Cisco 640-553 IINS Implementing Cisco IOS Network Security 151-155

Ensurepass QUESTION dd1 Which statement best describes the relationships between AAA function and TACACS+, RADIUS based on the exhibit shown? A. TACACS+ - PG1 and PG3 RADIUS - PG2 and PG4 B. TACACS+ - PG2 and PG4 RADIUS - PG1 and PG3 C. TACACS+ - PG1 and PG4 RADIUS - PG2 and PG3 D. TACACS+ - PG2 and PG3 RADIUS - PG1 and PG4 Answer: B Section: IOS Security Explanation/Reference: QUESTION 152 Which item is the correct matching relationships associated with IKE Phase? A. IKE Phase 1 - PG1 and Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 146-150

Ensurepass QUESTION dd6 LAB You are the passguide network security administrator for Big Money BankCo. You are informed that an attacker has performed a CAM table overflow attack by sending spoofed MAC addresses on one of the switch ports. The attacker has since been identified and escorted out of the campus. You now need to take action to configure the swtich port to protect against this kind of attack in the future. For purposes of this test, the attacker was connected via a hub to the Fa0/12 Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 11-15

Ensurepass QUESTION 11 Which is the main difference between host-based and network-based intrusion prevention? A. Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows. B. Host-based IPS can work in promiscuous mode or inline mode. C. Network-based IPS can provide protection to desktops and servers without the need of installing specialized software on the end hosts and servers. D. Host-based IPS deployment requires less planning than network-based IPS. Answer: Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 141-145

Ensurepass QUESTION dd1 Drag & Drop Answer: Section: Drag and Drop Explanation/Reference: QUESTION 142 Scenario: Next Gen University main campus is located in Santa Cruz. The University has recently establisheci various remote campuses offening -lerning services. The UnverIty is using IPec VPN connectivity between its main and remote campus Phoenix (PHX), Newadla (ND). Sacremento (SAC). As a recent addition to The IT/Networking team. You have beeni tasked to document the IPsec VPN configurations Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 135-140

Ensurepass QUESTION dd6 On the basis ofthe Cisco 10S Zone-Based Policy Firewallby defaultwhich three types of traffic are permitted by the router when some interfaces of the routers are assigned to a zone? Drag three proper characterizations on the above to the list on the below traflic nOwi l1g to tbc zon e mem bcr i l1terface t hat is rct urn cd trllfl?c traffic nowing among the interfaces thM are memhers of t'he same zone traffic f10wing among thc intcrfaccs thM arc not assign cd to uny :wn Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 131-135

Ensurepass QUESTION dd1 What method does 3DES use to encrypt plain text? A. 3DES-EDE B. EDE-3DES C. 3DES-AES D. AES-3DES Answer: A Section: Cryptography Explanation/Reference: QUESTION 132 Which of the following is not considered a trustworthy symmetric encryption algorithm? A. 3DES B. IDEA C. EDE D. AES Answer: C Section: Cryptography Explanation/Reference: QUESTION 133 On the basis of the description of SSL-based VPN, place the correct descriptions in the proper locations. Answer: Section: Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 126-130

Ensurepass QUESTION dd6 Which two statements are true about the differences between IDS and IPS? (Choose two.) A. IPS operates in promiscuous mode. B. IPS receives a copy of the traffic to be analyzed. C. IPS operates in inline mode. D. IDS receives a copy of the traffic to be analyzed. Answer: CD Section: Security Explanation/Reference: QUESTION 127 What form of attack are all algorithms susceptible to? A. Meet-in-the-middle B. Spoofing C. Stream cipher D. Brute-force Answer: D Section: Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 121-125

Ensurepass QUESTION dd1 Which option is true of intrusion prevention systems? A. they operate in promiscuous mode B. they operate in inline mode C. they have no potential impact on the data segment being monitored D. they are more vulnerable to evasion techniques than IDS Answer: B Section: Security Explanation/Reference: QUESTION 122 Which statement is true when using zone-based firewalls on a Cisco router? A. policies are applied to traffic moving between zones, not between interfaces B. Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 116-120

Ensurepass QUESTION dd6 Which of these options is a Cisco IOS feature that lets you more easily configure security features on your router? A. cisco self-defending network B. implementing AAA command authorization C. the auto secure CLI command D. performing a security audit via SDM Answer: C Section: IOS Security Explanation/Reference: QUESTION 117 Which three of these options are some of the best practices when you implement an effective firewall security policy? (choose three) A. position Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 111-115

Ensurepass QUESTION dd1 Which option is a key principal of the Cisco Self-Defending Network strategy? A. security is static and should prevent most know attack on the network B. the self-defending network should be the key point of your security policy C. integrate security throughout the existing infracture D. upper management is ultimately responsible for policy implementation Answer: C Section: Security Explanation/Reference: QUESTION 112 Which three option are areas of router security? A. Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 106-110

