Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 161-170

Ensurepass      QUESTION 161 Which option describes the purpose of Diffie-Hellman?   A. used between the initiator and the responder to establish a basic security policy B. used to verify the identity of the peer C. used for asymmetric public key encryption D. used to establish a symmetric shared key via a public key exchange process   Correct Answer: D Explanation: http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/user/guide/IKE.html Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 151-160

Ensurepass  QUESTION 151 Which type of intrusion prevention technology is the primary type used by the Cisco IPS security appliances?   A. profile-based B. rule-based C. protocol analysis-based D. signature-based E. NetFlow anomaly-based   Correct Answer: D Explanation: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_fwids.html   The Signature Definition File A Signature Definition file (SDF) has definitions for each signature it contains. After Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 141-150

Ensurepass  QUESTION 141 Refer to Cisco IOS Zone-Based Policy Firewall, where will the inspection policy be applied?   A. to the zone-pair B. to the zone C. to the interface D. to the global service policy   Correct Answer: A Explanation: Zone-based policy firewall (also known as "Zone-Policy Firewall" or "ZPF") changes the firewall from the older interface-based model to a more flexible, more easily understood zone-based configuration model. Interfaces are assigned to Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 131-140

Ensurepass  QUESTION 131 Which type of NAT is used where you translate multiple internal IP addresses to a single global, routable IP address?   A. policy NAT B. dynamic PAT C. static NAT D. dynamic NAT E. policy PAT   Correct Answer: B Explanation: http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_dynamic.html   Task Flow for Configuring Dynamic NAT and PAT Use the following guidelines to configure either Dynamic NAT or PAT: First configure Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 121-130

Ensurepass      QUESTION 121 The host A Layer 2 port is configured in VLAN 5 on switch 1, and the host B Layer 2 port is configured in VLAN 10 on switch 1. Which two actions you can take to enable the two hosts to communicate with each other? (Choose two.)   A. Configure inter-VLAN routing. B. Connect the hosts directly through a hub. C. Configure switched virtual interfaces. D. Connect the hosts directly through a router.   Correct Answer: AC Explanation: VLANs Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 111-120

Ensurepass  QUESTION 111 Which Layer 2 protocol provides loop resolution by managing the physical paths to given network segments?   A. root guard B. port fast C. HSRP D. STP   Correct Answer: D Explanation: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_configuration_example09186a008009467c.shtml   Introduction Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches. The specification for STP is IEEE 802.1D. The main purpose Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 101-110

Ensurepass    QUESTION 101 Which statement describes a best practice when configuring trunking on a switch port?   A. Disable double tagging by enabling DTP on the trunk port. B. Enable encryption on the trunk port. C. Enable authentication and encryption on the trunk port. D. Limit the allowed VLAN(s) on the trunk to the native VLAN only. E. Configure an unused VLAN as the native VLAN.   Correct Answer: E Explanation: http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 91-100

Ensurepass  QUESTION 91 Which two considerations about secure network management are important? (Choose two.)   A. log tampering B. encryption algorithm strength C. accurate time stamping D. off-site storage E. Use RADIUS for router commands authorization. F. Do not use a loopback interface for device management access.   Correct Answer: AC Explanation: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/best/practices/recommend ations.html   Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 81-90

Ensurepass  QUESTION 81 Refer to the exhibit and partial configuration. Which statement is true?     A. All traffic destined for network 172.16.150.0 will be denied due to the implicit deny all. B. All traffic from network 10.0.0.0 will be permitted. C. Access-list 101 will prevent address spoofing from interface E0. D. This is a misconfigured ACL resulting in traffic not being allowed into the router in interface S0. E. This ACL will prevent any host on the Internet Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 71-80

Ensurepass  QUESTION 71 Which statement about an access control list that is applied to a router interface is true?   A. It only filters traffic that passes through the router. B. It filters pass-through and router-generated traffic. C. An empty ACL blocks all traffic. D. It filters traffic in the inbound and outbound directions.   Correct Answer: A Explanation: http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-acl-ov- gdl.html   The Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 61-70

Ensurepass  QUESTION 61 On which Cisco Configuration Professional screen do you enable AAA?   A. AAA Summary B. AAA Servers and Groups C. Authentication Policies D. Authorization Policies   Correct Answer: A Explanation: Authentication/Authorization: These fields are visible when AAA is enabled on the router. AAA can be enabled by clicking Configure > Router > AAA > AAA Summary > Enable AAA. Reference: Cisco Configuration Professional User Guide 2.5 PDF   Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 51-60

Ensurepass    QUESTION 51 Which three options are common examples of AAA implementation on Cisco routers? (Choose three.)   A. authenticating remote users who are accessing the corporate LAN through IPsec VPN connections B. authenticating administrator access to the router console port, auxiliary port, and vty ports C. implementing PKI to authenticate and authorize IPsec VPN peers using digital certificates D. tracking Cisco NetFlow accounting statistics E. securing Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 41-50

Ensurepass    QUESTION 41 What does the secure boot-config global configuration accomplish?   A. enables Cisco IOS image resilience B. backs up the Cisco IOS image from flash to a TFTP server C. takes a snapshot of the router running configuration and securely archives it in persistent storage D. backs up the router running configuration to a TFTP server E. stores a secured copy of the Cisco IOS image in its persistent storage   Correct Answer: C Explanation: Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 31-40

Ensurepass  QUESTION 31 Scenario: You are the security admin for a small company. This morning your manager has supplied you with a list of Cisco ISR and CCP configuration questions. Using CCP, your job is to navigate the pre-configured CCP in order to find answers to your business question. Which policy is assigned to Zone Pair sdm-zip-OUT-IN?     A. Sdm-cls-http B. OUT_SERVICE C. Ccp-policy-ccp-cls-1 D. Ccp-policy-ccp-cls-2   Correct Answer: D Explanation:   Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 21-30

Ensurepass  QUESTION 21 During role-based CLI configuration, what must be enabled before any user views can be created?   A. multiple privilege levels B. usernames and passwords C. aaa new-model command D. secret password for the root user E. HTTP and/or HTTPS server F. TACACS server group   Correct Answer: C Explanation: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html   Configuring a CLI View Use this task to create a CLI view Read more [...]
Jul 27

Download New Updated (July) Cisco 640-554 Actual Test 11-20

Ensurepass  QUESTION 11 Which three items are Cisco best-practice recommendations for securing a network? (Choose three.)   A. Routinely apply patches to operating systems and applications. B. Disable unneeded services and ports on hosts. C. Deploy HIPS software on all end-user workstations. D. Require strong passwords, and enable password expiration.   Correct Answer: ABD Explanation: Disable Unused Services As a security best practice, any unnecessary service must be Read more [...]