640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 221-230

By on December 12, 2015
EnsurepassQUESTION 221 Where is the transform set applied in an IOS IPsec VPN?   A. on the WAN interface B. in the ISAKMP policy C. in the crypto map D. on the LAN interface   Correct Answer: C     QUESTION 222 Which authentication protocol does the Cisco AnyConnect VPN password management feature require to operate?   A. MS-CHAPv1 B. MS-CHAPv2 C. CHAP D. Kerberos   Correct Answer: B     QUESTION 223 In which stage of an attack does Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 231-240

By on
EnsurepassQUESTION 231 Which two protocols can SNMP use to send messages over a secure communications channel? (Choose two.)   A. DTLS B. TLS C. ESP D. AH E. ISAKMP   Correct Answer: AB     QUESTION 232 Which two options are for securing NTP? (Choose two.)   A. a stratum clock B. access lists C. Secure Shell D. authentication E. Telnet   Correct Answer: BD     QUESTION 233 What must be configured before Secure Copy can be enabled? Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 211-220

By on
EnsurepassQUESTION 211 Which VTP mode allows you to change the VLAN configuration and will then propagate the change throughout the entire switched network?   A. VTP server B. VTP client C. VTP transparent D. VTP off   Correct Answer: A     QUESTION 212 When a switch has multiple links connected to a downstream switch, what is the first step that STP takes to prevent loops?   A. STP elects the root bridge. B. STP selects the root port. C. STP selects Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 201-210

By on
EnsurepassQUESTION 201 Which statement about ACL operations is true?   A. The access list is evaluated in its entirety. B. The access list is evaluated one access-control entry at a time. C. The access list is evaluated by the most specific entry. D. The default explicit deny at the end of an access list causes all packets to be dropped.   Correct Answer: B     QUESTION 202 Which three statements about access lists are true? (Choose three.)   A. Extended Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 181-190

By on
EnsurepassQUESTION 181 Which two IPsec protocols are used to protect data in motion? (Choose two.)   A. Encapsulating Security Payload Protocol B. Transport Layer Security Protocol C. Secure Shell Protocol D. Authentication Header Protocol   Correct Answer: AD Explanation: IPsec provides three main facilities: An authentication-only function, referred to as Authentication Header (AH) A combined authentication/ encryption function called Encapsulating Security Payload (ESP) Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 191-200

By on
EnsurepassQUESTION 191 Which Cisco Security Manager feature enables the configuration of unsupported device features?   A. Deployment Manager B. FlexConfig C. Policy Object Manager D. Configuration Manager   Correct Answer: B     QUESTION 192 Which statement about IPv6 address allocation is true?   A. IPv6-enabled devices can be assigned only one IPv6 IP address. B. A DHCP server is required to allocate IPv6 IP addresses. C. IPv6-enabled devices can Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 161-170

By on
EnsurepassQUESTION 161 Which option describes the purpose of Diffie-Hellman?   A. used between the initiator and the responder to establish a basic security policy B. used to verify the identity of the peer C. used for asymmetric public key encryption D. used to establish a symmetric shared key via a public key exchange process   Correct Answer: D Explanation: http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/user/guide/IKE.html Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 171-180

By on
EnsurepassQUESTION 171 You want to use the Cisco Configuration Professional site-to-site VPN wizard to implement a site- to-site IPsec VPN using pre-shared key. Which four configurations are required (with no defaults)? (Choose four.)   A. the interface for the VPN connection B. the VPN peer IP address C. the IPsec transform-set D. the IKE policy E. the interesting traffic (the traffic to be protected) F. the pre-shared key   Correct Answer: ABEF Explanation: http://www.cisco.com/en/US/products/ps9422/products_configuration_example09186a0080ba1d0a.shtml Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 151-160

By on
EnsurepassQUESTION 151 Which type of intrusion prevention technology is the primary type used by the Cisco IPS security appliances?   A. profile-based B. rule-based C. protocol analysis-based D. signature-based E. NetFlow anomaly-based   Correct Answer: D Explanation: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_fwids.html   The Signature Definition File A Signature Definition file (SDF) has definitions for each signature it contains. After signatures Read more [...]

Continue Reading

640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 141-150

By on
EnsurepassQUESTION 141 Refer to Cisco IOS Zone-Based Policy Firewall, where will the inspection policy be applied?   A. to the zone-pair B. to the zone C. to the interface D. to the global service policy   Correct Answer: A Explanation: Zone-based policy firewall (also known as "Zone-Policy Firewall" or "ZPF") changes the firewall from the older interface-based model to a more flexible, more easily understood zone-based configuration model. Interfaces are assigned to zones, Read more [...]

Continue Reading