Ensurepass QUESTION dd6 Network security aims to provide which three key services? (choose three) A. data integrity B. data strategy C. data & system availability D. data mining E. data storage F. data confidentiality Answer: ACF Section: Security Explanation/Reference: QUESTION 107 Which option is the term for a weakness in a system or its design that can be exploited by a threat A. a vulnerability B. a risk C. an exploit D. an attack E. a joke Answer: A Section: Security Explanation/Reference: QUESTION Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 101-105

Ensurepass QUESTION dd1 When configuring Cisco IOS Zone-Based Policy Firewall, what are the three actions that can be applied to a traffic class? (Choose three.) A. Pass B. Police C. Inspect D. Drop E. Queue F. Shape Answer: ACD Section: IOS Security Explanation/Reference: Reference: Chapter 10, page 371. Section "Zone Membership Rules" QUESTION 102 Which three statements about applying access control lists to a Cisco router are true? (Choose three.) A. Place more specific ACL entries at Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 96-100

Ensurepass QUESTION d6 Which Public Key Cryptographic Standards (PKCS) defines the syntax for encrypted messages and messages with digital signatures? A. PKCS #12 B. PKCS #10 C. PKCS #8 D. PKCS #7 Answer: D Section: Cryptography Explanation/Reference: QUESTION 97 For the following items, which one acts as a VPN termination device and is located at a primary network location? A. Headend VPN device B. Tunnel C. Broadband service D. VPN access device Answer: A Section: VPNs Explanation/Reference: QUESTION Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 6-10

Ensurepass QUESTION 6 Which statement is true about a Smurf attack? A. It sends ping requests to a subnet, requesting that devices on that subnet send ping replies to a target system. B. It intercepts the third step in a TCP three-way handshake to hijack a session. C. It uses Trojan horse applications to create a distributed collection of "zombie" computers, which can be used to launch a coordinated DDoS attack. D. It sends ping requests in segments of an invalid size. Answer: A Section: Security Explanation/Reference: "Smurf Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 91-95

Ensurepass QUESTION d1 Before a Diffie-Hellman exchange may begin, the two parties involved must agree on what? A. Two nonsecret keys B. Two secret numbers C. Two secret keys D. Two nonsecret numbers Answer: D Section: Cryptography Explanation/Reference: QUESTION 92 Which three are distinctions between asymmetric and symmetric algorithms? (Choose all that apply.) A. Asymmetric algorithms are based on more complex mathematical computations. B. Only symmetric algorithms have a key exchange Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 86-90

Ensurepass QUESTION d6 What is the MD5 algorithm used for? A. takes a variable-length message and produces a 168-bit message digest B. takes a fixed-length message and produces a 128-bit message digest C. takes a variable-length message and produces a 128-bit message digest D. takes a message less than 2^64 bits as input and produces a 160-bit message digest Answer: C Section: Cryptography Explanation/Reference: QUESTION 87 Which algorithm was the first to be found suitable for both digital Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 81-85

Ensurepass QUESTION d1 For the following items ,which one can be used to authenticate the IPsec peers during IKE Phase 1? A. XAUTH B. pre-shared key C. integrity check value D. Diffie-Hellman Nonce Answer: B Section: VPNs Explanation/Reference: Authentication options include usernames/passwords, biometrics, preshared keys, and digital certs. Reference: Chapter 15, page 529, section "Overview of IPsec " QUESTION 82 In a brute-force attack, what percentage of the keyspace must an attacker generally Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 76-80

Ensurepass QUESTION d6 Regarding constructing a good encryption algorithm, what does creating an avalanche effect indicate? A. Changing only a few bits of a plain-text message causes the ciphertext to be completely different. B. Changing only a few bits of a ciphertext message causes the plain text to be completely different. C. Altering the key length causes the plain text to be completely different. D. Altering the key length causes the ciphertext to be completely different. Answer: A Section: Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 71-75

Ensurepass QUESTION d1 Which feature is a potential security weakness of a traditional stateful firewall? A. It cannot ensure each TCP connection follows a legitimate TCP three-way handshake. B. It cannot detect application-layer attacks. C. It cannot support UDP flows. D. The status of TCP sessions is retained in the state table after the sessions terminate. Answer: B Section: IOS Security Explanation/Reference: By definition, a stateful firewall constructs a state table which holds info from Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 66-70

Ensurepass QUESTION d6 Which two actions can be configured to allow traffic to traverse an interface when zone-based security is being employed? (Choose two.) A. Flow B. Inspect C. Pass D. Allow Answer: BC Section: IOS Security Explanation/Reference: QUESTION 67 When configuring role-based CLI on a Cisco router, which action will be taken first? A. Create a parser view called "root view." B. Log in to the router as the root user. C. Enable role-based CLI globally on the router using the Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 61-65

Ensurepass QUESTION d1 Which information is stored in the stateful session flow table while using a stateful firewall? A. all TCP and UDP header information only B. the source and destination IP addresses, port numbers, TCP sequencing information, and additional flags for each TCP or UDP connection associated with a particular session C. the outbound and inbound access rules (ACL entries) D. the inside private IP address and the translated inside global IP address Answer: B Section: IOS Security Explanation/Reference: The Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 56-60

Ensurepass QUESTION d6 You work as a network engineer, do you know an IPsec tunnel is negotiated within the protection of which type of tunnel? A. GRE tunnel B. L2TP tunnel C. L2F tunnel D. ISAKMP tunnel Answer: D Section: VPNs Explanation/Reference: During IKE Phase 1, a secure ISAKMP session is established, using either main mode or aggressive mode. During IKE Phase 1, the IPsec endpoints establish transform sets (that is, a collection of encryption and authentication protocols), hash methods, Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 51-55

Ensurepass QUESTION d1 For the following statements, which one is perceived as a drawback of implementing Fibre Channel Authentication Protocol (FCAP)? A. It is restricted in size to only three segments. B. It requires the implementation of IKE. C. It relies on an underlying Public Key Infrastructure (PKI). D. It requires the use of netBT as the network protocol. Answer: C Section: Security Explanation/Reference: QUESTION 52 Which two primary port authentication protocols are used with VSANs? Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 46-50

Ensurepass QUESTION d6 Based on the username global configuration mode command displayed in the exhibit. What does the option secret 5 indicate about the enable secret password? A. It is encrypted using DH group 5. B. It is hashed using SHA. C. It is hashed using MD5. D. It is encrypted using a proprietary Cisco encryption algorithm. Answer: C Section: IOS Security Explanation/Reference: When it comes to usernames, the options are plain-text, encrypted, or hashed. If the command "username cisco Read more [...]

Cisco 640-553 IINS Implementing Cisco IOS Network Security 1-5

Ensurepass QUESTION 1 As a network engineer at Cisco.com, you are responsible for Cisco network. Which will be necessarily taken into consideration when implementing Syslogging in your network? A. Log all messages to the system buffer so that they can be displayed when accessing the router. B. Use SSH to access your Syslog information. C. Enable the highest level of Syslogging available to ensure you log all possible event messages. D. Syncronize clocks on the network with a protocol such Read more [...]

640-816 Exam Questions 09

Ensurepass Question d1: Using the following access-list which of the statements are true? Access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80 Access-list 100 permit tcp 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.15 eq 23 Access-list 100 deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255 Access-list 100 deny ip any any log Access-list 100 permit ip 192.168.1.0 any 1. host 192.168.1.1 is able to access resources on the 172.16.1.0/24 network 2. host 192.168.1.1 is able to telnet to host Read more [...]

640-822 Exam Questions 03

Ensurepass Question d1: According to the IEEE 802.3 standard, Ethernet can run on what type of media? [Select all that apply] 1. 1000BaseF 2. 10Base4 3. 100BaseTX 4. 10BaseF 5. 10Base5 Correct answer(s): 4 5 Explanation: 10BaseT - Ethernet over Twisted Pair Media 10BaseF - Ethernet over Fiber Media 10Base2 - Ethernet over Thin Coaxial Media 10Base5 - Ethernet over Thick Coaxial Media Objective: Implement a small switched network Question 22: (9) Which two modes exist in a wireless network? 1. Read more [...]

640-816 Exam Questions 08

Ensurepass Question d1: (1) What is the protocol type in the OSPF Ensurepass offers the Latest 2013 640-816 Exam PDF to pass the exams.header? 1. 179 2. 80 3. 520 4. 89 Correct answer(s): 4 Explanation: The protocol type in the OSPF Ensurepass offers the Latest 2013 640-816 Exam PDF to pass the exams.header is 89. Objective: Configure and troubleshoot basic router operation and routing Question 72: (5) The following output is the result of a do show ip access-list mcmcse Standard IP access-list Read more [...]

640-822 Exam Questions 04

Ensurepass Question d1: (1) How do you enable ppp on a serial interface? 1. router(config)#ppp enable 2. router(config-if)#no encapsulation hdlc 3. router(config-if)#encapsulation ppp 4. router(config-if)#ppp enable Correct answer(s): 3 Explanation: The encapsulation ppp interface configuration command enables ppp on the interface. Objective: Implement and verify WAN links Question 32: What is the default encapsulation on a Cisco router serial interface? 1. PPP 2. SDLC 3. Frame-Relay 4. Read more [...]

640-822 Exam Questions 05

Ensurepass Question d1: What command do we use to show us a summary of the all the interfaces on a router? 1. Show interfaces all 2. Show interfaces brief 3. Show IP interface detail 4. Show IP interface brief Correct answer(s): 4 Explanation: The show ip interface brief command will give you all the interfaces of the router and their status, IP Address, etc This command can be useful troubleshooting tool if you quickly want to view the interface details. click here for sample output of this Read more [...]