Easily Pass By Training Lead2pass Latest Dumps
Lead2pass Microsoft, Cisco, CompTIA, IBM and other IT exam dumps with VCE and PDF
QUESTION 41
Which of the following best describes Chain of Evidence in the context of security forensics?
A. Evidence is locked down, but not necessarily authenticated.
B. Evidence is controlled and accounted for to maintain its authenticity and integrity.
C. The general whereabouts of evidence is known.
D. Someone knows where the evidence is and can say who had it if it is not logged.
Answer: B
QUESTION 31
Refer to the exhibit. Which statement about this Cisco Catalyst switch 802.1X configuration is true?
A. If an IP phone behind the switch port has an 802.1X supplicant, MAC address bypass will still be
used to authenticate the IP Phone.
B. If an IP phone behind the switch port has an 802.1X supplicant, 802.1X authentication will be used
to authenticate the IP phone.
C. The authentication host-mode multi-domain command enables the PC connected behind the IP
phone to bypass 802.1X authentication.
D. Using the authentication host-mode multi-domain command will allow up to eight PCs connected
behind the IP phone via a hub to be individually authentication using 802.1X.
Answer: B
QUESTION 21
An attacker configures an access point to broadcast the same SSID that is used at a public hot- spot, and launches a deauthentication attack against the clients that are connected to the hot-spot, with the hope that the clients will then associate to the AP of the attacker.
In addition to the deauthentication attack, what attack has been launched?
A. man-in-the-middle
B. MAC spoofing
C. Layer 1 DoS
D. disassociation attack
Answer: A
QUESTION 11
IPsec SAs can be applied as a security mechanism for which three options? (Choose three.)
A. Send
B. Mobile IPv6
C. site-to-site virtual interfaces
D. OSPFv3
E. CAPWAP
F. LWAPP
Answer: BCD
QUESTION 1
Which two EIGRP packet types are considered to be unreliable packets? (Choose two.)
A. update
B. query
C. reply
D. hello
E. acknowledgement
Answer: DE
QUESTION 21
Which option can be used to authenticate the IPsec peers during IKE Phase 1?
A. Diffie-Hellman Nonce
B. pre-shared key
C. XAUTH
D. integrity check value
E. ACS
F. AH
Answer: B
QUESTION 22
Which single Cisco IOS ACL entry permits IP addresses from 172.16.80.0 to 172.16.87.255?
A. permit 172.16.80.0 0.0.3.255
B. permit 172.16.80.0 0.0.7.255
C. permit 172.16.80.0 0.0.248.255
D. permit 176.16.80.0 255.255.252.0
E. permit 172.16.80.0 255.255.248.0
F. permit 172.16.80.0 255.255.240.0
Answer: B
QUESTION 23
You want to use the Cisco Configuration Professional site-to-site VPN wizard to implement a site- to-site IPsec VPN using pre-shared key.
Which four configurations are required (with no defaults)? (Choose four.)
A. the interface for the VPN connection
B. the VPN peer IP address
C. the IPsec transform-set
D. the IKE policy
E. the interesting traffic (the traffic to be protected)
F. the pre-shared key
Answer: ABEF
QUESTION 24
Which two options represent a threat to the physical installation of an enterprise network? (Choose two.)
A. surveillance camera
B. security guards
C. electrical power
D. computer room access
E. change control
Answer: CD
QUESTION 25
Which option represents a step that should be taken when a security policy is developed?
A. Perform penetration testing.
B. Determine device risk scores.
C. Implement a security monitoring system.
D. Perform quantitative risk analysis.
Answer: D
QUESTION 26
Which type of network masking is used when Cisco IOS access control lists are configured?
A. extended subnet masking
B. standard subnet masking
C. priority masking
D. wildcard masking
Answer: D
QUESTION 27
How are Cisco IOS access control lists processed?
A. Standard ACLs are processed first.
B. The best match ACL is matched first.
C. Permit ACL entries are matched first before the deny ACL entries.
D. ACLs are matched from top down.
E. The global ACL is matched first before the interface ACL.
Answer: D
QUESTION 28
Which type of management reporting is defined by separating management traffic from production traffic?
A. IPsec encrypted
B. in-band
C. out-of-band
D. SSH
Answer: C
QUESTION 29
Which syslog level is associated with LOG_WARNING?
A. 1
B. 2
C. 3
D. 4
E. 5
F. 6
Answer: D
QUESTION 30
In which type of Layer 2 attack does an attacker broadcast BDPUs with a lower switch priority?
A. MAC spoofing attack
B. CAM overflow attack
C. VLAN hopping attack
D. STP attack
Answer: D
If you want to pass the Cisco 640-554 Exam sucessfully, recommend to read latest 640-554 Dumps full version.
QUESTION 11
Which four tasks are required when you configure Cisco IOS IPS using the Cisco Configuration Professional IPS wizard? (Choose four.)
A. Select the interface(s) to apply the IPS rule.
B. Select the traffic flow direction that should be applied by the IPS rule.
C. Add or remove IPS alerts actions based on the risk rating.
D. Specify the signature file and the Cisco public key.
E. Select the IPS bypass mode (fail-open or fail-close).
F. Specify the configuration location and select the category of signatures to be applied to the selected
interface(s).
Answer: ABDF
QUESTION 12
Which statement is a benefit of using Cisco IOS IPS?
A. It uses the underlying routing infrastructure to provide an additional layer of security.
B. It works in passive mode so as not to impact traffic flow.
C. It supports the complete signature database as a Cisco IPS sensor appliance.
D. The signature database is tied closely with the Cisco IOS image.
Answer: A
QUESTION 13
Which description of the Diffie-Hellman protocol is true?
A. It uses symmetrical encryption to provide data confidentiality over an unsecured communications channel.
B. It uses asymmetrical encryption to provide authentication over an unsecured communications channel.
C. It is used within the IKE Phase 1 exchange to provide peer authentication.
D. It provides a way for two peers to establish a shared-secret key, which only they will know, even though
they are communicating over an unsecured channel.
E. It is a data integrity algorithm that is used within the IKE exchanges to guarantee the integrity of the
message of the IKE exchanges.
Answer: D
QUESTION 14
Which IPsec transform set provides the strongest protection?
A. crypto ipsec transform-set 1 esp-3des esp-sha-hmac
B. crypto ipsec transform-set 2 esp-3des esp-md5-hmac
C. crypto ipsec transform-set 3 esp-aes 256 esp-sha-hmac
D. crypto ipsec transform-set 4 esp-aes esp-md5-hmac
E. crypto ipsec transform-set 5 esp-des esp-sha-hmac
F. crypto ipsec transform-set 6 esp-des esp-md5-hmac
Answer: C
QUESTION 15
Which two options are characteristics of the Cisco Configuration Professional Security Audit wizard? (Choose two.)
A. displays a screen with fix-it check boxes to let you choose which potential security-related configuration
changes to implement
B. has two modes of operation: interactive and non-interactive
C. automatically enables Cisco IOS firewall and Cisco IOS IPS to secure the router
D. uses interactive dialogs and prompts to implement role-based CLI
E. requires users to first identify which router interfaces connect to the inside network and which connect to
the outside network
Answer: AE
QUESTION 16
Which statement describes a result of securing the Cisco IOS image using the Cisco IOS image resilience feature?
A. The show version command does not show the Cisco IOS image file location.
B. The Cisco IOS image file is not visible in the output from the show flash command.
C. When the router boots up, the Cisco IOS image is loaded from a secured FTP location.
D. The running Cisco IOS image is encrypted and then automatically backed up to the NVRAM.
E. The running Cisco IOS image is encrypted and then automatically backed up to a TFTP server.
Answer: B
QUESTION 17
Which aaa accounting command is used to enable logging of the start and stop records for user terminal sessions on the router?
A. aaa accounting network start-stop tacacs+
B. aaa accounting system start-stop tacacs+
C. aaa accounting exec start-stop tacacs+
D. aaa accounting connection start-stop tacacs+
E. aaa accounting commands 15 start-stop tacacs+
Answer: C
QUESTION 18
Which access list permits HTTP traffic sourced from host 10.1.129.100 port 3030 destined to host 192.168.1.10?
A. access-list 101 permit tcp any eq 3030
B. access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 3030 192.168.1.0 0.0.0.15 eq www
C. access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.1.10 0.0.0.0 eq www
D. access-list 101 permit tcp host 192.168.1.10 eq 80 10.1.0.0 0.0.255.255 eq 3030
E. access-list 101 permit tcp 192.168.1.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255
F. access-list 101 permit ip host 10.1.129.100 eq 3030 host 192.168.1.100 eq 80
Answer: B
QUESTION 19
Which location is recommended for extended or extended named ACLs?
A. an intermediate location to filter as much traffic as possible
B. a location as close to the destination traffic as possible
C. when using the established keyword, a location close to the destination point to ensure that return traffic
is allowed
D. a location as close to the source traffic as possible
Answer: D
QUESTION 20
Which statement about asymmetric encryption algorithms is true?
A. They use the same key for encryption and decryption of data.
B. They use the same key for decryption but different keys for encryption of data.
C. They use different keys for encryption and decryption of data.
D. They use different keys for decryption but the same key for encryption of data.
Answer: C
If you want to pass the Cisco 640-554 Exam sucessfully, recommend to read latest 640-554 Dumps full version.
QUESTION 1
Which statement describes a best practice when configuring trunking on a switch port?
A. Disable double tagging by enabling DTP on the trunk port.
B. Enable encryption on the trunk port.
C. Enable authentication and encryption on the trunk port.
D. Limit the allowed VLAN(s) on the trunk to the native VLAN only.
E. Configure an unused VLAN as the native VLAN.
Answer: E
QUESTION 2
Which type of Layer 2 attack causes a switch to flood all incoming traffic to all ports?
A. MAC spoofing attack
B. CAM overflow attack
C. VLAN hopping attack
D. STP attack
Answer: B
QUESTION 3
What is the best way to prevent a VLAN hopping attack?
A. Encapsulate trunk ports with IEEE 802.1Q.
B. Physically secure data closets.
C. Disable DTP negotiations.
D. Enable BDPU guard.
Answer: C
QUESTION 4
Which statement about PVLAN Edge is true?
A. PVLAN Edge can be configured to restrict the number of MAC addresses that appear on a single port.
B. The switch does not forward any traffic from one protected port to any other protected port.
C. By default, when a port policy error occurs, the switchport shuts down.
D. The switch only forwards traffic to ports within the same VLAN Edge.
Answer: B
QUESTION 5
If you are implementing VLAN trunking, which additional configuration parameter should be added to the trunking configuration?
A. no switchport mode access
B. no switchport trunk native VLAN 1
C. switchport mode DTP
D. switchport nonnegotiate
Answer: D
QUESTION 6
When Cisco IOS zone-based policy firewall is configured, which three actions can be applied to a traffic class? (Choose three.)
A. pass
B. police
C. inspect
D. drop
E. queue
F. shape
Answer: ACD
QUESTION 7
With Cisco IOS zone-based policy firewall, by default, which three types of traffic are permitted by the router when some of the router interfaces are assigned to a zone? (Choose three.)
A. traffic flowing between a zone member interface and any interface that is not a zone member
B. traffic flowing to and from the router interfaces (the self zone)
C. traffic flowing among the interfaces that are members of the same zone
D. traffic flowing among the interfaces that are not assigned to any zone
E. traffic flowing between a zone member interface and another interface that belongs in a different zone
F. traffic flowing to the zone member interface that is returned traffic
Answer: BCD
QUESTION 8
Which option is a key difference between Cisco IOS interface ACL configurations and Cisco ASA appliance interface ACL configurations?
A. The Cisco IOS interface ACL has an implicit permit-all rule at the end of each interface ACL.
B. Cisco IOS supports interface ACL and also global ACL. Global ACL is applied to all interfaces.
C. The Cisco ASA appliance interface ACL configurations use netmasks instead of wildcard masks.
D. The Cisco ASA appliance interface ACL also applies to traffic directed to the IP addresses of the Cisco
ASA appliance interfaces.
E. The Cisco ASA appliance does not support standard ACL. The Cisco ASA appliance only support
extended ACL.
Answer: C
QUESTION 9
Which two options are advantages of an application layer firewall? (Choose two.)
A. provides high-performance filtering
B. makes DoS attacks difficult
C. supports a large number of applications
D. authenticates devices
E. authenticates individuals
Answer: BE
QUESTION 10
On Cisco ISR routers, for what purpose is the realm-cisco.pub public encryption key used?
A. used for SSH server/client authentication and encryption
B. used to verify the digital signature of the IPS signature file
C. used to generate a persistent self-signed identity certificate for the ISR so administrators can authenticate
the ISR when accessing it using Cisco Configuration Professional
D. used to enable asymmetric encryption on IPsec and SSL VPNs
E. used during the DH exchanges on IPsec VPNs
Answer: B
If you want to pass the Cisco 640-554 Exam sucessfully, recommend to read latest 640-554 Dumps full version.