intermediate location to filter as much traffic as possible

B.      a location as close to the destination traffic as possible

C.      when using the established keyword, a location close to the destination point to ensure that return traffic is allowed

D.      a location as close to the source traffic as possible

 

Correct Answer: D

 

 

QUESTION  56

Which statement about asymmetric encryption algorithms is true?

 

A.      They use the same key for encryption and decryption of data.

B.      They use the same key for decryption but different keys for encryption of data.

C.      They use different keys for encryption and decryption of data.

D.      They use different keys for decryption but the same key for encryption of data.

 

Correct Answer: C

 

 

QUESTION  57

Which option can be used to authenticate the IPsec peers during IKE Phase 1?

 

A.      Diffie-Hellman Nonce

B.      pre-shared key

C.      XAUTH

D.      integrity check value

E.       ACS

F.       AH

 

Correct Answer: B

 

 

QUESTION  58

Which single Cisco IOS ACL entry permits IP addresses from 172.16.80.0 to 172.16.87.255?

 

A.      permit 172.16.80.0 0.0.3.255

B.      permit 172.16.80.0 0.0.7.255

C.      permit 172.16.80.0 0.0.248.255

D.      permit 176.16.80.0 255.255.252.0

E.       permit 172.16.80.0 255.255.248.0

F.       permit 172.16.80.0 255.255.240.0

 

Correct Answer: B

 

 

 

QUESTION  59

You want to use the Cisco Configuration Professional site-to-site VPN wizard to implement a site-to-site IPsec VPN using pre-shared key. Which four configurations are required (with no defaults)? (Choose four.)

 

A.      the interface for the VPN connection

B.      the VPN peer IP address

C.      the IPsec transform-set

D.      the IKE policy

E.       the interesting traffic (the traffic to be protected)

F.       the pre-shared key

 

Correct Answer: ABEF

 

 

QUESTION  60

Which two options represent a threat to the physical installation of an enterprise network? (Choose two.)

 

A.      surveillance camera

B.      security guards

C.      electrical power

D.      computer room access

E.       change control

 

Correct Answer: CD

 

 




Download Latest Cisco 640-554 IINS Real Free Tests , help you to pass exam 100%.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.