www.Passin1day.com Presents:
Cisco 640-554 Exam Questions Implementing Cisco IOS Network Security (IINS v2.0) Version: 23.0
1
2
Description Descriptive but short introduction of 640-554 Certification Exam is as Follows: The 640-554 Implementing Cisco IOS Network Security (IINS) exam is associated with the CCNA Security certification. This exam tests a candidate's knowledge about securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure.
www.passin1day.com
Training Recommendations
3
The Following Course is the Recommended Training for this Exam: ďƒ˜
Implementing Cisco IOS Network Security (IINS)
www.passin1day.com
Exam Topics
4
The Following Topics Should be Covered for 640-554:
Security and Cisco Routers
Common Security Threats
AAA on Cisco Devices
IOS ACLs
Secure Network Management and Reporting
Common Layer 2 Attacks
Cisco Firewall Technologies
Cisco IPS www.passin1day.com
640-554 Exam Questions
5
QUESTION NO: 1
Which statement about the role-based CLI access views on a Cisco router is true? A. The maximum number of configurable CLI access views is 10, including one lawful intercept view and excluding the root view. B. The maximum number of configurable CLI access views is 10, including one superview. C. The maximum number of configurable CLI access views is 15, including one lawful intercept view and excluding the root view. D. The maximum number of configurable CLI access views is 15, including one lawful intercept view. Answer: C www.passin1day.com
640-554 Exam Questions
6
QUESTION NO: 2
Which statement about rule-based policies in Cisco Security Manager is true? A. Rule-based policies contain one or more rules that are related to a device security and operations parameters. B. Rule-based policies contain one or more rules that control how traffic is filtered and inspected on a device. C. Rule-based policies contain one or more user roles that are related to a device security and operations parameters. D. Rule-based policies contain one or more user roles that control how user traffic is filtered and inspected on a device. Answer: B www.passin1day.com
640-554 Exam Questions
7
QUESTION NO: 3
Which command will configure a Cisco ASA firewall to authenticate users when they enter the enable syntax using the local database with no fallback method? A. aaa authentication enable console LOCAL SERVER_GROUP B. aaa authentication enable console SERVER_GROUP LOCAL C. aaa authentication enable console local D. aaa authentication enable console LOCAL Answer: D
www.passin1day.com
640-554 Exam Questions
8
QUESTION NO: 4
Which three statements about RADIUS are true? (Choose three.) A. RADIUS uses TCP port 49 B. RADIUS uses UDP ports 1645 or 1812 C. RADIUS encrypts the entire packet D. RADIUS encrypts only the password in the Access-Request packet E. RADIUS is a Cisco proprietary technology F. RADIUS is an open standard Answer: B,D,F www.passin1day.com
640-554 Exam Questions
9
QUESTION NO: 5
Which command will configure AAA accounting using the list of all RADIUS servers on a device to generate a reload event message when the device reloads? A. aaa accounting network default start-stop group radius B. aaa accounting auth-proxy default start-stop group radius C. aaa accounting system default start-stop group radius D. aaa accounting exec default start-stop group radius Answer: C www.passin1day.com
640-554 Exam Questions
10
QUESTION NO: 6
Which three statements about access lists are true? (Choose three.) A. Extended access lists should be placed as near as possible to the destination. B. Extended access lists should be placed as near as possible to the source. C. Standard access lists should be placed as near as possible to the destination. D. Standard access lists should be placed as near as possible to the source E. Standard access lists filter on the source address. F. Standard access lists filter on the destination address. Answer: B,C,E
www.passin1day.com
640-554 Exam Questions
11
QUESTION NO: 7
Which command configures a device to actively watch connection requests and provide immediate protection from DDoSattacks? A. router(config)# iptcpintercept mode intercept B. router(config)# iptcpintercept mode watch C. router(config)# iptcpintercept max-incomplete high 100 D. router(config)# iptcpintercept drop-mode random Answer: A www.passin1day.com
640-554 Exam Questions
12
QUESTION NO: 8
Which command will block external spoofed addresses? A. access-list 128 deny ip10.0.0.0 0.0.255.255 any B. access-list 128 deny ip192.168.0.0 0.0.0.255 any C. access-list 128 deny ip10.0.0.0 0.255.255.255 any D. access-list 128 deny ip192.168.0.0 0.0.31.255 any Answer: C www.passin1day.com
640-554 Exam Questions
13
QUESTION NO: 9
Which option describes a function of a virtual VLAN? A. A virtual VLAN creates a logically partitioned LAN to place switch ports in a separate broadcast domain. B. A virtual VLAN creates trunks and links two switches together. C. A virtual VLAN adds every port on a switch to its own collision domain. D. A virtual VLAN connects many hubs together. Answer: A www.passin1day.com
640-554 Exam Questions
14
QUESTION NO: 10
Which action can you take to add bandwidth to a trunk between two switches and end up with only one logical interface? A. Configure another trunk link. B. Configure EtherChannel. C. Configure an access port. D. Connect a hub between the two switches. Answer: A www.passin1day.com
15
Objectives of Course The Following Objectives, the learner will be able to meet at the end of this Course:
Describe the components of a comprehensive network security policy that can be used to counter threats against IT systems, within the context of a security policy lifecycle.
Develop and implement security countermeasures that are aimed at protecting network elements as part of the network infrastructure.
Deploy and maintain threat control and containment technologies for perimeter security in small and midsize networks.
Describe secure connectivity strategies and technologies using VPNs, and configure site-to-site and remote access VPNs using Cisco IOS features. www.passin1day.com
Choose Passin1day
16
To obtain the above Mentioned Objectives the best way is provided by www.passin1day.com which provides the best study material with great deals & Packages.Our Study Material Possess the Following Attributes:
Success
Quality
Guarantee
Excellence www.passin1day.com
Trust Us We Build Your Future
17
www.passin1day.com