Cisco 640-553 Exam, Most Accurate Cisco 640-553 Dumps Are The Best Materials

Through the Cisco 640-553 exam is not easy. Juniper select the appropriate Cisco 640-553 exam sample questions only guarantee of FLYDUMPS success. I heard our customers talking about research, but he did not to cram, but told me to go FLYDUMPS this site with many on Cisco 640-553 exam sample questions, FLYDUMPS can provide relevant research and practical experience in a wide range of foundation. FLYDUMPS always designs our materials for exams with one goal in mind – ease of use. Through our Cisco 640-553 exam sample questions, we give you a very comfortable environment to study for the exam. We let you know about every detail and also let you analyze your strong and weak Juniper areas. You can then sharpen your skills very quickly and concentrate more on your weaker topics.

QUESTION 117
Regarding constructing a good encryption algorithm, what does creating an avalanche effect indicate?
A. Changing only a few bits of a plain-text message causes the ciphertext to be completely different.
B. Changing only a few bits of a ciphertext message causes the plain text to be completely different.
C. Altering the key length causes the plain text to be completely different.
D. Altering the key length causes the ciphertext to be completely different.

Correct Answer: A QUESTION 118
With the increasing development of network, various network attacks appear. Which statement best describes the relationships between the attack method and the result?

A. Ping Sweep – TIS1 and TIS3 Port Scan – TIS2, TIS4 and TIS5
B. Ping Sweep – TIS2 and TIS4 Port Scan – TIS1, TIS3 and TIS5
C. Ping Sweep – TIS1 and TIS5 Port Scan – TIS2, TIS3 and TIS4
D. Ping Sweep – TIS2 and TIS3 Port Scan – TIS1, TIS4 and TIS5

Correct Answer: B QUESTION 119
Stream ciphers run on which of the following?
A. Individual blocks, one at a time, with the transformations varying during the encryption
B. Individual digits, one at a time, with the transformations varying during the encryption
C. Fixed-length groups of digits called blocks
D. Fixed-length groups of bits called blocks

Correct Answer: B QUESTION 120
Which description is true about ECB mode?
A. ECB mode uses the same 64-bit key to serially encrypt each 56-bit plain-text block.
B. In ECB mode, each 56-bit plain-text block is exclusive ORed (XORed) bitwise with the previous ciphertext block.
C. ECB mode uses the same 56-bit key to serially encrypt each 64-bit plain-text block.
D. In ECB mode, each 64-bit plain-text block is exclusive ORed (XORed) bitwise with the previous ciphertext block.

Correct Answer: C QUESTION 121
In a brute-force attack, what percentage of the keyspace must an attacker generally search through until he or she finds the key that decrypts the data?
A. Roughly 66 percent
B. Roughly 10 percent
C. Roughly 75 percent
D. Roughly 50 percent

Correct Answer: D QUESTION 122
Which example is of a function intended for cryptographic hashing?
A. SHA-135
B. MD65
C. XR12
D. MD5

Correct Answer: D QUESTION 123
Which one of the following items may be added to a password stored in MD5 to make it more secure?
A. Rainbow table
B. Cryptotext
C. Ciphertext

D. Salt Correct Answer: D QUESTION 124
Drag three proper statements about the IPsec protocol on the above to the list on the below.

A. True
B. False

Correct Answer: A QUESTION 125
LAB

A. True
B. False

Correct Answer: A QUESTION 126
On the basis of the description of SSL-based VPN, place the correct descriptions in the proper locations.

A. True
B. False

Correct Answer: A QUESTION 127
Which three common examples are of AAA implementation on Cisco routers? Please place the correct descriptions in the proper locations.

A. True
B. False

Correct Answer: A QUESTION 128
Drag two characteristics of the SDM Security Audit wizard on the above to the list on the below.

A. True
B. False

Correct Answer: A
QUESTION 129
On the basis of the Cisco IOS Zone-Based Policy Firewall, by default, which three types of traffic are permitted by the router when some interfaces of the routers are assigned to a zone? Drag three proper characterizations on the above to the list on the below.

A. True
B. False

Correct Answer: A QUESTION 130
Match the description on the left with the IKE phases on the right.
A. True
B. False

Correct Answer: A QUESTION 131
The information of Cisco Router and Security Device Manager(SDM) is shown below: Within the “sdm-permit” policy map, what is the action assigned to the traffic class “class-default”?
A. inspect
B. pass
C. drop
D. police

Correct Answer: C QUESTION 132
Drag the result on the left to the corrosponding attack method on the right.

A. True
B. False

Correct Answer: A QUESTION 133
Which are the best practices for attack mitigation?

A. True
B. False

Correct Answer: A QUESTION 134

Next Gen University main campus is located in Santa Cruz. The University has recentley established various remote campuses offering e-learning services. The University is using Ipsec VPN connectivity between its main and remote campuses San Joe (SJ), Los Angeles (LA), Sacramento (SAC). As a recent addition to the IT/Networking team, you have been tasked to document the Ipsec VPN configuration to the remote campuses using the Cisco Router and SDM utility. Using the SDM output from VPN Tasks under the Configure tab, answer this question:
Which one of these statements is correct in regards to Next Gen University Ipsec tunnel between its Santa Cruz main campus and its SJ remote campus?
A. It is using Ipsec tunnel mode, AES encryption and SHA HMAC integrity Check.
B. It is using Ipsec transport mode, 3DES encryption and SHA integrity Check.
C. It is using Ipsec tunnel mode to protect the traffic between the 10.10.10.0/24 and the 10.2.54.0/24 subnet.
D. It is using digital certificate to authenticate between the Ipsec peers and DH group 2.
E. It is using pre-shared key to authenticate between the Ipsec peers and DH group 5.
F. The Santa Cruz main campus is the Easy VPN Server and the SJ remote campus is the Easy VPN Remote.
Correct Answer: C
QUESTION 135

Next Gen University main campus is located in Santa Cruz. The University has recentley established various remote campuses offering e-learning services. The University is using Ipsec VPN connectivity between its main and remote campuses San Joe (SJ), Los Angeles (LA), Sacramento (SAC). As a recent addition to the IT/Networking team, you have been tasked to document the Ipsec VPN configuration to the remote campuses using the Cisco Router and SDM utility. Using the SDM output from VPN Tasks under the Configure tab, answer this question:
Which of these is used to define wich traffic will be protected by Ipsec between theNext Gen University Santa Cruz main campus and its SAC remote campus?
A. ACL 177
B. ACL 167
C. ACL 152
D. ESP-3DES-SHA1 transform set
E. ESP-3DES-SHA2 transform set
F. IKE Phase 1
Correct Answer: A
QUESTION 136

Next Gen University main campus is located in Santa Cruz. The University has recentley established various remote campuses offering e-learning services. The University is using Ipsec VPN connectivity between its main and remote campuses San Joe (SJ), Los Angeles (LA), Sacramento (SAC). As a recent addition to the IT/Networking team, you have been tasked to document the Ipsec VPN configuration to the remote campuses using the Cisco Router and SDM utility. Using the SDM output from VPN Tasks under the Configure tab, answer this question:
The Ipsec tunnel to the SAC remote campus terminates at wich IP address and what is the protected subnet behind the SAC remote campus router? (Choose two)
A. 192.168.2.57
B. 192.168.5.48
C. 192.168.8.58
D. 10.2.54.0/24
E. 10.5.66.0/24
F. 10.8.75.0/24
Correct Answer: CF
QUESTION 137

Next Gen University main campus is located in Santa Cruz. The University has recentley established various remote campuses offering e-learning services. The University is using Ipsec VPN connectivity between its main and remote campuses San Joe (SJ), Los Angeles (LA), Sacramento (SAC). As a recent addition to the IT/Networking team, you have been tasked to document the Ipsec VPN configuration to the remote campuses using the Cisco Router and SDM utility. Using the SDM output from VPN Tasks under the Configure tab, answer this question:
Which one of these statements is correct in regards to Next Gen University Ipsec tunnel between its Santa Cruz main campus and its SAC remote campus?
A. The SAC remote campus remote router is using dynamic IP address; therefore, the Santa Cruz router is using a dynamic crypto map.
B. Dead Peer Detection (DPD) is need to monitor the Ipsec tunnel, so if there is no traffic between the two sites, the Ipsec tunnel will disconnect.
C. Tunnel mode is used; therefore, a GRE tunnel interface will be configured.
D. Only the ESP protocol is being used; AH is not bening used.
Correct Answer: D

Flydumps Free Cisco 640-553 exam dumps are audited by our certified subject matter experts and published authors for development. Flydumps Cisco 640-553 exam dumps are one of the highest quality Cisco 640-553 Q&As in the world.It covers nearly 96% real questions and answers, including the entire testing scope. Flydumps guarantees you pass Cisco 640-553 exam at first attempt.

Cisco 640-553 Demo, The Most Recommended Cisco 640-553 Dumps PDF With Accurate Answers

Welcome to download the newest Flydumps MB6-700 VCE dumps: http://www.flydumps.com/MB6-700.html

Nowadays,Flydumps has published the newest Cisco 640-553 exam dumps with free vce test software and pdf dumps,and the latest Cisco 640-553 question answers ensure you 100% pass and money bcak guarantee.

QUESTION 105
Which statement best describes the relationships between AAA function and TACACS+, RADIUS based on the exhibit shown?

A. TACACS+ – TIS1 and TIS3 RADIUS – TIS2 and TIS4
B. TACACS+ – TIS2 and TIS4 RADIUS – TIS1 and TIS3
C. TACACS+ – TIS1 and TIS4 RADIUS – TIS2 and TIS3
D. TACACS+ – TIS2 and TSS3 RADIUS – TIS1 and TIS4

Correct Answer: B
QUESTION 106
Which two statements are correct regarding a Cisco IP phone’s web access feature? (Choose two.)
A. It is enabled by default.
B. It uses HTTPS.
C. It can provide IP address information about other servers in the network.
D. It requires login credentials, based on the UCM user database.

Correct Answer: AC
QUESTION 107
Which option ensures that data is not modified in transit?
A. Authentication
B. Integrity
C. Authorization
D. Confidentiality
Correct Answer: B
QUESTION 108
What is a static packet-filtering firewall used for ?
A. It analyzes network traffic at the network and transport protocol layers.
B. It validates the fact that a packet is either a connection request or a data packet belonging to a connection.
C. It keeps track of the actual communication process through the use of a state table.
D. It evaluates network packets for valid data at the application layer before allowing connections.
Correct Answer: A
QUESTION 109
Which firewall best practices can help mitigate worm and other automated attacks?
A. Restrict access to firewalls
B. Segment security zones
C. Use logs and alerts
D. Set connection limits

Correct Answer: D QUESTION 110
Which statement best describes the Turbo ACL feature? (Choose all that apply.)
A. The Turbo ACL feature processes ACLs into lookup tables for greater efficiency.
B. The Turbo ACL feature leads to increased latency, because the time it takes to match the packet is variable.
C. The Turbo ACL feature leads to reduced latency, because the time it takes to match the packet is fixed and consistent.
D. Turbo ACLs increase the CPU load by matching the packet to a predetermined list.

Correct Answer: AC QUESTION 111
Which two actions can be configured to allow traffic to traverse an interface when zone-based security is being employed? (Choose two.)
A. Flow
B. Inspect
C. Pass
D. Allow

Correct Answer: BC QUESTION 112
Which three items are Cisco best-practice recommendations for securing a network? (Choose three.)
A. Deploy HIPS software on all end-user workstations.
B. Routinely apply patches to operating systems and applications.
C. Disable unneeded services and ports on hosts.
D. Require strong passwords, and enable password expiration.

Correct Answer: BCD QUESTION 113
Which key method is used to detect and prevent attacks by use of IDS and/or IPS technologies?
A. Signature-based detection
B. Anomaly-based detection
C. Honey pot detection
D. Policy-based detection

Correct Answer: A QUESTION 114
Based on the following items, which two types of interfaces are found on all network-based IPS sensors? (Choose two.)
A. Loopback interface
B. Monitoring interface
C. Command and control interface
D. Management interface Correct Answer: BC
QUESTION 115
With which three tasks does the IPS Policies Wizard help you? (Choose three.)
A. Selecting the interface to which the IPS rule will be applied
B. Selecting the direction of traffic that will be inspected
C. Selecting the inspection policy that will be applied to the interface
D. Selecting the Signature Definition File (SDF) that the router will use

Correct Answer: ABD QUESTION 116
Examine the following options, when editing global IPS settings, which one determines if the IOS-based IPS feature will drop or permit traffic for a particular IPS signature engine while a new signature for that engine is being compiled?
A. Enable Engine Fail Closed
B. Enable Fail Opened
C. Enable Signature Default
D. Enable Default IOS Signature

Correct Answer: A QUESTION 117

Get yourself composed for Microsoft actual exam and upgrade your skills with Flydumps Cisco 640-553 practice test products. Once you have practiced through our assessment material, familiarity on Cisco 640-553 exam domains get a significant boost. Flydumps practice tests enable you to raise your performance level and assure the guaranteed success for Cisco 640-553 exam.

Flydumps MB6-700 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/MB6-700.html

Cisco 640-553 Study Guides, Useful Cisco 640-553 PDF On Sale

Do not you know how to choose the Cisco 640-553 exam dumps? Being worried about your Cisco 640-553 exam? Just try Flydumps new version Cisco 640-553 exam dumps.High pass rate and money back guarantee!

QUESTION 1
Which three primary functions are required to secure communication across network links? (Choose three.)
A. accounting
B. anti-replay protection
C. authentication
D. authorization
E. confidentiality
F. integrity
Correct Answer: CEF
QUESTION 2
Which two encryption algorithms are commonly used to encrypt the contents of a message? (Choose two.)
A. 3DES
B. AES
C. IPsec
D. PKI
E. SHA1
Correct Answer: AB
QUESTION 3
An administrator requires a PKI that supports a longer lifetime for keys used for digital signing operations than for keys used for encrypting data. Which feature should the PKI support?
A. certificate keys
B. nonrepudiation keys
C. usage keys
D. variable keys
Correct Answer: C
QUESTION 4
Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure?
A. The CA is always required, even after user verification is complete.
B. The users must obtain the certificate of the CA and then their own certificate.
C. After user verification is complete, the CA is no longer required, even if one of the involved certificates expires.
D. CA certificates are retrieved out-of-band using the PSTN, and the authentication is done in-band over a network.
Correct Answer: B
QUESTION 5
A customer purchases an item from an e-commerce site. The e-commerce site must maintain proof that the data exchange took place between the site and the customer. Which feature of digital signatures is required?
A. authenticity of digitally signed data
B. integrity of digitally signed data
C. nonrepudiation of the transaction
D. confidentiality of the public key
Correct Answer: C QUESTION 6
What is the basic method used by 3DES to encrypt plaintext?
A. The data is encrypted three times with three different keys.
B. The data is encrypted, decrypted, and encrypted using three different keys.
C. The data is divided into three blocks of equal length for encryption.
D. The data is encrypted using a key length that is three times longer than the key used for DES.

Correct Answer: B QUESTION 7
Which statement describes a cryptographic hash function?
A. A one-way cryptographic hash function is hard to invert.
B. The output of a cryptographic hash function can be any length.
C. The input of a cryptographic hash function has a fixed length.
D. A cryptographic hash function is used to provide confidentiality.

Correct Answer: A QUESTION 8
Which statement is a feature of HMAC?
A. HMAC is based on the RSA hash function.
B. HMAC uses a secret key that is only known to the sender and defeats man-in-the-middle attacks.
C. HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance.
D. HMAC uses protocols such as SSL or TLS to provide session layer confidentiality.

Correct Answer: C QUESTION 9
Why is RSA typically used to protect only small amounts of data?
A. The keys must be a fixed length.
B. The public keys must be kept secret.
C. The algorithms used to encrypt data are slow.
D. The signature keys must be changed frequently.

Correct Answer: C QUESTION 10
The network administrator for an e-commerce website requires a service that prevents customers from claiming that legitimate orders are fake. What service provides this type of guarantee?
A. authentication
B. confidentiality
C. integrity
D. nonrepudiation

Correct Answer: D QUESTION 11
Refer to the exhibit. Which encryption algorithm is described in the exhibit?

A. 3DES
B. AES
C. DES
D. RC4
E. SEAL

Correct Answer: A
QUESTION 12
Which statement describes asymmetric encryption algorithms?
A. They include DES, 3DES, and AES.
B. They have key lengths ranging from 80 to 256 bits.
C. They are also called shared-secret key algorithms.
D. They are relatively slow because they are based on difficult computational algorithms.
Correct Answer: D
QUESTION 13
Which symmetrical encryption algorithm is the most difficult to crack?
A. 3DES
B. AES
C. DES
D. RSA
E. SHA
Correct Answer: B

QUESTION 14
What is a characteristic of the RSA algorithm?
A. RSA is much faster than DES.
B. RSA is a common symmetric algorithm.
C. RSA is used to protect corporate data in high-throughput, low-latency environments.
D. RSA keys of 512 bits can be used for faster processing, while keys of 2048 bits can be used for increased security.
Correct Answer: D
QUESTION 15
Refer to the exhibit. Which type of cipher method is depicted?

A. Caesar cipher
B. stream cipher
C. substitution cipher
D. transposition cipher
Correct Answer: D
QUESTION 16
What does it mean when a hashing algorithm is collision resistant?
A. Exclusive ORs are performed on input data and produce a digest.
B. It is not feasible to compute the hash given the input data.
C. It uses a two-way function that computes a hash from the input and output data.
D. Two messages with the same hash are unlikely to occur.
Correct Answer: D
QUESTION 17
How do modern cryptographers defend against brute-force attacks?
A. Use statistical analysis to eliminate the most common encryption keys.
B. Use an algorithm that requires the attacker to have both ciphertext and plaintext to conduct a successful attack.
C. Use a keyspace large enough that it takes too much money and too much time to conduct a successful attack.
D. Use frequency analysis to ensure that the most popular letters used in the language are not used in the cipher message.
Correct Answer: C
QUESTION 18
Which two statements correctly describe certificate classes used in the PKI? (Choose two.)
A. A class 0 certificate is for testing purposes.
B. A class 0 certificate is more trusted than a class 1 certificate.
C. The lower the class number, the more trusted the certificate.
D. A class 5 certificate is for users with a focus on verification of email.
E. A class 4 certificate is for online business transactions between companies.
Correct Answer: AE
QUESTION 19
Which statement describes the use of keys for encryption?
A. The sender and receiver must use the same key when using symmetric encryption.
B. The sender and receiver must use the same key when using asymmetric encryption.
C. The sender and receiver must use the same keys for both symmetric and asymmetric encryption.
D. The sender and receiver must use two keys: one for symmetric encryption and another for asymmetric encryption.
Correct Answer: A
QUESTION 20
Which encryption protocol provides network layer confidentiality?
A. IPsec protocol suite
B. Keyed MD5
C. Message Digest 5
D. Secure Sockets Layer
E. Secure Hash Algorithm 1
F. Transport Layer Security
Correct Answer: A Exam H

QUESTION 1
Which IPsec protocol should be selected when confidentiality is required?
A. tunnel mode
B. transport mode
C. authentication header
D. encapsulating security payload
E. generic routing encapsulation
Correct Answer: D
QUESTION 2
When using ESP tunnel mode, which portion of the packet is not authenticated?
A. ESP header
B. ESP trailer
C. new IP header
D. original IP header
Correct Answer: C
QUESTION 3
When configuring an IPsec VPN, what is used to define the traffic that is sent through the IPsec tunnel and protected by the IPsec process?
A. crypto map
B. crypto ACL
C. ISAKMP policy
D. IPsec transform set
Correct Answer: A
QUESTION 4
Refer to the exhibit. Which two IPsec framework components are valid options when configuring an IPsec VPN on a Cisco ISR router? (Choose two.)

A. Integrity options include MD5 and RSA.
B. IPsec protocol options include GRE and AH.
C. Confidentiality options include DES, 3DES, and AES.
D. Authentication options include pre-shared key and SHA.
E. Diffie-Hellman options include DH1, DH2, and DH5.
Correct Answer: CE
QUESTION 5
Refer to the exhibit. Based on the SDM screen, which Easy VPN Server component is being configured?

A. group policy
B. transform set
C. IKE proposal
D. user authentication
Correct Answer: A QUESTION 6
Refer to the exhibit. Under the ACL Editor, which option is used to specify the traffic to be encrypted on a secure

A. connection?
B. Access Rules
C. IPsec Rules
D. Firewall Rules
E. SDM Default Rules

Correct Answer: C
QUESTION 7
What are two authentication methods that can be configured using the SDM Site-to-Site VPN Wizard? (Choose two.)
A. MD5
B. SHA
C. pre-shared keys
D. encrypted nonces
E. digital certificates
Correct Answer: CE
QUESTION 8
Refer to the exhibit. A site-to-site VPN is required from R1 to R3. The administrator is using the SDM Site-to-Site VPN Wizard on R1. Which IP address should the administrator enter in the highlighted field?

A. 10.1.1.1
B. 10.1.1.2
C. 10.2.2.1
D. 10.2.2.2
E. 192.168.1.1
F. 192.168.3.1
Correct Answer: D
QUESTION 9
What is required for a host to use an SSL VPN?
A. VPN client software must be installed.
B. A site-to-site VPN must be preconfigured.
C. The host must be in a stationary location.
D. A web browser must be installed on the host.
Correct Answer: D
QUESTION 10
Which two statements accurately describe characteristics of IPsec? (Choose two.)
A. IPsec works at the application layer and protects all application data.
B. IPsec works at the transport layer and protects data at the network layer.
C. IPsec works at the network layer and operates over all Layer 2 protocols.
D. IPsec is a framework of proprietary standards that depend on Cisco specific algorithms.
E. IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.
F. IPsec is a framework of open standards that relies on existing algorithms.
Correct Answer: C
QUESTION 11 When configuring a site-to-site IPsec VPN using the CLI, the authentication pre-share command is configured in the ISAKMP policy. Which additional peer authentication configuration is required?
A. Configure the message encryption algorithm with the encryptiontype ISAKMP policy configuration command.
B. Configure the DH group identifier with the groupnumber ISAKMP policy configuration command.
C. Configure a hostname with the crypto isakmp identity hostname global configuration command.
D. Configure a PSK with the crypto isakmp key global configuration command.
Correct Answer: D QUESTION 12
Which action do IPsec peers take during the IKE Phase 2 exchange?
A. exchange of DH keys
B. negotiation of IPsec policy
C. verification of peer identity
D. negotiation of IKE policy sets

Correct Answer: B QUESTION 13
Refer to the exhibit. A network administrator is troubleshooting a GRE VPN tunnel between R1 and R2. Assuming the R2 GRE configuration is correct and based on the running configuration of R1, what must

A. change the tunnel source interface to Fa0/0
B. change the tunnel destination to 192.168.5.1
C. change the tunnel IP address to 192.168.3.1
D. change the tunnel destination to 209.165.200.225
E. change the tunnel IP address to 209.165.201.1

Correct Answer: D
QUESTION 14 When verifying IPsec configurations, which show command displays the encryption algorithm, hash algorithm, authentication method, and Diffie-Hellman group configured, as well as default settings?
A. show crypto map
B. show crypto ipsec sa
C. show crypto isakmp policy
D. show crypto ipsec transform-set

Correct Answer: C
QUESTION 15
With the Cisco Easy VPN feature, which process ensures that a static route is created on the Cisco Easy VPN Server for the internal IP address of each VPN client?
A. Cisco Express Forwarding
B. Network Access Control
C. On-Demand Routing
D. Reverse Path Forwarding
E. Reverse Route Injection
Correct Answer: E
QUESTION 16
Which statement describes an important characteristic of a site-to-site VPN?
A. It must be statically set up.
B. It is ideally suited for use by mobile workers.
C. It requires using a VPN client on the host PC.
D. It is commonly implemented over dialup and cable modem networks.
E. After the initial connection is established, it can dynamically change connection information.
Correct Answer: A
QUESTION 17
What is the default IKE policy value for authentication?
A. MD5
B. SHA
C. RSA signatures
D. pre-shared keys
E. RSA encrypted sconces
Correct Answer: C
QUESTION 18
Which requirement necessitates using the Step-by-Step option of the SDM Site-to-Site VPN wizard instead of the Quick Setup option?
A. AES encryption is required.
B. 3DES encryption is required.
C. Pre-shared keys are to be used.
D. The remote peer is a Cisco router.
E. The remote peer IP address is unknown.
Correct Answer: A
QUESTION 19
How many bytes of overhead are added to each IP packet while it is transported through a GRE tunnel?
A. 8
B. 16
C. 24
D. 32
Correct Answer: C
QUESTION 20
What are two benefits of an SSL VPN? (Choose two.)
A. It supports all client/server applications.
B. It supports the same level of cryptographic security as an IPsec VPN.
C. It has the option of only requiring an SSL-enabled web browser.
D. The thin client mode functions without requiring any downloads or software.
E. It is compatible with DMVPNs, Cisco IOS Firewall, IPsec, IPS, Cisco Easy VPN, and NAT.
Correct Answer: BE
QUESTION 21
Which UDP port must be permitted on any IP interface used to exchange IKE information between security gateways?
A. 400
B. 500
C. 600
D. 700
Correct Answer: B Exam I

