[Free] Download New Updated (December) Cisco 640-554 Exam Questions 31-40

By | December 12, 2015

Ensurepass

QUESTION 31

Scenario:

You are the security admin for a small company. This morning your manager has supplied you with a list of Cisco ISR and CCP configuration questions. Using CCP, your job is to navigate the pre-configured CCP in order to find answers to your business question. Which policy is assigned to Zone Pair sdm-zip-OUT-IN?

 

clip_image002

 

A.

Sdm-cls-http

B.

OUT_SERVICE

C.

Ccp-policy-ccp-cls-1

D.

Ccp-policy-ccp-cls-2

 

Correct Answer: D

Explanation:

clip_image004

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 32

Scenario:

You are the security admin for a small company. This morning your manager has supplied you with a list of Cisco ISR and CCP configuration questions. Using CCP, your job is to navigate the pre-configured CCP in order to find answers to your business question. What is included in the Network Object Group INSIDE? (Choose two)

 

clip_image006

 

A.

Network 192.168.1.0/24

B.

Network 175.25.133.0/24

C.

Network 10.0.10.0/24

D.

Network 10.0.0.0/8

E.

Network 192.168.1.0/8

 

Correct Answer: BC

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 33

clip_image008

clip_image010

clip_image012

 

Correct Answer:

For the NTP portion:

Click on Router – Time – NTP and SNTP on left hand pane.

Then click t
he Add button. Enter the Server IP address and source interface and key information as specified. Also be sure to click the Prefer button.

For the access rule portion:

Click on Router – ACL – ACL Editor. Click Add button. Then enter Inbound for the name and make sure rule is extended. Then click Add at the rule entry. Then ensure that permit is selected and that source and destination boxes both say Any IP Address (They should already).

Under Protocol and Service select EIGRP. Hit OK.

Then click add button again. Leave the source as any and click the destination box as “A network” and type in 10.0.2.0 and select the wildcard mask as 0.0.0.255. Click on the TCP protocol button and select “www” Hit OK.

Finally, click on edit for this rule and click on the Associate button. Select the outside interface and select the inbound direction.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

QUESTION 34

HOTSPOT

clip_image014

clip_image016

clip_image018

clip_image020

 

Correct Answer:

clip_image022

 

 

QUESTION 35

HOTSPOT

clip_image023

clip_image024 clip_image025

clip_image027

 

Correct Answer:

clip_image029

 

Explanation:

http, https, smtp, icmp

Click on Router – Security – C3PL – Class Map – Inspection. Then select the OUT_SERVICE map and see the four protocols listed.

 

 

QUESTION 36

HOTSPOT

clip_image030

clip_image031

clip_image032

clip_image034

 

Correct Answer:

clip_image036

 

 

QUESTION 37

HOTSPOT

clip_image037

clip_image038

clip_image032[1]

clip_image040

 

Correct Answer:

clip_image042

QUESTION 38

HOTSPOT

clip_image043

clip_image044

clip_image045

clip_image047

 

Correct Answer:

clip_image049

 

 

 

 

 

QUESTION 39

DRAG DROP

clip_image051

 

Correct Answer:

clip_image053

 

 

QUESTION 40

Which Cisco IOS command is used to verify that either the Cisco IOS image, the configuration files, or both have been properly backed up and secured?

 

A.

show archive

B.

show secure bootset

C.

show flash

D.

show file systems

E.

dir

F.

dir archive

 

Correct Answer: B

Explanation:

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_resil_config_ps6922_TSD_Products_Configuration_Guide_Chapter.html

 

Restrictions for Cisco IOS Resilient Configuration

This feature is available only on platforms that support a Personal Computer Memory Card International Association (PCMCIA) Advanced Technology Attachment (ATA) disk. There must be enough space on the storage device to accommodate at least one Cisco IOS image (two for upgrades) and a copy of the running configuration. IOS Files System (IFS) support for secure file systems is also needed by the software.

It may be possible to force removal of secured files using an older version of Cisco IOS software that does not contain file system support for hidden files.

This feature can be disabled only by using a console connection to the router. With the exception of the upgrade scenario, feature activation does not require console access.

You cannot secure a bootset with an image loaded from the network. The running image must be loaded from persistent storage to be secured as primary.

Secured files will not appear on the output of a dir command issued from an executive shell because the IFS prevents secure files in a directory from being listed. ROM monitor (ROMMON) mode does not have any such restriction and can be used to list and boot secured files. The running image and running configuration archives will not be visible in the Cisco IOS dir command output. Instead, use the show secure bootset command to verify archive existence.

 

Free VCE & PDF File for Cisco 640-554 Exam Questions

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …