New Updated Cisco CCNA Security 640-554 Real Exam Download 51-60

Ensurepass

QUESTION 51

Which two options are characteristics of the Cisco Configuration Professional Security Audit

wizard? (Choose two.)

 

A.      displays a screen with fix-it check boxes to let you choose which potential security-related

configuration changes to implement

B.      has two modes of operation: interactive and non-interactive

C.      automatically enables Cisco IOS firewall and Cisco IOS IPS to secure the router

D.      uses interactive dialogs and prompts to implement role-based CLI

E.       requires users to first identify which router interfaces connect to the inside network and

which connect to the outside network

 

Correct Answer: AE

 

 

QUESTION 52

Which statement describes a result of securing the Cisco IOS image using the Cisco IOS image

resilience feature?

 

A.      The show version command does not show the Cisco IOS image file location.

B.      The Cisco IOS image file is not visible in the output from the show flash command.

C.      When the router boots up, the Cisco IOS image is loaded from a secured FTP location.

D.      The running Cisco IOS image is encrypted and then automatically backed up to the NVRAM.

E.       The running Cisco IOS image is encrypted and then automatically backed up to a TFTP server.

 

Correct Answer: B

 

 

QUESTION 53

Which aaa accounting command is used to enable logging of the start and stop records for user

terminal sessions on the router?

 

A.      aaa accounting network start-stop tacacs+

B.      aaa accounting system start-stop tacacs+

C.      aaa accounting exec start-stop tacacs+

D.      aaa accounting connection start-stop tacacs+

E.       aaa accounting commands 15 start-stop tacacs+

 

Correct Answer: C

 

 

QUESTION 54

Which access list permits HTTP traffic sourced from host 10.1.129.100 port 3030 destined to host

192.168.1.10?

 

A.      access-list 101 permit tcp any eq 3030

B.      access-list 101 permit tcp 10.1.128.0 0.0.1 .255 eq 3030 192.1 68.1 .0 0.0.0.15 eq www

C.      access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.1.10 0.0.0.0 eq www

D.      access-list 101 permit tcp host 192.1 68.1 .10 eq 80 10.1.0.0 0.0.255.255 eq 3030

E.       access-list 101 permit tcp 192.168.1.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255

F.       access-list 101 permit ip host 10.1.129.100 eq 3030 host 192.168.1.10 eq 80

 

Correct Answer: B

 

 

QUESTION 55

Which location is recommended for extended or extended named ACLs?

 

A.      an intermediate location to filter as much traffic as possible

B.      a location as close to the destination traffic as possible

C.      when using the established keyword, a location close to the destination point to ensure that

return traffic is allowed

D.      a location as close to the source traffic as possible

 

Correct Answer: D

 

 

QUESTION 56

Which statement about asymmetric encryption algorithms is true?

 

A.      They use the same key for encryption and decryption of data.

B.      They use the same key for decryption but different keys for encryption of data.

C.      They use different keys for encryption and decryption of data.

D.      They use different keys for decryption but the same key for encryption of data.

 

Correct Answer: C

 

 

QUESTION 57

Which option can be used to authenticate the IPsec peers during IKE Phase 1?

 

A.      Diffie-Hellman Nonce

B.      pre-shared key

C.      XAUTH

D.      integrity check value

E.       ACS

F.       AH

 

Correct Answer: B

 

 

QUESTION 58

Which single Cisco IOS ACL entry permits IP addresses from 172.16.80.0 to 172.16.87.255?

 

A.      permit 172.16.80.0 0.0.3.255

B.      permit 172.16.80.0 0.0.7.255

C.      permit 172.16.80.0 0.0.248.255

D.      permit 176.16.80.0 255.255.252.0

E.       permit 172.16.80.0 255.255.248.0

F.       permit 172.16.80.0 255.255.240.0

 

Correct Answer: B

 

 

QUESTION 59

You want to use the Cisco Configuration Professional site-to-site VPN wizard to implement a

site-to-site IPsec VPN using pre-shared key. Which four configurations are required (with no

defaults)? (Choose four.)

 

A.      the interface for the VPN connection

B.      the VPN peer IP address

C.      the IPsec transform-set

D.      the IKE policy

E.       the interesting traffic (the traffic to be protected)

F.       the pre-shared key

 

Correct Answer: ABEF

 

 

QUESTION 60

Which two options represent a threat to the physical installation of an enterprise network?

(Choose two.)

 

A.      surveillance camera

B.      security guards

C.      electrical power

D.      computer room access

E.       change control

 

Correct Answer: CD

 

Download Latest Complete collection of CCNA Security 640-554 Real Exam ,help you to pass exam 100%.

Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCNA Security Exams Questions and Answers

Leave a Reply