QUESTION 1
What are the two major elements of the Cisco Secure Communications solution? (Choose two.)
A. secure communications for extranets
B. secure communications for intranets
C. secure communications for management
D. secure communications for remote access
E. secure communications for site-to-site connections
Correct Answer: DE
QUESTION 2
Which component of the security policy lists specific websites, newsgroups, or bandwidth-intensive applications that are not allowed on the company network?
A. remote access policies
B. acceptable use policies
C. incident handling procedures
D. identification and authentication policies
Correct Answer: B
QUESTION 3
What are the two major components of a security awareness program? (Choose two.)
A. awareness campaign
B. security policy development
C. security solution development
D. self-defending network implementation
E. training and education
Correct Answer: AE
QUESTION 4
Which term describes a completely redundant backup facility, with almost identical equipment to the operational facility that is maintained in the event of a disaster?
A. backup site
B. cold site
C. hot site
D. reserve site
Correct Answer: C

QUESTION 5
What are three benefits of a comprehensive security policy? (Choose three.)
A. defines legal consequences of violations
B. ensures consistency in system operations
C. ensures diversity in system operations, software and hardware acquisition and use, and maintenance
D. identifies reputable network equipment providers
E. sets the rules for expected behavior
F. provides a database for information assets
Correct Answer: ACE QUESTION 6

Which two Cisco Threat Control and Containment technologies address endpoint security? (Choose two.)
A. Cisco Application Control Engine
B. Cisco Network Admission Control
C. Cisco Security Agent
D. Cisco Security Monitoring, Analysis, and Response System
E. virtual private network
Correct Answer: BC
QUESTION 7
What are three key principles of a Cisco Self-Defending Network? (Choose three.)
A. adaptability
B. authentication
C. collaboration
D. confidentiality
E. integration
F. integrity
Correct Answer: ACE
QUESTION 8
Which three detailed documents are used by security staff for an organization to implement the security policies? (Choose three.)
A. asset inventory
B. best practices
C. guidelines
D. procedures
E. risk assessment
F. standards
Correct Answer: CDF
QUESTION 9
Which security document includes implementation details, usually with step-by-step instructions and graphics?
A. guideline document
B. standard document
C. procedure document
D. overview document
Correct Answer: C

QUESTION 10
When an organization implements the two-person control principle, how are tasks handled?
A. A task requires two individuals who review and approve the work of each other.
B. A task is broken down into two parts, and each part is assigned to a different individual.
C. A task must be completed twice by two operators who must achieve the same results.
D. A task is rotated among individuals within a team, each completing the entire task for a specific amount of time.
Correct Answer: A
QUESTION 11
Which policy includes standards regarding the installation and update of endpoint threat-control software?
A. distribution policy
B. end-user policy
C. management policy
D. technical policy
Correct Answer: B
QUESTION 12
Which three statements describe ethics in network security? (Choose three.)
A. principles put into action in place of laws
B. foundations for current laws
C. set of moral principles that govern civil behavior
D. standard that is higher than the law
E. set of regulations established by the judiciary system
F. set of legal standards that specify enforceable actions when the law is broken
Correct Answer: BCD
QUESTION 13
What are the two components in the Cisco Security Management Suite? (Choose two.)
A. Cisco Intrusion Prevention
B. Cisco Network Admission Control
C. Cisco Security Agent
D. Cisco Security Manager
E. Cisco Security MARS
Correct Answer: DE
QUESTION 14
In which phase of the system development life cycle should security requirements be addressed?
A. Add security requirements during the initiation phase.
B. Include a minimum set of security requirements at each phase.
C. Apply critical security requirements during the implementation phase.
D. Implement the majority of the security requirements at the acquisition phase.
Correct Answer: D

QUESTION 15
Which security services, available through the Cisco Self-Defending Network, include VPN access?
A. secure communications
B. threat control and containment
C. operational control and policy management
D. application control for infrastructure
Correct Answer: B
QUESTION 16
Which type of analysis uses a mathematical model that assigns a monetary figure to the value of assets,
the cost of threats being realized, and the cost of security implementations?
A. Qualitative Risk Analysis
B. Quantitative Risk Analysis
C. Qualitative Asset Analysis
D. Quantitative Continuity Analysis
Correct Answer: B QUESTION 17
Which principle of the Cisco Self-Defending Network emphasizes that security should be built in?
A. adapt
B. collaborate
C. integrate
D. simplify

Correct Answer: C QUESTION 18
Refer to the exhibit. When implementing the Cisco Self-Defending Network, which two technologies ensure confidentiality when referring to secure communications? (Choose two.)

A. Cisco NAC appliances and Cisco Security Agent
B. Cisco Security Manager
C. Cisco Security Monitoring, Analysis, and Response System
D. Intrusion Prevention System
E. IPsec VPN
F. SSL VPN

Correct Answer: EF QUESTION 19
Which three documents comprise the hierarchical structure of a comprehensive security policy for an organization? (Choose three.)
A. backup policy
B. server policy
C. incident policy
D. governing policy
E. end-user policy
F. technical policy
Correct Answer: DEF
QUESTION 20
Which network security test requires a network administrator to launch an attack within the network?
A. network scan
B. password crack
C. penetration test
D. vulnerability scan
Correct Answer: C

QUESTION 21
What is the primary focus of network operations security?
A. to design and develop secure application code
B. to support deployment and periodic maintenance of secure systems
C. to conduct regular employee background checks
D. to reprimand personnel who do not adhere to security policies
Correct Answer: B
The Cisco contains more than 400 practice questions for the Cisco 640-553 exams,including simulation-based questions.Also contains hands-on exercises and a customized copy of the Cisco 640-553 exams network simulation software.

