New Updated Cisco CCNA Security 640-554 Real Exam Download 81-90



Which type of security control is defense in depth?


A.      threat mitigation

B.      risk analysis

C.      botnet mitigation

D.      overt and covert channels


Correct Answer: A




Which two options are two of the built-in features of IPv6? (Choose two.)


A.      VLSM

B.      native IPsec

C.      controlled broadcasts

D.      mobile IP

E.       NAT


Correct Answer: BD




Which option is a characteristic of the RADIUS protocol?


A.      uses TCP

B.      offers multiprotocol support

C.      combines authentication and authorization in one process

D.      supports bi-directional challenge


Correct Answer: C




Refer to the below. Which statement about this debug output is true?




A.      The requesting authentication request came from username GETUSER.

B.      The TACACS+ authentication request came from a valid user.

C.      The TACACS+ authentication request passed, but for some reason the user’s connection was

closed immediately.

D.      The initiating connection request was being spoofed by a different source address.


Correct Answer: B





Which type of Cisco IOS access control list is identified by 100 to 199 and 2000 to 2699?


A.      standard

B.      extended

C.      named

D.      IPv4 for 100 to 199 and IPv6 for 2000 to 2699


Correct Answer: B




Which priority is most important when you plan out access control lists?


A.      Build ACLs based upon your security policy.

B.      Always put the ACL closest to the source of origination.

C.      Place deny statements near the top of the ACL to prevent unwanted traffic from passing

through the router.

D.      Always test ACLs in a small, controlled production environment before you roll it out into the

larger production network.


Correct Answer: A




Which step is important to take when implementing secure network management?


A.      Implement in-band management whenever possible.

B.      Implement telnet for encrypted device management access.

C.      Implement SNMP with read/write access for troubleshooting purposes.

D.      Synchronize clocks on hosts and devices.

E.       Implement management plane protection using routing protocol authentication.


Correct Answer: D




Which statement best represents the characteristics of a VLAN?


A.      Ports in a VLAN will not share broadcasts amongst physically separate switches.

B.      A VLAN can only connect across a LAN within the same building.

C.      A VLAN is a logical broadcast domain that can span multiple physical LAN segments.

D.      A VLAN provides individual port security.

Correct Answer: C




Which Layer 2 protocol provides loop resolution by managing the physical paths to given network



A.      root guard

B.      port fast

C.      HSRP

D.      STP


Correct Answer: D




When STP mitigation features are configured, where should the root guard feature be deployed?


A.      toward ports that connect to switches that should not be the root bridge

B.      on all switch ports

C.      toward user-facing ports

D.      Root guard should be configured globally on the switch.


Correct Answer: A


Download Latest Complete collection of CCNA Security 640-554 Real Exam ,help you to pass exam 100%.

Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCNA Security Exams Questions and Answers


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.