Documente Academic
Documente Profesional
Documente Cultură
Examine the following options, which access list will permit HTTP traffic sourced from host
10.1.129.100 port 3030 destined to host 192.168.1.10?
Answer: D
Drag three proper statements about the IPsec protocol on the above to the list on the below.
m
.co
sts
lTe
tua
Ac
Answer:
m
.co
sts
lTe
QUESTION NO: 3
In a brute-force attack, what percentage of the keyspace must an attacker generally search
tua
through until he or she finds the key that decrypts the data?
A. Roughly 50 percent
B. Roughly 66 percent
Ac
C. Roughly 75 percent
D. Roughly 10 percent
Answer: A
QUESTION NO: 4
The information of Cisco Router and Security Device Manager(SDM) is shown below:
m
.co
sts
lTe
tua
Ac
Within the "sdm-permit" policy map, what is the action assigned to the traffic class "class-default"?
A. inspect
Answer: B
On the basis of the description of SSL-based VPN, place the correct descriptions in the proper
locations.
m
.co
sts
lTe
tua
Ac
Answer:
m
.co
sts
QUESTION NO: 6
lTe
A. All traffic destined for network 172.16.150.0 will be denied due to the implicitdeny all.
B. All traffic from network 10.0.0.0 will be permitted.
C. Access-list 101 will prevent address spoofing from interface E0.
D. This ACL will prevent any host on the Internet from spoofing the inside network address as the
source address for packets coming into the router from the Internet.
QUESTION NO: 7
For the following items ,which one can be used to authenticate the IPsec peers during IKE Phase
1?
A. pre-shared key
B. integrity check value
C. XAUTH
D. Diffie-Hellman Nonce
Answer: A
m
QUESTION NO: 8
.co
Which description about asymmetric encryption algorithms is correct?
A. They use the same key for encryption and decryption of data.
sts
B. They use different keys for decryption but the same key for encryption of data.
C. They use different keys for encryption and decryption of data.
D. They use the same key for decryption but different keys for encryption of data.
lTe
Answer: C
tua
QUESTION NO: 9
Ac
For the following items, which management topology keeps management traffic isolated from
production traffic?
A. OTP
B. OOB
C. SAFE
D. MARS
Answer: B
QUESTION NO: 10
You work as a network engineer, do you know an IPsec tunnel is negotiated within the protection
of which type of tunnel?
Answer: D
QUESTION NO: 11
As a candidate for CCNA examination, when you are familiar with the basic commands, if you
input the command "enable secret level 5 password" in the global mode , what does it indicate?
m
D. The enable secret password is hashed using SHA.
.co
E. The enable secret password is encrypted using Cisco proprietary level 5 encryption.
Answer: C
sts
QUESTION NO: 12
lTe
Examine the following options ,when editing global IPS settings, which one determines if the IOS-
based IPS feature will drop or permit traffic for a particular IPS signature engine while a new
signature for that engine is being compiled?
tua
Answer: B
QUESTION NO: 13
Answer: C
QUESTION NO: 14
Answer: C
m
QUESTION NO: 15
.co
LAB
sts
lTe
tua
Ac
m
.co
sts
lTe
tua
Ac
m
.co
sts
lTe
tua
Ac
QUESTION NO: 16
m
A. A CLI view supports only commands configured for that specific view, whereas a privilege level
.co
supports commands available to that level and all the lower levels.
B. A CLI view can function withouta AAA configuration, whereas a privilege level requires AAA to
be configured.
sts
C. A CLI view supports only monitoring commands, whereas a privilege level allows a user to
make changes to an IOS configuration.
D. A CLI view and a privilege level perform the same function. However, a CLI view is used on a
lTe
Answer: A
tua
..
Answer:
QUESTION NO: 18
Which statement best describes configuring access control lists to control Telnet traffic destined to
the router itself?
A. The ACL applied to the vty lines has no in or out option like ACL being applied to an interface.
B. The ACL is applied to the Telnet port with the ip access-group command.
m
C. The ACL must be applied to each vty line individually.
.co
D. The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from
connecting to an unsecured port.
Answer: D
sts
lTe
On the basis of the Cisco IOS Zone-Based Policy Firewall, by default, which three types zone?
tua
Ac
m
.co
sts
Drag three proper characterizations on the above to the list on the below.
Answer:
lTe
tua
Ac
QUESTION NO: 20
Answer: D
QUESTION NO: 21
m
For the following options ,which one accurately matches the CLI command(s) to the equivalent
SDM wizard that performs similar configuration functions?
.co
A. aaa configuration commands and the SDM Basic Firewall wizard
B. setup exec command and the SDM Security Audit wizard
sts
C. auto secure exec command and the SDM One-Step Lockdown wizard
D. Cisco Common Classification Policy Language configuration commands and the SDM Site-to-
Site VPN wizard
lTe
Answer: C
tua
m
.co
sts
lTe
tua
Ac
m
.co
sts
lTe
tua
Answer: 1
QUESTION NO: 23
When configuring Cisco IOS login enhancements for virtual connections, what is the "quiet
period"?
A. The period of time in which virtual login attempts are blocked, following repeated failed login
attempts
B. The period of time in which virtual logins are blocked as security services fully initialize
C. A period of time when no one is attempting to log in
D. The period of time between successive login attempts
QUESTION NO: 24
Based on the following items, which two types of interfaces are found on all network-based IPS
sensors? (Choose two.)
A. Loopback interface
B. Command and control interface
C. Monitoring interface
D. Management interface
Answer: B,C
m
QUESTION NO: 25
.co
Which description is true about the show login command output displayed in the exhibit?
sts
lTe
tua
A. Three or more login requests have failed within the last 100 seconds.
Ac
B. When the router goes into quiet mode, any host is permitted to access the router via Telnet,
SSH, and HTTP, since the quiet-mode access list has not been configured.
C. The login block-for command is configured to block login hosts for 93 seconds.
D. All logins from any sources are blocked for another 193 seconds.
Answer: A
QUESTION NO: 26
If a switch is working in the fail-open mode, what will happen when the switch's CAM table fills to
capacity and a new frame arrives?
A. A copy of the frame is forwarded out all switch ports other than the port the frame was received
on.
"Pass Any Exam. Any Time." - www.actualtests.com 18
Cisco 640-553: Practice Exam
B. The frame is transmitted on the native VLAN.
C. The switch sends a NACK segment to the frame's source MAC address.
D. The frame is dropped.
Answer: A
QUESTION NO: 27
Given the exhibit below. You are a network manager of your company. You are reading your
Syslog server reports. On the basis of the Syslog message shown, which two descriptions are
correct? (Choose two.)
A. This is a normal system-generated information message and does not require further
m
investigation.
B. Service timestamps have been globally enabled.
C. This message is unimportant and can be ignored.
.co
D. This message is a level 5 notification message.
sts
Answer: B,D
lTe
..
tua
Ac
Answer:
QUESTION NO: 29
What will be enabled by the scanning technology-The Dynamic Vector Streaming (DVS)?
Answer: D
QUESTION NO: 30
m
Which statement best describes the relationships between AAA function and TACACS+, RADIUS
based on the exhibit shown?
.co
sts
lTe
Answer: B
QUESTION NO: 31
The enable secret password appears as an MD5 hash in a router's configuration file, whereas the
enable password is not hashed (or encrypted, if the password-encryption service is not enabled).
What is the reason that Cisco still support the use of both enable secret and enable passwords in
a router's configuration?
Answer: A
QUESTION NO: 32
When configuring AAA login authentication on Cisco routers, which two authentication methods
m
should be used as the final method to ensure that the administrator can still log in to the router in
case the external AAA server fails?
(Choose two.) .co
A. group RADIUS
sts
B. group TACACS+
C. local
D. krb5
lTe
E. enable
F. if-authenticated
tua
Answer: C,E
Ac
QUESTION NO: 33
Which kind of table will be used by most firewalls today to keep track of the connections through
the firewall?
A. reflexive ACL
B. dynamic ACL
C. queuing
D. netflow
E. state
Answer: E
Based on the username global configuration mode command displayed in the exhibit. What does
the option secret 5 indicate about the enable secret password?
Answer: A
m
QUESTION NO: 35
.co
Before a Diffie-Hellman exchange may begin, the two parties involved must agree on what?
B. Twononsecret keys
C. Two secret numbers
lTe
D. Twononsecret numbers
Answer: D
tua
QUESTION NO: 36
Ac
Examine the following items, which one offers a variety of security solutions, including firewall,
IPS, VPN, antispyware, antivirus, and antiphishing features?
Answer: D
QUESTION NO: 37
Which three items are Cisco best-practice recommendations for securing a network? (Choose
three.)
"Pass Any Exam. Any Time." - www.actualtests.com 22
Cisco 640-553: Practice Exam
A. Routinely apply patches to operating systems and applications.
B. Disable unneeded services and ports on hosts.
C. Deploy HIPS software on all end-user workstations.
D. Require strong passwords, and enable password expiration.
Answer: A,B,D
QUESTION NO: 38
What Cisco Security Agent Interceptor is in charge of intercepting all read/write requests to the rc
files in UNIX?
A. Configuration interceptor
B. Network interceptor
C. File system interceptor
m
D. Execution space interceptor
Answer: A
.co
sts
..
lTe
tua
Ac
Answer:
Information about a managed device??s resources and activity is defined by a series of objects.
What defines the structure of these management objects?
A. MIB
B. FIB
C. LDAP
D. CEF
Answer: A
QUESTION NO: 41
m
A. when using the established keyword, a location close to the destination point to ensure that
return traffic is allowed .co
B. an intermediate location to filter as much traffic as possible
C. a location as close to the source traffic as possible
sts
D. a location as close to the destination traffic as possible
Answer: C
lTe
QUESTION NO: 42
tua
Refer to Cisco IOS Zone-Based Policy Firewall, where will the inspection policy be applied?
A. to the zone-pair
Ac
B. to the zone
C. to the interface
D. to the global service policy
Answer: A
QUESTION NO: 43
A. Influencing users to forward a call to a toll number (for example, a long distance or international
number)
B. Influencing users to provide personal information over a web page
Answer: D
QUESTION NO: 44
Which item is the great majority of software vulnerabilities that have been discovered?
A. Stack vulnerabilities
B. Heap overflows
C. Software overflows
D. Buffer overflows
m
Answer: D
.co
QUESTION NO: 45 CORRECT TEXT
sts
..
lTe
tua
Ac
m
.co
sts
lTe
tua
Ac
m
.co
sts
lTe
tua
Answer: 3,6
QUESTION NO: 46
Which one of the following items may be added to a password stored in MD5 to make it more
secure?
A. Ciphertext
B. Salt
C. Cryptotext
D. Rainbow table
Answer: B
Answer:
m
.co
sts
lTe
QUESTION NO: 48
tua
A. MD65
Ac
B. SHA-135
C. XR12
D. MD5
Answer: D
QUESTION NO: 49
Which algorithm was the first to be found suitable for both digital signing and encryption?
A. HMAC
B. RSA
C. MD5
Answer: B
QUESTION NO: 50
Which is the main difference between host-based and network-based intrusion prevention?
Answer: B
m
QUESTION NO: 51
.co
Which classes does the U.S. government place classified data into? (Choose three.)
sts
A. Top-secret
B. Confidential
lTe
C. SBU
D. Secret
tua
Answer: A,B,D
Ac
QUESTION NO: 52
With the increasing development of network, various network attacks appear. Which statement
best describes the relationships between the attack method and the result?
Answer: A
QUESTION NO: 53
m
C. Scanning a network for active IP addresses and open ports on those IP addresses
D. Using password-cracking utilities .co
Answer: B,C,D
sts
QUESTION NO: 54
lTe
What should be enabled before any user views can be created during role-based CLI configuration
?
tua
Answer: A
QUESTION NO: 55
You are a network technician at Certpaper.com. Which description is correct when you have
generated RSA keys on your Cisco router to prepare for secure device management?
A. You must then specify the general-purpose key size used for authentication with the crypto key
generatersa general-keys modulus command.
B. You must thenzeroize the keys to reset secure shell before configuring other parameters.
C. Allvty ports are automatically enabled for SSH to provide secure management.
Answer: D
QUESTION NO: 56
Which result is of securing the Cisco IOS image by use of the Cisco IOS image resilience feature?
A. The Cisco IOS image file will not be visible in the output from the show flash command.
B. The show version command will not show the Cisco IOS image file location.
C. When the router boots up, the Cisco IOS image will be loaded from a secured FTPlocation.
D. The running Cisco IOS image will be encrypted and then automatically backed up to a TFTP
server.
Answer: A
m
QUESTION NO: 57
.co
What are four methods used by hackers? (Choose four.)
sts
Answer: A,B,D,F
Ac
QUESTION NO: 58
m
E. CK2, CK3, CK6 and CK8
Answer: A .co
sts
QUESTION NO: 59 DRAG DROP
Drag two characteristics of the SDM Security Audit wizard on the above to the list on the below.
lTe
tua
Ac
Answer:
m
.co
QUESTION NO: 60
sts
The information of Cisco Router and Security Device Manager(SDM) is shown below:
lTe
tua
Ac
m
.co
sts
lTe
tua
Ac
Within the "sdm-inspect" policy map, what is the action assigned to the traffic class "sdm-invalid-
src", and which traffic is matched by the traffic class "sdm-invlid-src" ? (Choose two.)
Answer: A,B
QUESTION NO: 61
A. In ECB mode, each 56-bit plain-text block is exclusive ORed (XORed) bitwise with the previous
ciphertext block.
B. ECB mode uses the same 64-bit key to serially encrypt each 56-bit plain-text block.
C. In ECB mode, each 64-bit plain-text block is exclusive ORed (XORed) bitwise with the previous
m
ciphertext block.
.co
D. ECB mode uses the same 56-bit key to serially encrypt each 64-bit plain-text block.
Answer: D
sts
QUESTION NO: 62
lTe
A. An entity responsible for registering the private key encryption used in a PKI
tua
Answer: C
QUESTION NO: 63
Which statement is not a reason for an organization to incorporate a SAN in its enterprise
infrastructure?
A. To decrease both capital and operating expenses associated with data storage
B. To decrease the threat of viruses and worm attacks against data storage devices
C. To meet changing business priorities, applications, and revenue growth
D. To increase the performance of long-distance replication, backup, and recovery
QUESTION NO: 64
Which two ports are used with RADIUS authentication and authorization?(Choose two.)
Answer: A,D
m
QUESTION NO: 65
Which three statements are valid SDM configuration wizards? (Choose three.)
A. NAT
.co
B. VPN
sts
C. STP
D. Security Audit
lTe
Answer: A,B,D
tua
QUESTION NO: 66
With which three tasks does the IPS Policies Wizard help you? (Choose three.)
Ac
Answer: A,B,C
QUESTION NO: 67
Instructions
To access the Cisco Router and Security Device Manager(SDM) utility click on the console host
icon that is connected to a ISR router.
You can click on the grey buttons below to view the different windows.
m
.co
sts
lTe
tua
Ac
Answer: D,E
QUESTION NO: 68
m
A. takes a snapshot of the router running configuration and securely archives it in persistent
storage
.co
B. stores a secured copy of the Cisco IOS image in its persistent storage
C. backs up the Cisco IOS image from flash to a TFTP server
sts
Answer: A
lTe
QUESTION NO: 69
tua
Observe the following options carefully, which two attacks focus on RSA? (Choose all that apply.)
Ac
A. BPA attack
B. Adaptive chosenciphertext attack
C. DDoS attack
D. Man-in-the-middle attack
Answer: A,B
QUESTION NO: 70
Examine the following options , which Spanning Tree Protocol (STP) protection mechanism
disables a switch port if the port receives a Bridge Protocol Data Unit (BPDU)?
A. UplinkFast
Answer: C
QUESTION NO: 71
Which Public Key Cryptographic Standards (PKCS) defines the syntax for encrypted messages
and messages with digital signatures?
A. PKCS #7
B. PKCS #8
C. PKCS #10
D. PKCS #12
m
Answer: A
.co
QUESTION NO: 72
sts
Which one is the most important based on the following common elements of a network design?
lTe
A. Business needs
B. Risk analysis
C. Security policy
tua
D. Best practices
Answer: A
Ac
QUESTION NO: 73
Which firewall best practices can help mitigate worm and other automated attacks?
Answer: D
For the following statements, which one is perceived as a drawback of implementing Fibre
Channel
Authentication Protocol (FCAP)?
Answer: D
QUESTION NO: 75
m
Which type of firewall is needed to open appropriate UDP ports required for RTP streams?
A. Stateful firewall
B. Proxy firewall
.co
C. Packet filtering firewall
sts
D. Stateless firewall
Answer: A
lTe
QUESTION NO: 76
tua
Which one of the following commands can be used to enable AAA authentication to determine if a
user can access the privilege command level?
Ac
Answer: B
QUESTION NO: 77
For the following attempts, which one is to ensure that no one employee becomes a pervasive
security threat, that data can be recovered from backups, and that information system changes do
not compromise a system's security?
Answer: D
QUESTION NO: 78
Which item is the correct matching relationships associated with IKE Phase?
m
.co
sts
A. IKE Phase 1 - CK1 and CK4
IKE Phase 2 - CK2, CK3 and CK5
B. IKE Phase 1 - CK2 and CK4
lTe
Answer: A
QUESTION NO: 79
For the following statements, which one is the strongest symmetrical encryption algorithm?
A. AES
B. 3DES
C. DES
D. Diffie-Hellman
Answer: A
Which protocol will use a LUN as a way to differentiate the individual disk drives that comprise a
target device?
A. SCSI
B. HBA
C. ATA
D. iSCSI
Answer: A
QUESTION NO: 81
The information of Cisco Router and Security Device Manager(SDM) is shown below:
m
.co
sts
lTe
tua
Ac
m
.co
sts
lTe
tua
Ac
Which three protocols are matched by the "sdm-cls-insp-traffic" class map? (Choose three)
A. pop3
Answer: A,B,D
QUESTION NO: 82
Which statement best describes the Turbo ACL feature? (Choose all that apply.)
A. The Turbo ACL feature processes ACLs into lookup tables for greater efficiency.
B. The Turbo ACL feature leads to increased latency, because the time it takes to match the
packet is variable.
C. The Turbo ACL feature leads to reduced latency, because the time it takes to match the packet
is fixed and consistent.
m
D. Turbo ACLs increase the CPU load by matching the packet to a predetermined list.
Answer: A,C
.co
sts
QUESTION NO: 83
What is the objective of the aaa authentication login console-in local command?
lTe
A. It specifies the login authentication method list named console-in using the local user database
on the router.
tua
B. It specifies the login authorization method list named console-in using the local RADIUS
username-password database.
C. It specifies the login authentication list named console-in using the local username- password
Ac
Answer: A
QUESTION NO: 84
Answer: C
QUESTION NO: 85
After enabling port security on a Cisco Catalyst switch, what is the default action when the
configured maximum of allowed MAC addresses value is exceeded?
Answer: B
m
QUESTION NO: 86
.co
Which item is correct regarding Cisco IOS IPS on Cisco IOS Release 12.4(11)T and later ?
sts
C. supports SDEE, SYSLOG, and SNMP for sending Cisco IPS alerts
D. uses Cisco IPS 5.x signature format
tua
Answer: D
Ac
QUESTION NO: 87
Regarding constructing a good encryption algorithm, what does creating an avalanche effect
indicate?
Answer: D
A standard access control list has been configured on a router and applied to interface Serial 0 in
an outbound direction. No ACL is applied to Interface Serial 1 on the same router. What will
happen when traffic being filtered by the access list does not match the configured ACL
statements for Serial 0?
Answer: A
m
QUESTION NO: 89
.co
What will be disabled as a result of the no service password-recovery command?
Answer: D
tua
QUESTION NO: 90
Ac
The information of Cisco Router and Security Device Manager(SDM) is shown below:
m
.co
sts
lTe
tua
Ac
A. sdm-permit-icmpreply
Answer: B
m
Answer:
.co
sts
lTe
tua
QUESTION NO: 92
Answer: C
QUESTION NO: 93
When using the Cisco SDM Quick Setup Siteto-Site VPN wizard, which three parameters do you
configure? (Choose three.)
