New Updated Cisco CCNA Security 640-554 Real Exam Download 41-50

Ensurepass

QUESTION 41

Which IPS technique commonly is used to improve accuracy and context awareness, aiming to

detect and respond to relevant incidents only and therefore, reduce noise?

 

A.      attack relevancy

B.      target asset value

C.      signature accuracy

D.      risk rating

 

Correct Answer: D

 

 

QUESTION 42

Which two statements about SSL-based VPNs are true? (Choose two.)

 

A.      Asymmetric algorithms are used for authentication and key exchange.

B.      SSL VPNs and IPsec VPNs cannot be configured concurrently on the same router.

C.      The application programming interface can be used to modify extensively the SSL client

software for use in special applications.

D.      The authentication process uses hashing technologies.

E.       Both client and clientless SSL VPNs require special-purpose client software to be installed on

the client machine.

 

Correct Answer: AD

 

 

QUESTION 43

Which option describes the purpose of Diffie-Hellman?

 

A.      used between the initiator and the responder to establish a basic security policy

B.      used to verify the identity of the peer

C.      used for asymmetric public key encryption

D.      used to establish a symmetric shared key via a public key exchange process

 

Correct Answer: D

 

 

QUESTION 44

Which three statements about the IPsec ESP modes of operation are true? (Choose three.)

 

A.      Tunnel mode is used between a host and a security gateway.

B.      Tunnel mode is used between two security gateways.

C.      Tunnel mode only encrypts and authenticates the data.

D.      Transport mode authenticates the IP header.

E.       Transport mode leaves the original IP header in the clear.

 

Correct Answer: ABE

 

 

QUESTION 45

When configuring SSL VPN on the Cisco ASA appliance, which configuration step is required only

for Cisco AnyConnect full tunnel SSL VPN access and not required for clientless SSL VPN?

 

A.      user authentication

B.      group policy

C.      IP address pool

D.      SSL VPN interface

E.       connection profile

 

Correct Answer: C

 

 

QUESTION 46

For what purpose is the Cisco ASA appliance web launch SSL VPN feature used?

 

A.      to enable split tunneling when using clientless SSL VPN access

B.      to enable users to login to a web portal to download and launch the AnyConnect client

C.      to enable smart tunnel access for applications that are not web-based

D.      to optimize the SSL VPN connections using DTLS

E.       to enable single-sign-on so the SSL VPN users need only log in once

 

Correct Answer: B

 

 

QUESTION 47

Which statement describes how VPN traffic is encrypted to provide confidentiality when using

asymmetric encryption?

 

A.      The sender encrypts the data using the sender’s private key, and the receiver decrypts the

data using the sender’s public key.

B.      The sender encrypts the data using the sender’s public key, and the receiver decrypts the

data using the sender’s private key.

C.      The sender encrypts the data using the sender’s public key, and the receiver decrypts the

data using the receiver’s public key.

D.      The sender encrypts the data using the receiver’s private key, and the receiver decrypts the

data using the receiver’s public key.

E.       The sender encrypts the data using the receiver’s public key, and the receiver decrypts the

data using the receiver’s private key.

F.       The sender encrypts the data using the receiver’s private key, and the receiver decrypts the

data using the sender’s public key.

 

Correct Answer: E

 

 

QUESTION 48

Which four types of VPN are supported using Cisco ISRs and Cisco ASA appliances? (Choose four.)

 

A.      SSL clientless remote-access VPNs

B.      SSL full-tunnel client remote-access VPNs

C.      SSL site-to-site VPNs

D.      IPsec site-to-site VPNs

E.       IPsec client remote-access VPNs

F.       IPsec clientless remote-access VPNs

 

Correct Answer: ABDE

 

 

QUESTION 49

Which description of the Diffie-Hellman protocol is true?

 

A.      It uses symmetrical encryption to provide data confidentiality over an unsecured

communications channel.

B.      It uses asymmetrical encryption to provide authentication over an unsecured

communications channel.

C.      It is used within the IKE Phase 1 exchange to provide peer authentication.

D.      It provides a way for two peers to establish a shared-secret key, which only they will know,

even though they are communicating over an unsecured channel.

E.       It is a data integrity algorithm that is used within the IKE exchanges to guarantee the integrity

of the message of the IKE exchanges.

 

Correct Answer: D

 

 

QUESTION 50

Which IPsec transform set provides the strongest protection?

 

A.      crypto ipsec transform-set 1 esp-3des esp-sha-hmac

B.      crypto ipsec transform-set 2 esp-3des esp-md5-hmac

C.      crypto ipsec transform-set 3 esp-aes 256 esp-sha-hmac

D.      crypto ipsec transform-set 4 esp-aes esp-md5-hmac

E.       crypto ipsec transform-set 5 esp-des esp-sha-hmac

F.       crypto ipsec transform-set 6 esp-des esp-md5-hmac

 

Correct Answer: C

 

Download Latest Complete collection of CCNA Security 640-554 Real Exam ,help you to pass exam 100%.

Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCNA Security Exams Questions and Answers

Leave a Reply