Download New Updated (Spring 2015) Cisco 640-554 Actual Tests 21-30

By | April 27, 2015




Which router management feature provides for the ability to configure multiple administrative



A.      role-based CLI

B.      virtual routing and forwarding

C.      secure config privilege {level}

D.      parser view view name


Correct Answer: A




You suspect that an attacker in your network has configured a rogue Layer 2 device to intercept

traffic from multiple VLANs, which allows the attacker to capture potentially sensitive data.

Which two methods will help to mitigate this type of activity? (Choose two.)


A.      Turn off all trunk ports and manually c
onfigure each VLAN as required on each port.

B.      Place unused active ports in an unused VLAN.

C.      Secure the native VLAN, VLAN 1, with encryption.

D.      Set the native VLAN on the trunk ports to an unused VLAN.

E.       Disable DTP on ports that require trunking.


Correct Answer: DE




Which statement describes a best practice when configuring trunking on a switch port?


A.      Disable double tagging by enabling DTP on the trunk port.

B.      Enable encryption on the trunk port.

C.      Enable authentication and encryption on the trunk port.

D.      Limit the allowed VLAN(s) on the trunk to the native VLAN only.

E.       Configure an unused VLAN as the native VLAN.


Correct Answer: E




Which type of Layer 2 attack causes a switch to flood all incoming traffic to all ports?


A.      MAC spoofing attack

B.      CAM overflow attack

C.      VLAN hopping attack

D.      STP attack


Correct Answer: B




What is the best way to prevent a VLAN hopping attack?


A.      Encapsulate trunk ports with IEEE 802.1Q.

B.      Physically secure data closets.

C.      Disable DTP negotiations.

D.      Enable BDPU guard.


Correct Answer: C





Which statement about PVLAN Edge is true?


A.      PVLAN Edge can be configured to restrict the number of MAC addresses that appear on a

single port.

B.      The switch does not forward any traffic from one protected port to any other protected port.

C.      By default, when a port policy error occurs, the switchport shuts down.

D.      The switch only forwards traffic to ports within the same VLAN Edge.


Correct Answer: B




If you are implementing VLAN trunking, which additional configuration parameter should be

added to the trunking configuration?


A.      no switchport mode access

B.      no switchport trunk native VLAN 1

C.      switchport mode DTP

D.      switchport nonnegotiate


Correct Answer: D




When Cisco IOS zone-based policy firewall is configured, which three actions can be applied to a

traffic class? (Choose three.)


A.      pass

B.      police

C.      inspect

D.      drop

E.       queue

F.       shape


Correct Answer: ACD




With Cisco IOS zone-based policy firewall, by default, which three types of traffic are permitted

by the router when some of the router interfaces are assigned to a zone? (Choose three.)


A.      traffic flowing between a zone member interface and any interface that is not a zone


B.      traffic flowing to and from the router interfaces (the self zone)

C.      traffic flowing among the interfaces that are members of the same zone

D.      traffic flowing among the interfaces that are not assigned to any zone

E.       traffic flowing between a zone member interface and another interface that belongs in a

different zone

F.       traffic flowing to the zone member interface that is returned traffic


Correct Answer: BCD




Which option is a key difference between Cisco IOS interface ACL configurations and Cisco ASA

appliance interface ACL configurations?


A.      The Cisco IOS interface ACL has an implicit permit-all rule at the end of each interface ACL.

B.      Cisco IOS supports interface ACL and also global ACL. Global ACL is applied to all interfaces.

C.      The Cisco ASA appliance interface ACL configurations use netmasks instead of wildcard


D.      The Cisco ASA appliance interface ACL also applies to traffic directed to the IP addresses of

the Cisco ASA appliance interfaces.

E.       The Cisco ASA appliance does not support standard ACL. The Cisco ASA appliance only

support extended ACL.


Correct Answer: C


Free VCE & PDF File for Cisco 640-554 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …