Tag Archives: Cisco 640-554 Testing software

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 221-230

EnsurepassQUESTION 221 Where is the transform set applied in an IOS IPsec VPN?   A. on the WAN interface B. in the ISAKMP policy C. in the crypto map D. on the LAN interface   Correct Answer: C     QUESTION 222 Which authentication protocol does the Cisco AnyConnect VPN password management feature require to operate?   A. MS-CHAPv1 B. MS-CHAPv2 C. CHAP D. Kerberos   Correct Answer: B     QUESTION 223 In which stage of an attack does Read more […]

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 231-240

EnsurepassQUESTION 231 Which two protocols can SNMP use to send messages over a secure communications channel? (Choose two.)   A. DTLS B. TLS C. ESP D. AH E. ISAKMP   Correct Answer: AB  < /font>   QUESTION 232 Which two options are for securing NTP? (Choose two.)   A. a stratum clock B. access lists C. Secure Shell D. authentication E. Telnet   Correct Answer: BD     QUESTION 233 What must be configured before Secure Copy Read more […]

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 201-210

EnsurepassQUESTION 201 Which statement about ACL operations is true?   A. The access list is evaluated in its entirety. B. The access list is evaluated one access-control entry at a time. C. The access list is evaluated by the most specific entry. D. The default explicit deny at the end of an access list causes all packets to be dropped.   Correct Answer: B     QUESTION 202 Which three statements about access lists are true? (Choose three.)   A. Extended Read more […]

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 211-220

EnsurepassQUESTION 211 Which VTP mode allows you to change the VLAN configuration and will then propagate the change throughout the entire switched network?   A. VTP server B. VTP client C. VTP transparent D. VTP off   Correct Answer: A     QUESTION 212 When a switch has multiple links connected to a downstream switch, what is the first step that STP t akes to prevent loops?   A. STP elects the root bridge. B. STP selects the root port. C. STP selects Read more […]

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 181-190

EnsurepassQUESTION 181 Which two IPsec protocols are used to protect data in motion? (Choose two.)   A. Encapsulating Security Payload Protocol B. Transport Layer Security Protocol C. Secure Shell Protocol D. Authentication Header Protocol   Correct Answer: AD Explanation: IPsec provides three main facilities: An authentication-only function, referred to as Authentication Header (AH) A combined authentication/ encryption function called Encapsulating Security Payload (ESP) Read more […]

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 191-200

EnsurepassQUESTION 191 Which Cisco Security Manager feature enables the configuration of unsupported device features?   A. Deployment Manager B. FlexConfig C. Policy Object Manager D. Configuration Manager   Correct Answer: B     QUESTION 192 Which statement about IPv6 address allocation is true?   A. IPv6-enabled devices can be assigned only one IPv6 IP address. B. A DHCP server is required to allocate IPv6 IP addresses. C. IPv6-enabled devices can Read more […]

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 161-170

EnsurepassQUESTION 161 Which option describes the purpose of Diffie-Hellman?   A. used between the initiator and the responder to establish a basic security policy B. used to verify the identity of the peer C. used for asymmetric public key encryption D. used to establish a symmetric shared key via a public key exchange process   Correct Answer: D Explanation: http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/user/guide/IKE.html Read more […]

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 171-180

EnsurepassQUESTION 171 You want to use the Cisco Configuration Professional site-to-site VPN wizard to implement a site- to-site IPsec VPN using pre-shared key. Which four configurations are required (with no defaults)? (Choose four.)   A. the interface for the VPN connection B. the VPN peer IP address C. the IPsec transform-set D. the IKE policy E. the interesting traffic (the traffic to be protected) F. the pre-shared key   Correct Answer: ABEF Explanation: http://www.cisco.com/en/US/products/ps9422/products_configuration_example09186a0080ba1d0a.shtml Read more […]

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 151-160

EnsurepassQUESTION 151 Which type of intrusion prevention technology is the primary type used by the Cisco IPS security appliances?   A. profile-based B. rule-based C. protocol analysis-based D. signature-based E. NetFlow anomaly-based   Correct Answer: D Explanation: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_fwids.html   The Signature Definition File A Signature Definition file (SDF) has definitions for each signature it contains. After signatures Read more […]

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 141-150

EnsurepassQUESTION 141 Refer to Cisco IOS Zone-Based Policy Firewall, where will the inspection policy be applied?   A. to the zone-pair B. to the zone C. to the interface D. to the global service policy   Correct Answer: A Explanation: Zone-based policy firewall (also known as “Zone-Policy Firewall” or “ZPF”) changes the firewall from the older interface-based model to a more flexible, more easily understood zone-based configuration model. Interfaces are assigned to zones, Read more […]