New Updated Cisco CCNA Security 640-554 Real Exam Download 171-180

EnsurepassQUESTION 171 Which two statements about IPv6 access lists are true? (Choose two).   A.      IPv6 access lists support numbered access lists. B.      IPv6 access lists support wildcard masks. C.      IPv6 access lists support standard access lists. D.      IPv6 access lists support named access lists. E.       IPv6 access lists support extended access lists. Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 161-170

EnsurepassQUESTION 161 Which three applications comprise Cisco Security Manager? (Choose three.)   A.      Configuration Manager B.      Packet Tracer C.      Device Manager D.      Event Viewer E.       Report Manager F.       Syslog Monitor   Correct Answer: ADE     QUESTION 162 When a network transitions from IPv4 to Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 151-160

EnsurepassQUESTION 151 In a brute-force attack, what percentage of the keyspace must an attacker generally search through until he or she finds the key that decrypts the data?   A.      Roughly 50 percent B.      Roughly 66 percent C.      Roughly 75 percent D.      Roughly 10 percent   Correct Answer: A     QUESTION 152 Which three items are Cisco best-practice recommendations Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 141-150

EnsurepassQUESTION 141 With Cisco IOS Zone-Based Policy Firewall, where is the inspection policy applied?   A.      to the zone B.      to the zone-pair C.      to the interface D.      to the global service policy   Correct Answer: B     QUESTION 142 Which statement is true about configuring access control lists to control Telnet traffic destined to the router itself?   A.      Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 131-140

EnsurepassQUESTION 131 Refer to the exhibit. Which statement is correct based on the show login command output shown?     A.      When the router goes into quiet mode, any host is permitted to access the router via Telnet, SSH, and HTTP, since the quiet-mode access list has not been configured. B.      The login block-for command is configured to block login hosts for 93 seconds. C.      All logins from any sources Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 121-130

EnsurepassQUESTION 121 DRAG DROP   Correct Answer:     QUESTION 122 DRAG DROP   Correct Answer:     QUESTION 123 DRAG DROP   Correct Answer:     QUESTION 124 DRAG DROP   Correct Answer:     QUESTION 125 DRAG DROP   Correct Answer:     QUESTION 126 Which statement is true when you have generated RSA keys on your Cisco router to prepare for secure device management?   A.      You must Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 111-120

EnsurepassQUESTION 111 Scenario: You are the security admin for a small company. This morning your manager has supplied you with a list of Cisco ISR and CCP configuration questions. Using CCP, your job is to navigate the pre-configured CCP in order to find answers to your business question. What is included in the Network Object Group INSIDE? (Choose two)     A.      Network 192.168.1.0/24 B.      Network 175.25.133.0/24 C.      Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 101-110

EnsurepassQUESTION 101 DRAG DROP Refer to the exhibit. Drag the port(s) from the left and drop them on the correct STP roles on the right. Not all options on the left are used.     Correct Answer:     QUESTION 102 DRAG DROP   Correct Answer:     QUESTION 103 DRAG DROP   Correct Answer:     QUESTION 104 DRAG DROP   Correct Answer:       QUESTION 105 DRAG DROP   Correct Answer:     QUESTION 106 Correct Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 91-100

EnsurepassQUESTION 91 Which option is a characteristic of a stateful firewall?   A.      can analyze traffic at the application layer B.      allows modification of security rule sets in real time to allow return traffic C.      will allow outbound communication, but return traffic must be explicitly permitted D.      supports user authentication   Correct Answer: B     QUESTION Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 81-90

EnsurepassQUESTION 81 Which type of security control is defense in depth?   A.      threat mitigation B.      risk analysis C.      botnet mitigation D.      overt and covert channels   Correct Answer: A     QUESTION 82 Which two options are two of the built-in features of IPv6? (Choose two.)   A.      VLSM B.      native IPsec Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 71-80

EnsurepassQUESTION 71 Which Cisco IPS product offers an inline, deep-packet inspection feature that is available in integrated services routers?   A.      Cisco iSDM B.      Cisco AIM C.      Cisco IOS IPS D.      Cisco AIP-SSM   Correct Answer: C     QUESTION 72 Which three modes of access can be delivered by SSL VPN? (Choose three.)   A.      full Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 61-70

EnsurepassQUESTION 61 Which option represents a step that should be taken when a security policy is developed?   A.      Perform penetration testing. B.      Determine device risk scores. C.      Implement a security monitoring system. D.      Perform quantitative risk analysis.   Correct Answer: D     QUESTION 62 Which type of network masking is used when Cisco IOS access control Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 51-60

EnsurepassQUESTION 51 Which two options are characteristics of the Cisco Configuration Professional Security Audit wizard? (Choose two.)   A.      displays a screen with fix-it check boxes to let you choose which potential security-related configuration changes to implement B.      has two modes of operation: interactive and non-interactive C.      automatically enables Cisco IOS firewall and Cisco IOS IPS to secure the Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 41-50

EnsurepassQUESTION 41 Which IPS technique commonly is used to improve accuracy and context awareness, aiming to detect and respond to relevant incidents only and therefore, reduce noise?   A.      attack relevancy B.      target asset value C.      signature accuracy D.      risk rating   Correct Answer: D     QUESTION 42 Which two statements about SSL-based VPNs are true? (Choose Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 31-40

EnsurepassQUESTION 31 Which two options are advantages of an application layer firewall? (Choose two.)   A.      provides high-performance filtering B.      makes DoS attacks difficult C.      supports a large number of applications D.      authenticates devices E.       authenticates individuals   Correct Answer: BE     QUESTION 32 Refer to the exhibit. Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 21-30

EnsurepassQUESTION 21 Which router management feature provides for the ability to configure multiple administrative views?   A.      role-based CLI B.      virtual routing and forwarding C.      secure config privilege {level} D.      parser view view name   Correct Answer: A     QUESTION 22 You suspect that an attacker in your network has configured a rogue Layer 2 device to intercept Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 11-20

EnsurepassQUESTION 11 Which two characteristics of the TACACS+ protocol are true? (Choose two.)   A.      uses UDP ports 1645 or 1812 B.      separates AAA functions C.      encrypts the body of every packet D.      offers extensive accounting capabilities E.       is an open RFC standard protocol   Correct Answer: BC     QUESTION 12 Refer to the exhibit. Read more [...]

New Updated Cisco CCNA Security 640-554 Real Exam Download 1-10

EnsurepassQUESTION 1 Which two features are supported by Cisco IronPort Security Gateway? (Choose two.)   A.      spam protection B.      outbreak intelligence C.      HTTP and HTTPS scanning D.      email encryption E.       DDoS protection   Correct Answer: AD     QUESTION 2 Which option is a feature of Cisco ScanSafe technology?   A.      Read more [...]