Answer: A,B,D
QUESTION NO: 94
On the basis of the show policy-map type inspect zone-pair session command output provided in
the exhibit.What can be determined about this Cisco IOS zone based firewall policy?
m
.co
sts
lTe
tua
Ac
A. Stateful packet inspection will be applied only to HTTP packets that also match ACL 110.
B. This is an inbound policy (applied to traffic sourced from the less secured zone destined to the
more secured zone).
C. This is an outbound policy (applied to traffic sourced from the more secured zone destined to
the less secured zone).
D. All packets will be dropped since the class-default traffic class is matching all traffic.
Answer: A
QUESTION NO: 95
Which name is of the e-mail traffic monitoring service that underlies that architecture of IronPort?
Answer: A
QUESTION NO: 96
How do you define the authentication method that will be used with AAA?
m
Answer: C
.co
QUESTION NO: 97 CORRECT TEXT
sts
..
lTe
tua
Ac
m
.co
sts
lTe
tua
Ac
m
.co
sts
lTe
Answer: 4
Ac
QUESTION NO: 98
Refer to the exhibit. You are the network security administrator responsible for router security.
Your network uses internal IP addressing according to RFC 1918 specifications. From the default
rules shown, which access control list would prevent IP address spoofing of these internal
networks?
A. SDM_Default_197
B. SDM_Default_199
C. SDM_Default_196
m
D. SDM_Default_198
Answer: D .co
sts
QUESTION NO: 99
Please choose the correct matching relationships between the cryptography algorithms and the
lTe
type of algorithm.
tua
Ac
Answer: A
For the following items, which one acts as a VPN termination device and is located at a primary
network location?
A. Broadband service
B. Headend VPN device
C. VPN access device
D. Tunnel
m
Answer: B
.co
QUESTION NO: 101
sts
Refer to the exhibit. Based on the VPN connection shown, which statement is true?
lTe
tua
Ac
Answer: A
As a network engineer at Certpaper.com, you are responsible for Certpaper network. Which will be
necessarily taken into consideration when implementing Syslogging in your network?
Answer: D
Which type of MAC address is dynamically learned by a switch port and then added to the switch's
running configuration?
m
D. Sticky secure MAC address
Answer: D
.co
sts
C. used to establish a symmetric shared key via a public key exchange process
D. used for asymmetric public key encryption
Ac
Answer: C
Which VoIP components can permit or deny a call attempt on the basis of a network's available
bandwidth?
A. MCU
B. Application server
C. Gateway
D. Gatekeeper
Answer: D
Which information is stored in the stateful session flow table while using a stateful firewall?
A. the inside private IP address and the translated inside global IP address
B. the source and destination IP addresses, port numbers, TCP sequencing information, and
additional flags for each TCP or UDP connection associated with a particular session
C. the outbound and inbound access rules (ACL entries)
D. all TCP and UDP header information only
Answer: B
m
QUESTION NO: 107 CORRECT TEXT
.
.co
sts
lTe
tua
Ac
m
.co
sts
lTe
tua
Ac
m
.co
sts
lTe
tua
Answer: 3
Ac
When configuring SSH, which is the Cisco minimum recommended modulus value?
A. 2048 bits
B. 1024 bits
C. 256 bits
D. 512 bits
Answer: B
Which type of intrusion prevention technology will be primarily used by the Cisco IPS security
appliances?
A. signature-based
B. profile-based
C. rule-based
D. protocol analysis-based
Answer: A
Which two statements are correct regarding a Cisco IP phone??s web access feature? (Choose
m
two.)
.co
A. It can provide IP address information about other servers in the network.
B. It requires login credentials, based on the UCM user database.
C. It is enabled by default.
sts
D. It uses HTTPS.
Answer: A,C
lTe
A. Authorization
Ac
B. Confidentiality
C. Authentication
D. Integrity
Answer: D
Which method is of gaining access to a system that bypasses normal security measures?
