640-554 Exam Questions (December)

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 221-230

December 12, 2015

Ensurepass

QUESTION 221

Where is the transform set applied in an IOS IPsec VPN?

 

A.

on the WAN interface

B.

in the ISAKMP policy

C.

in the crypto map

D.

on the LAN interface

 

Correct Answer: C

 

 

QUESTION 222

Which authentication protocol does the Cisco AnyConnect VPN password management feature require to operate?

 

A.

MS-CHAPv1

B.

MS-CHAPv2

C.

CHAP

D.

Kerberos

 

Correct Answer: B

 

 

QUESTION 223

In which stage of an attack does the attacker discover devices on a target network?

 

A.

reconnaissance

B.

gaining access

C.

maintaining access

D.

covering tracks

Correct Answer: A

 

 

QUESTION 224

Which Cisco feature can help mitigate spoofing attacks by verifying symmetry of the traffic path?

 

A.

Unidirectional Link Detection

B.

Unicast Reverse Path Forwarding

C.

TrustSec

D.

IP Source Guard

 

Correct Answer: B

 

 

QUESTION 225

By which kind of threat is the victim tricked into entering username and password information at a disguised website?

 

A.

phishing

B.

spam

C.

malware

D.

spoofing

 

Correct Answer: A

 

 

QUESTION 226

Which Cisco product can help mitigate web-based attacks within a network?

 

A.

Adaptive Security Appliance

B.

Web Security Appliance

C.

Email Security Appliance

D.

Identity Services Engine

 

Correct Answer: B

 

 

QUESTION 227

Which type of IPS can identify worms that are propagating in a network?

 

A.

signature-based IPS

B.

policy-based IPS

C.

anomaly-based IPS

D.

reputation-based IPS

 

Correct Answer: C

 

 

QUESTION 228

When a company puts a security policy in place, what is the effect on the company’s business?

 

A.

minimizing risk

B.

minimizing total cost of ownership

C.

minimizing liability

D.

maximizing compliance

 

Correct Answer: A

 

 

QUESTION 229

Which IOS feature can limit SSH access to a specific subnet under a VTY line?

 

A.

access class

B.

access list

C.

route map

D.

route tag

 

Correct Answer: A

 

 

QUESTION 230

Which command configures logging on a Cisco ASA firewall to include the date and time?

 

A.

logging facility

B.

logging enable

C.

logging timestamp

D.

logging buffered debugging

 

Correct Answer: C

 

Free VCE & PDF File for Cisco 640-554 Exam Questions

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …