Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 231-240

EnsurepassQUESTION 231 Which two protocols can SNMP use to send messages over a secure communications channel? (Choose two.)   A. DTLS B. TLS C. ESP D. AH E. ISAKMP   Correct Answer: AB  < /font>   QUESTION 232 Which two options are for securing NTP? (Choose two.)   A. a stratum clock B. access lists C. Secure Shell D. authentication E. Telnet   Correct Answer: BD     QUESTION 233 What must be configured before Secure Copy Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 221-230

EnsurepassQUESTION 221 Where is the transform set applied in an IOS IPsec VPN?   A. on the WAN interface B. in the ISAKMP policy C. in the crypto map D. on the LAN interface   Correct Answer: C     QUESTION 222 Which authentication protocol does the Cisco AnyConnect VPN password management feature require to operate?   A. MS-CHAPv1 B. MS-CHAPv2 C. CHAP D. Kerberos   Correct Answer: B     QUESTION 223 In which stage of an attack does Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 201-210

EnsurepassQUESTION 201 Which statement about ACL operations is true?   A. The access list is evaluated in its entirety. B. The access list is evaluated one access-control entry at a time. C. The access list is evaluated by the most specific entry. D. The default explicit deny at the end of an access list causes all packets to be dropped.   Correct Answer: B     QUESTION 202 Which three statements about access lists are true? (Choose three.)   A. Extended Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 211-220

EnsurepassQUESTION 211 Which VTP mode allows you to change the VLAN configuration and will then propagate the change throughout the entire switched network?   A. VTP server B. VTP client C. VTP transparent D. VTP off   Correct Answer: A     QUESTION 212 When a switch has multiple links connected to a downstream switch, what is the first step that STP t akes to prevent loops?   A. STP elects the root bridge. B. STP selects the root port. C. STP selects Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 181-190

EnsurepassQUESTION 181 Which two IPsec protocols are used to protect data in motion? (Choose two.)   A. Encapsulating Security Payload Protocol B. Transport Layer Security Protocol C. Secure Shell Protocol D. Authentication Header Protocol   Correct Answer: AD Explanation: IPsec provides three main facilities: An authentication-only function, referred to as Authentication Header (AH) A combined authentication/ encryption function called Encapsulating Security Payload (ESP) Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 191-200

EnsurepassQUESTION 191 Which Cisco Security Manager feature enables the configuration of unsupported device features?   A. Deployment Manager B. FlexConfig C. Policy Object Manager D. Configuration Manager   Correct Answer: B     QUESTION 192 Which statement about IPv6 address allocation is true?   A. IPv6-enabled devices can be assigned only one IPv6 IP address. B. A DHCP server is required to allocate IPv6 IP addresses. C. IPv6-enabled devices can Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 161-170

EnsurepassQUESTION 161 Which option describes the purpose of Diffie-Hellman?   A. used between the initiator and the responder to establish a basic security policy B. used to verify the identity of the peer C. used for asymmetric public key encryption D. used to establish a symmetric shared key via a public key exchange process   Correct Answer: D Explanation: http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/user/guide/IKE.html Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 171-180

EnsurepassQUESTION 171 You want to use the Cisco Configuration Professional site-to-site VPN wizard to implement a site- to-site IPsec VPN using pre-shared key. Which four configurations are required (with no defaults)? (Choose four.)   A. the interface for the VPN connection B. the VPN peer IP address C. the IPsec transform-set D. the IKE policy E. the interesting traffic (the traffic to be protected) F. the pre-shared key   Correct Answer: ABEF Explanation: http://www.cisco.com/en/US/products/ps9422/products_configuration_example09186a0080ba1d0a.shtml Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 151-160

EnsurepassQUESTION 151 Which type of intrusion prevention technology is the primary type used by the Cisco IPS security appliances?   A. profile-based B. rule-based C. protocol analysis-based D. signature-based E. NetFlow anomaly-based   Correct Answer: D Explanation: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_fwids.html   The Signature Definition File A Signature Definition file (SDF) has definitions for each signature it contains. After signatures Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 141-150

EnsurepassQUESTION 141 Refer to Cisco IOS Zone-Based Policy Firewall, where will the inspection policy be applied?   A. to the zone-pair B. to the zone C. to the interface D. to the global service policy   Correct Answer: A Explanation: Zone-based policy firewall (also known as "Zone-Policy Firewall" or "ZPF") changes the firewall from the older interface-based model to a more flexible, more easily understood zone-based configuration model. Interfaces are assigned to zones, Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 131-140

EnsurepassQUESTION 131 Which type of NAT is used where you translate multiple internal IP addresses to a single global, routable IP address?   A. policy NAT B. dynamic PAT C. static NAT D. dynamic NAT E. policy PAT   Correct Answer: B Explanation: http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/nat_dynamic.html   Task Flow for Configuring Dynamic NAT and PAT Use the following guidelines to configure either Dynamic NAT or PAT: First configure Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 121-130

EnsurepassQUESTION 121 The host A Layer 2 port is configured in VLAN 5 on switch 1, and the host B Layer 2 port is configured in VLAN 10 on switch 1. Which two actions you can take to enable the two hosts to communicate with each other? (Choose two.)   A. Configure inter-VLAN routing. B. Connect the hosts directly through a hub. C. Configure switched virtual interfaces. D. Connect the hosts directly through a router.   Correct Answer: AC Explanation: VLANs divide broadcast Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 101-110

EnsurepassQUESTION 101 Which statement describes a best practice when configuring trunking on a switch port?   A. Disable double tagging by enabling DTP on the trunk port. B. Enable encryption on the trunk port. C. Enable authentication and encryption on the trunk port. D. Limit the allowed VLAN(s) on the trunk to the native VLAN only. E. Configure an unused VLAN as the native VLAN.   Correct Answer: E Explanation: http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 111-120

EnsurepassQUESTION 111 Which Layer 2 protocol provides loop resolution by managing the physical paths to given network segments?   A. root guard B. port fast C. HSRP D. STP   Correct Answer: D Explanation: http://www.cisco.com/en/US/tech/tk389/tk621/technologies_configuration_example09186a008009467c.shtml   Introduction< /font> Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches. The specification for STP is IEEE 802.1D. The main purpose Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 91-100

EnsurepassQUESTION 91 Which two considerations about secure network management are important? (Choose two.)   A. log tampering B. encryption algorithm strength C. accurate time stamping D. off-site storage E. Use RADIUS for router commands authorization. F. Do not use a loopback interface for device management access.   Correct Answer: AC Explanation: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/best/practices/recommend ations.html   Enable Read more [...]
Dec 12

[Free] Download New Updated (December) Cisco 640-554 Exam Questions 81-90

EnsurepassQUESTION 81 Refer to the exhibit and partial configuration. Which statement is true?     A. All traffic destined for network 172.16.150.0 will be denied due to the implicit deny all. B. All traffic from network 10.0.0.0 will be permitted. C. Access-list 101 will prevent address spoofing from interface E0. D. This is a misconfigured ACL resulting in traffic not being allowed into the router in interface S0. E. This ACL will prevent any host on the Internet from Read more [...]