Answer: C
Which two actions can be configured to allow traffic to traverse an interface when zone-based
security is being employed? (Choose two.)
A. Pass
B. Flow
C. Allow
D. Inspect
Answer: A,D
m
QUESTION NO: 114
.co
Which three are distinctions between asymmetric and symmetric algorithms? (Choose all that
sts
apply.)
B. Asymmetric algorithms are used quite often as key exchange protocols for symmetric
algorithms.
C. Only asymmetric algorithms have a key exchange technology built in.
tua
Answer: B,C,D
Ac
Which two primary port authentication protocols are used with VSANs? (Choose two.)
A. SPAP
B. CHAP
C. DHCHAP
D. ESP
Answer: B,C
When configuring role-based CLI on a Cisco router, which action will be taken first ?
Answer: C
Which statement is correct regarding the aaa configurations based on the exhibit provided?
m
.co
sts
lTe
D. The authentication method list used by the console port is named test.
Answer: A
Which one of the aaa accounting commands can be used to enable logging of both the start and
stop records for user terminal sessions on the router?
A. It validates the fact that a packet is either a connection request or a data packet belonging to a
connection.
B. It evaluates network packets for valid data at the application layer before allowing connections.
C. It analyzes network traffic at the network and transport protocol layers.
D. It keeps track of the actual communication process through the use of a state table.
Answer: C
m
QUESTION NO: 120
.co
For the following options, which feature is the foundation of Cisco Self-Defending Network
technology?
sts
A. secure network platform
B. secure connectivity
C. threat control and containment
lTe
D. policy management
Answer: A
tua
..
Answer:
Which three common examples are of AAA implementation on Cisco routers? Please place the
correct descriptions in the proper locations.
m
.co
sts
lTe
tua
Ac
Answer:
m
.co
sts
lTe
If you click the Configure button along the top of Cisco SDM??s graphical interface,which Tasks
tua
button permits you to configure such features as SSH, NTP, SNMP, and syslog?
B. Intrusion Prevention
C. Security Audit
D. Additional Tasks
Answer: D
In an IEEE 802.1x deployment, between which two devices EAPOL messages typically are sent?
Answer: A
Which one of the Cisco IOS commands can be used to verify that either the Cisco IOS image, the
configuration files, or both have been properly backed up and secured?
A. show archive
B. show flash
C. show file systems
D. show securebootset
Answer: D
m
QUESTION NO: 126
.co
Instructions
sts
To access the Cisco Router and Security Device Manager(SDM) utility click on the console host
icon that is connected to a ISR router.
You can click on the grey buttons below to view the different windows.
lTe
Each of the windows can be minimized by clicking on the [-].You can also reposition a window by
dragging it by the title bar.
The "Tab" key and most commands that use the "Control"or "Escape" keys are not supported and
tua
m
.co
sts
lTe
tua
Ac
A. Traffic not matched by any of the class maps within that policy map will be inspected
Answer: B
Which key method is used to detect and prevent attacks by use of IDS and/or IPS technologies?
A. Signature-based detection
B. Anomaly-based detection
C. Honey pot detection
D. Policy-based detection
m
Answer: A
.co
QUESTION NO: 128
sts
Please choose the correct description about Cisco Self-Defending Network characteristics.
lTe
tua
A. INTEGRATED - CK2
COLLABORATIVE - CK1
Ac
ADAPTIVE - CK3
B. INTEGRATED - CK1
COLLABORATIVE - CK2
ADAPTIVE - CK3
C. INTEGRATED - CK3
COLLABORATIVE - CK2
ADAPTIVE - CK1
D. INTEGRATED - CK2
COLLABORATIVE - CK3
ADAPTIVE - CK1
Answer: A
Answer:
m
.co
sts
Explanation:
lTe
tua
Ac
Answer:
Explanation:
m
.co
sts
QUESTION NO: 131 DRAG DROP
lTe
tua
Ac
Answer:
Explanation:
m
.co
sts
lTe
Answer:
tua
Ac
Explanation:
m
.co
sts
Answer:
lTe
tua
Ac
Match the descriptions on the left with the IKE phases on the right.
m
.co
sts
lTe
tua
Ac