New Updated Cisco CCNA Security 640-554 Real Exam Download 61-70



Which option represents a step that should be taken when a security policy is developed?


A.      Perform penetration testing.

B.      Determine device risk scores.

C.      Implement a security monitoring system.

D.      Perform quantitative risk analysis.


Correct Answer: D




Which type of network masking is used when Cisco IOS access control lists are configured?


A.      extended subnet masking

B.      standard subnet masking

C.      priority masking

D.      wildcard masking


Correct Answer: D




How are Cisco IOS access control lists processed?


A.      Standard ACLs are processed first.

B.      The best match ACL is matched first.

C.      Permit ACL entries are matched first before the deny ACL entries.

D.      ACLs are matched from top down.

E.       The global ACL is matched first before the interface ACL.


Correct Answer: D




Which type of management reporting is defined by separating management traffic from

production traffic?


A.      IPsec encrypted

B.      in-band

C.      out-of-band

D.      SSH


Correct Answer: C




Which syslog level is associated with LOG_WARNING?


A.      1

B.      2

C.      3

D.      4

E.       5

F.       6

G.      7

H.      0


Correct Answer: D




In which type of Layer 2 attack does an attacker broadcast BDPUs with a lower switch priority?


A.      MAC spoofing attack

B.      CAM overflow attack

C.      VLAN hopping attack

D.      STP attack


Correct Answer: D




Which security measure must you take for native VLANs on a trunk port?


A.      Native VLANs for trunk ports should never be used anywhere else on the switch.

B.      The native VLAN for trunk ports should be VLAN 1.

C.      Native VLANs for trunk ports should match access VLANs to ensure that cross-VLAN traffic

from multiple switches can be delivered to physically disparate switches.

D.      Native VLANs for trunk ports should be tagged with 802.1Q.


Correct Answer: A




Refer to the exhibit. Which switch is designated as the root bridge in this topology?



A.      It depends on which switch came on line first.

B.      Neither switch would assume the role of root bridge because they have the same default


C.      switch X

D.      switch Y


Correct Answer: C




Which type of firewall technology is considered the versatile and commonly used firewall



A.      static packet filter firewall

B.      application layer firewall

C.      stateful packet filter firewall

D.      proxy firewall

E.       adaptive layer firewall


Correct Answer: C




Which type of NAT is used where you translate multiple internal IP addresses to a single global,

routable IP address?


A.      policy NAT

B.      dynamic PAT

C.      static NAT

D.      dynamic NAT

E.       policy PAT


Correct Answer: B


Download Latest Complete collection of CCNA Security 640-554 Real Exam ,help you to pass exam 100%.

Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCNA Security Exams Questions and Answers

Leave a Reply