640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 221-230

By on December 12, 2015
EnsurepassQUESTION 221 Where is the transform set applied in an IOS IPsec VPN?   A. on the WAN interface B. in the ISAKMP policy C. in the crypto map D. on the LAN interface   Correct Answer: C     QUESTION 222 Which authentication protocol does the Cisco AnyConnect VPN password management feature require to operate?   A. MS-CHAPv1 B. MS-CHAPv2 C. CHAP D. Kerberos   Correct Answer: B     QUESTION 223 In which stage of an attack does Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 231-240

By on
EnsurepassQUESTION 231 Which two protocols can SNMP use to send messages over a secure communications channel? (Choose two.)   A. DTLS B. TLS C. ESP D. AH E. ISAKMP   Correct Answer: AB     QUESTION 232 Which two options are for securing NTP? (Choose two.)   A. a stratum clock B. access lists C. Secure Shell D. authentication E. Telnet   Correct Answer: BD     QUESTION 233 What must be configured before Secure Copy can be enabled? Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 201-210

By on
EnsurepassQUESTION 201 Which statement about ACL operations is true?   A. The access list is evaluated in its entirety. B. The access list is evaluated one access-control entry at a time. C. The access list is evaluated by the most specific entry. D. The default explicit deny at the end of an access list causes all packets to be dropped.   Correct Answer: B     QUESTION 202 Which three statements about access lists are true? (Choose three.)   A. Extended Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 211-220

By on
EnsurepassQUESTION 211 Which VTP mode allows you to change the VLAN configuration and will then propagate the change throughout the entire switched network?   A. VTP server B. VTP client C. VTP transparent D. VTP off   Correct Answer: A     QUESTION 212 When a switch has multiple links connected to a downstream switch, what is the first step that STP takes to prevent loops?   A. STP elects the root bridge. B. STP selects the root port. C. STP selects Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 181-190

By on
EnsurepassQUESTION 181 Which two IPsec protocols are used to protect data in motion? (Choose two.)   A. Encapsulating Security Payload Protocol B. Transport Layer Security Protocol C. Secure Shell Protocol D. Authentication Header Protocol   Correct Answer: AD Explanation: IPsec provides three main facilities: An authentication-only function, referred to as Authentication Header (AH) A combined authentication/ encryption function called Encapsulating Security Payload (ESP) Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 191-200

By on
EnsurepassQUESTION 191 Which Cisco Security Manager feature enables the configuration of unsupported device features?   A. Deployment Manager B. FlexConfig C. Policy Object Manager D. Configuration Manager   Correct Answer: B     QUESTION 192 Which statement about IPv6 address allocation is true?   A. IPv6-enabled devices can be assigned only one IPv6 IP address. B. A DHCP server is required to allocate IPv6 IP addresses. C. IPv6-enabled devices can Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 161-170

By on
EnsurepassQUESTION 161 Which option describes the purpose of Diffie-Hellman?   A. used between the initiator and the responder to establish a basic security policy B. used to verify the identity of the peer C. used for asymmetric public key encryption D. used to establish a symmetric shared key via a public key exchange process   Correct Answer: D Explanation: http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/user/guide/IKE.html Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 171-180

By on
EnsurepassQUESTION 171 You want to use the Cisco Configuration Professional site-to-site VPN wizard to implement a site- to-site IPsec VPN using pre-shared key. Which four configurations are required (with no defaults)? (Choose four.)   A. the interface for the VPN connection B. the VPN peer IP address C. the IPsec transform-set D. the IKE policy E. the interesting traffic (the traffic to be protected) F. the pre-shared key   Correct Answer: ABEF Explanation: http://www.cisco.com/en/US/products/ps9422/products_configuration_example09186a0080ba1d0a.shtml Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 151-160

By on
EnsurepassQUESTION 151 Which type of intrusion prevention technology is the primary type used by the Cisco IPS security appliances?   A. profile-based B. rule-based C. protocol analysis-based D. signature-based E. NetFlow anomaly-based   Correct Answer: D Explanation: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_fwids.html   The Signature Definition File A Signature Definition file (SDF) has definitions for each signature it contains. After signatures Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 141-150

By on
EnsurepassQUESTION 141 Refer to Cisco IOS Zone-Based Policy Firewall, where will the inspection policy be applied?   A. to the zone-pair B. to the zone C. to the interface D. to the global service policy   Correct Answer: A Explanation: Zone-based policy firewall (also known as "Zone-Policy Firewall" or "ZPF") changes the firewall from the older interface-based model to a more flexible, more easily understood zone-based configuration model. Interfaces are assigned to zones, Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 131-140

By on
EnsurepassQUESTION 131 Which type of NAT is used where you translate multiple internal IP addresses to a single global, routable IP address?   A. policy NAT B. dynamic PAT C. static NAT D. dynamic NAT E. policy PAT   Correct Answer: B Explanation: http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_dynamic.html   Task Flow for Configuring Dynamic NAT and PAT Use the following guidelines to configure either Dynamic NAT or PAT: First configure Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 121-130

By on
Ensurepass="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left">QUESTION 121 The host A Layer 2 port is configured in VLAN 5 on switch 1, and the host B Layer 2 port is configured in VLAN 10 on switch 1. Which two actions you can take to enable the two hosts to communicate with each other? (Choose two.)   A. Configure inter-VLAN routing. B. Connect the hosts directly through a hub. C. Configure switched virtual interfaces. Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 101-110

By on
EnsurepassQUESTION 101 Which statement describes a best practice when configuring trunking on a switch port?   A. Disable double tagging by enabling DTP on the trunk port. B. Enable encryption on the trunk port. C. Enable authentication and encryption on the trunk port. D. Limit the allowed VLAN(s) on the trunk to the native VLAN only. E. Configure an unused VLAN as the native VLAN.   Correct Answer: E Explanation: http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 111-120

By on
EnsurepassQUESTION 111 Which Layer 2 protocol provides loop resolution by managing the physical paths to given network segments?   A. root guard B. port fast C. HSRP D. STP   Correct Answer: D Explanation: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_configuration_example09186a008009467c.shtml   Introduction Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches. The specification for STP is IEEE 802.1D. The main purpose of STP Read more [...]

Continue Reading