Cisco 640-553 Study Guide Book, Up To Date Cisco 640-553 Exam Questions Vce On Store

Do not worry about your Cisco 640-553 exam,Flydumps now has published the new veriosn Cisco 640-553 exam dumps with more new added questions and answers,also you can free download Cisco 640-553 vce test software and pdf dumps on Flydumps.com.

QUESTION 65
The information of Cisco Router and Security Device Manager(SDM) is shown below: Within the “sdm-permit” policy map, what is the action assigned to the traffic class “class-default”?
A. inspect
B. pass
C. drop
D. police

Correct Answer: C
QUESTION 66
The information of Cisco Router and Security Device Manager(SDM) is shown below: Which policy map is associated to the “sdm-zp-in-out” security zone pair?
A. sdm-permit-icmpreply
B. sdm-permit
C. sdm-inspect
D. sdm-insp-traffic

Correct Answer: C
QUESTION 67
The information of Cisco Router and Security Device Manager(SDM) is shown below: Within the “sdm-inspect” policy map, what is the action assigned to the traffic class “sdm-invalid-src”, and which traffic is matched by the traffic class “sdm-invlid-src” ? (Choose two.)
A. traffic matched by ACL 100
B. traffic matched by the nested “sdm-cls-insp-traffic” class map
C. inspect/log
D. traffic matched by ACL 104
E. Drop/Log

Correct Answer: AE
QUESTION 68
Which one is the most important based on the following common elements of a network design?
A. Business needs
B. Best practices C. Risk analysis
D. Security policy

Correct Answer: A
QUESTION 69
Examine the following items, which one offers a variety of security solutions, including firewall, IPS, VPN, antispyware, antivirus, and antiphishing features?
A. Cisco 4200 series IPS appliance
B. Cisco ASA 5500 series security appliance
C. Cisco IOS router
D. Cisco PIX 500 series security appliance

Correct Answer: B
QUESTION 70
The enable secret password appears as an MD5 hash in a router’s configuration file, whereas the enable
password is not hashed (or encrypted, if the password-encryption service is not enabled).
What is the reason that Cisco still support the use of both enable secret and enable passwords in a
router’s configuration?

A. The enable password is used for IKE Phase I, whereas the enable secret password is used for IKE Phase II.
B. The enable password is considered to be a router’s public key, whereas the enable secret password is considered to be a router’s private key.
C. Because the enable secret password is a hash, it cannot be decrypted. Therefore, the enable password is used to match the password that was entered, and the enable secret is used to verify that the enable password has not been modified since the hash was generated.
D. The enable password is present for backward compatibility.

Correct Answer: D
QUESTION 71
Which classes does the U.S. government place classified data into? (Choose three.)
A. SBU
B. Confidential
C. Secret
D. Top-secret
Correct Answer: BCD
QUESTION 72
How does CLI view differ from a privilege level?
A. A CLI view supports only commands configured for that specific view, whereas a privilege level supports commands available to that level and all the lower levels.
B. A CLI view supports only monitoring commands, whereas a privilege level allows a user to make changes to an IOS configuration.
C. A CLI view and a privilege level perform the same function. However, a CLI view is used on a Catalyst switch, whereas a privilege level is used on an IOS router.
D. A CLI view can function without a AAA configuration, whereas a privilege level requires AAA to be configured.
Correct Answer: A
QUESTION 73
When configuring Cisco IOS login enhancements for virtual connections, what is the “quiet period”?
A. A period of time when no one is attempting to log in
B. The period of time in which virtual logins are blocked as security services fully initialize
C. The period of time in which virtual login attempts are blocked, following repeated failed login attempts
D. The period of time between successive login attempts

Correct Answer: C
QUESTION 74
Which three statements are valid SDM configuration wizards? (Choose three.)
A. Security Audit
B. VPN
C. STP
D. NAT

Correct Answer: ABD
QUESTION 75
How do you define the authentication method that will be used with AAA?
A. With a method list
B. With the method command
C. With the method aaa command
D. With a method statement

Correct Answer: A
QUESTION 76
What is the objective of the aaa authentication login console-in local command?
A. It specifies the login authorization method list named console-in using the local RADIUS username-password database.
B. It specifies the login authorization method list named console-in using the local username-password database on the router.
C. It specifies the login authentication method list named console-in using the local user database on the router.
D. It specifies the login authentication list named console-in using the local username- password database on the router.

Correct Answer: C
QUESTION 77
Which one of the following commands can be used to enable AAA authentication to determine if a user can access the privilege command level?
A. aaa authentication enable default local
B. aaa authentication enable level
C. aaa authentication enable method default
D. aaa authentication enable default

Correct Answer: D
QUESTION 78
Please choose the correct matching relationships between the cryptography algorithms and the type of algorithm.

