[Free] Download New Updated (December) Cisco 640-554 Exam Questions 201-210

By | December 12, 2015

Ensurepass

QUESTION 201

Which statement about ACL operations is true?

 

A.

The access list is evaluated in its entirety.

B.

The access list is evaluated one access-control entry at a time.

C.

The access list is evaluated by the most specific entry.

D.

The default explicit deny at the end of an access list causes all packets to be dropped.

 

Correct Answer: B

 

 

QUESTION 202

Which three statements about access lists are true? (Choose three.)

 

A.

Extended access lists should be placed as near as possible to the destination.

B.

Extended access lists should be placed as near as possible to the source.

C.

Standard access lists should be placed as near as possible to the destination.

D.

Standard access lists should be placed as near as possible to the source.

E.

Standard access lists filter on the source address.

F.

Standard access lists filter on the destination address.

 

Correct Answer: BCE

 

 

QUESTION 203

Which command configures a device to actively watch connection requests and provide immediate protection from DDoS attacks?

 

A.

router(config)# ip tcp intercept mode intercept

B.

router(config)# ip tcp intercept mode watch

C.

router(config)# ip tcp intercept max-incomplete high 100

D.

router(config)# ip tcp intercept drop-mode random

 

Correct Answer: A

 

 

QUESTION 204

Which command will block external spoofed addresses?

 

A.

access-list 128 deny ip 10.0.0.0 0.0.255.255 any

B.

access-list 128 deny ip 192.168.0.0 0.0.0.255 any

C.

access-list 128 deny ip 10.0.0.0 0.255.255.255 any

D.

access-list 128 deny ip 192.168.0.0 0.0.31.255 any

 

Correct Answer: C

 

 

QUESTION 205

Which two countermeasures can mitigate ARP spoofing attacks? (Choose two.)

 

A.

port security

B.

DHCP snooping

C.

IP source guard

D.

dynamic ARP inspection

 

Correct Answer: BD

 

 

QUESTION 206

What is the Cisco preferred countermeasure to mitigate CAM overflows?

 

A.

port security

B.

dynamic port security

C.

IP source guard

D.

root guard

 

Correct Answer: B

 

 

QUESTION 207

What is the most common Cisco Discovery Protocol version 1 attack?

 

A.

denial of service

B.

MAC-address spoofing

C.

CAM-table overflow

D.

VLAN hopping

 

Correct Answer: A

 

 

QUESTION 208

Which option describes a function of a virtual VLAN?

 

A.

A virtual VLAN creates a logically partitioned LAN to place switch ports in a separate broadcast domain.< /font>

B.

A virtual VLAN creates trunks and links two switches together.

C.

A virtual VLAN adds every port on a switch to its own collision domain.

D.

A virtual VLAN connects many hubs together.

 

Correct Answer: A

 

 

QUESTION 209

Which action can you take to add bandwidth to a trunk between two switches and end up with only one logical interface?

 

A.

Configure another trunk link.

B.

Configure EtherChannel.

C.

Configure an access port.

D.

Connect a hub between the two switches.

 

Correct Answer: B

 

 

QUESTION 210

If the native VLAN on a trunk is different on each end of the link, what is a potential consequence?

 

A.

The interface on both switches may shut down.

B.

STP loops may occur.

C.

The switch with the higher native VLAN may shut down.

D.

The interface with the lower native VLAN may shut down.

 

Correct Answer: B

 

Free VCE & PDF File for Cisco 640-554 Exam Questions

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …