New Updated Cisco CCNA Security 640-554 Real Exam Download 171-180



Which two statements about IPv6 access lists are true? (Choose two).


A.      IPv6 access lists support numbered access lists.

B.      IPv6 access lists support wildcard masks.

C.      IPv6 access lists support standard access lists.

D.      IPv6 access lists support named access lists.

E.       IPv6 access lists support extended access lists.


Correct Answer: DE




Which command enables subnet to communicate with subnet

on IP protocol 50?


A.      permit esp

B.      permit esp

C.      permit esp

D.      permit esp


Correct Answer: D




Which two types of access lists can be used for sequencing? (Choose two.)


A.      reflexive

B.      standard

C.      dynamic

D.      extended


Correct Answer: BD




Which command will block IP traffic to the destination


A.      access-list 101 deny ip host any

B.      access-list 101 deny ip any host

C.      access-list 101 deny ip any any

D.      access-list 11 deny host


Correct Answer: B




Which two countermeasures can mitigate STP root bridge attacks? (Choose two.)


A.      root guard

B.      BPDU filtering

C.      Layer 2 PDU rate limiter

D.      BPDU guard


Correct Answer: AD




Which two countermeasures can mitigate MAC spoofing attacks? (Choose two.)


A.      IP source guard

B.      port security

C.      root guard

D.      BPDU guard

Correct Answer: AB




Which statement correctly describes the function of a private VLAN?


A.      A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomains.

B.      A private VLAN partitions the Layer 3 broadcast domain of a VLAN into subdomains.

C.      A private VLAN enables the creation of multiple VLANs using one broadcast domain.

D.      A private VLAN combines the Layer 2 broadcast domains of many VLANs into one major

broadcast domain.


Correct Answer: A




What are two primary attack methods of VLAN hopping? (Choose two.)


A.      VoIP hopping

B.      switch spoofing

C.      CAM-table overflow

D.      double tagging


Correct Answer: BD




Which type of attack can be prevented by setting the native VLAN to an unused VLAN?


A.      VLAN-hopping attacks

B.      CAM-table overflow

C.      denial-of-service attacks

D.      MAC-address spoofing


Correct Answer: A




What is the purpose of a trunk port?


A.      A trunk port carries traffic for multiple VLANs.

B.      A trunk port connects multiple hubs together to increase bandwidth.

C.      A trunk port separates VLAN broadcast domains.

D.      A trunk port provides a physical link specifically for a VPN.


Correct Answer: A


Download Latest Complete collection of CCNA Security 640-554 Real Exam ,help you to pass exam 100%.

Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCNA Security Exams Questions and Answers

Leave a Reply