New Updated Cisco CCNA Security 640-554 Real Exam Download 71-80

Ensurepass

QUESTION 71

Which Cisco IPS product offers an inline, deep-packet inspection feature that is available in

integrated services routers?

 

A.      Cisco iSDM

B.      Cisco AIM

C.      Cisco IOS IPS

D.      Cisco AIP-SSM

 

Correct Answer: C

 

 

QUESTION 72

Which three modes of access can be delivered by SSL VPN? (Choose three.)

 

A.      full tunnel client

B.      IPsec SSL

C.      TLS transport mode

D.      thin client

E.       clientless

F.       TLS tunnel mode

 

Correct Answer: ADE

 

 

QUESTION 73

During role-based CLI configuration, what must be enabled before any user views can be created?

 

A.      multiple privilege levels

B.      usernames and passwords

C.      aaa new-model command

D.      secret password for the root user

E.       HTTP and/or HTTPS server

F.       TACACS server group

 

Correct Answer: C

 

 

QUESTION 74

Which three statements about applying access control lists to a Cisco router are true?

(Choose three.)

 

A.      Place more specific ACL entries at the top of the ACL.

B.      Place generic ACL entries at the top of the ACL to filter general traffic and thereby reduce

“noise” on the network.

C.      ACLs always search for the most specific entry before taking any filtering action.

D.      Router-generated packets cannot be filtered by ACLs on the router.

E.       If an access list is applied but it is not configured, all traffic passes.

 

Correct Answer: ADE

 

 

QUESTION 75

When port security is enabled on a Cisco Catalyst switch, what is the default action when the

configured maximum number of allowed MAC addresses value is exceeded?

 

A.      The port remains enabled, but bandwidth is throttled until old MAC addresses are aged out.

B.      The port is shut down.

C.      The MAC address table is cleared and the new MAC address is entered into the table.

D.      The violation mode of the port is set to restrict.

 

Correct Answer: B

 

 

QUESTION 76

Which three statements about the Cisco ASA appliance are true? (Choose three.)

 

A.      The DMZ interface(s) on the Cisco ASA appliance most typically use a security level between

1 and 99.

B.      The Cisco ASA appliance supports Active/Active or Active/Standby failover.

C.      The Cisco ASA appliance has no default MPF configurations.

D.      The Cisco ASA appliance uses security contexts to virtually partition the ASA into multiple

virtual firewalls.

E.       The Cisco ASA appliance supports user-based access control using 802.1x.

F.       An SSM is required on the Cisco ASA appliance to support Botnet Traffic Filtering.

 

Correct Answer: ABD

 

 

QUESTION 77

Refer to the exhibit. This Cisco IOS access list has been configured on the FA0/0 interface in the

inbound direction. Which four TCP packets sourced from 10.1.1.1 port 1030 and routed to the

FA0/0 interface are permitted? (Choose four.)

 

clip_image002

clip_image004

 

A.      destination ip address: 192.168.15.37 destination port: 22

B.      destination ip address: 192.168.15.80 destination port: 23

C.      destination ip address: 192.168.15.66 destination port: 8080

D.      destination ip address: 192.168.15.36 destination port: 80

E.       destination ip address: 192.168.15.63 destination port: 80

F.       destination ip address: 192.168.15.40 destination port: 21

 

Correct Answer: BCDE

 

 

QUESTION 78

You use Cisco Configuration Professional to enable Cisco IOS IPS. Which state must a signature be

in before any actions can be taken when an attack matches that signature?

 

A.      enabled

B.      unretired

C.      successfully complied

D.      successfully complied and unretired

E.       successfully complied and enabled

F.       unretired and enabled

G.      enabled, unretired, and successfully complied

 

Correct Answer: G

 

 

QUESTION 79

Refer to the exhibit. Which three statements about these three show outputs are true?

(Choose three.)

 

clip_image006

 

A.      Traffic matched by ACL 110 is encrypted.

B.      The IPsec transform set uses SHA for data confidentiality.

C.      The crypto map shown is for an IPsec site-to-site VPN tunnel.

D.      The default ISAKMP policy uses a digital certificate to authenticate the IPsec peer.

E.       The IPsec transform set specifies the use of GRE over IPsec tunnel mode.

F.       The default ISAKMP policy has higher priority than the other two ISAKMP policies with a

priority of 1 and 2.

 

Correct Answer: ACD

 

 

 

QUESTION 80

Which statement describes how the sender of the message is verified when asymmetric

encryption is used?

 

A.      The sender encrypts the message using the sender’s public key, and the receiver decrypts the

message using the sender’s private key.

B.      The sender encrypts the message using the sender’s private key, and the receiver decrypts

the message using the sender’s public key.

C.      The sender encrypts the message using the receiver’s public key, and the receiver decrypts

the message using the receiver’s private key.

D.      The sender encrypts the message using the receiver’s private key, and the receiver decrypts

the message using the receiver’s public key.

E.       The sender encrypts the message using the receiver’s public key, and the receiver decrypts

the message using the sender’s public key.

 

Correct Answer: C

 

Download Latest Complete collection of CCNA Security 640-554 Real Exam ,help you to pass exam 100%.

Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCNA Security Exams Questions and Answers

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.