A. Symmetric – TIS1, TIS2 and TIS3 Asymmetric – TIS4, TIS5 and TIS6
B. Symmetric – TIS1, TIS4 and TIS5 Asymmetric – TIS2, TIS3 and TIS6
C. Symmetric – TIS2,TIS4 and TIS5 Asymmetric – TIS1, TIS3 and TIS6
D. Symmetric – TIS2, TIS5 and TIS6 Asymmetric – TIS1, TIS3 and TIS4

Correct Answer: B
QUESTION 79
Which two ports are used with RADIUS authentication and authorization?(Choose two.)
A. TCP port 2002
B. UDP port 2000
C. UDP port 1645
D. UDP port 1812

Correct Answer: CD
QUESTION 80
For the following items, which management topology keeps management traffic isolated from production traffic?
A. OOB
B. SAFE
C. MARS
D. OTP

Correct Answer: A
QUESTION 81
Information about a managed device??s resources and activity is defined by a series of objects. What defines the structure of these management objects?
A. FIB
B. LDAP
C. CEF
D. MIB
Correct Answer: D QUESTION 82
When configuring SSH, which is the Cisco minimum recommended modulus value?
A. 2048 bits
B. 256 bits
C. 1024 bits
D. 512 bits

Correct Answer: C QUESTION 83
When using the Cisco SDM Quick Setup Siteto-Site VPN wizard, which three parameters do you configure? (Choose three.)
A. Interface for the VPN connection
B. IP address for the remote peer
C. Transform set for the IPsec tunnel
D. Source interface where encrypted traffic originates

Correct Answer: ABD QUESTION 84
If you click the Configure button along the top of Cisco SDM??s graphical interface,which Tasks button permits you to configure such features as SSH, NTP, SNMP, and syslog?
A. Additional Tasks
B. Security Audit
C. Intrusion Prevention
D. Interfaces and Connections

Correct Answer: A QUESTION 85
Which method is of gaining access to a system that bypasses normal security measures?
A. Creating a back door
B. Starting a Smurf attack
C. Conducting social engineering
D. Launching a DoS attack

Correct Answer: A QUESTION 86
Examine the following options, which Spanning Tree Protocol (STP) protection mechanism disables a switch port if the port receives a Bridge Protocol Data Unit (BPDU)?
A. PortFast
B. BPDU Guard
C. UplinkFast
D. Root Guard

Correct Answer: B QUESTION 87
If a switch is working in the fail-open mode, what will happen when the switch’s CAM table fills to capacity and a new frame arrives?
A. The switch sends a NACK segment to the frame’s source MAC address.
B. A copy of the frame is forwarded out all switch ports other than the port the frame was received on.
C. The frame is dropped.
D. The frame is transmitted on the native VLAN.

Correct Answer: B QUESTION 88
Which type of MAC address is dynamically learned by a switch port and then added to the switch’s running configuration?
A. Pervasive secure MAC address
B. Static secure MAC address
C. Sticky secure MAC address
D. Dynamic secure MAC address

Correct Answer: C QUESTION 89
Which are the best practices for attack mitigations?

A. TIS1, TIS2, TIS3 and TIS5
B. TIS2, TIS5, TIS6 and TIS8
C. TIS2, TIS5, TIS6 and TIS7
D. TIS2, TIS3, TIS6 and TIS8
E. TIS3, TIS4, TIS6 and TIS7

Correct Answer: B
QUESTION 90
In an IEEE 802.1x deployment, between which two devices EAPOL messages typically are sent?
A. Between the RADIUS server and the authenticator
B. Between the authenticator and the authentication server
C. Between the supplicant and the authentication server
D. Between the supplicant and the authenticator

Correct Answer: D
QUESTION 91
Which item is the great majority of software vulnerabilities that have been discovered?
A. Stack vulnerabilities
B. Software overflows C. Heap overflows
D. Buffer overflows

Correct Answer: D QUESTION 92
What will be enabled by the scanning technology-The Dynamic Vector Streaming (DVS)?
A. Firmware-level virus detection
B. Layer 4 virus detection
C. Signature-based spyware filtering
D. Signature-based virus filtering

Correct Answer: C QUESTION 93
What Cisco Security Agent Interceptor is in charge of intercepting all read/write requests to the rc files in UNIX?
A. Network interceptor
B. Configuration interceptor
C. Execution space interceptor
D. File system interceptor

Correct Answer: B QUESTION 94
Which name is of the e-mail traffic monitoring service that underlies that architecture of IronPort?
A. IronPort M-Series
B. E-Base
C. TrafMon
D. SenderBase

Correct Answer: D QUESTION 95
Which statement is not a reason for an organization to incorporate a SAN in its enterprise infrastructure?
A. To increase the performance of long-distance replication, backup, and recovery
B. To decrease the threat of viruses and worm attacks against data storage devices
C. To decrease both capital and operating expenses associated with data storage
D. To meet changing business priorities, applications, and revenue growth

Correct Answer: B QUESTION 96
Which protocol will use a LUN as a way to differentiate the individual disk drives that comprise a target device?
A. iSCSI
B. ATA
C. SCSI

D. HBA Correct Answer: C QUESTION 97
Which statement is true about a Smurf attack?
A. It sends ping requests to a subnet, requesting that devices on that subnet send ping replies to a target system.
B. It intercepts the third step in a TCP three-way handshake to hijack a session.
C. It uses Trojan horse applications to create a distributed collection of “zombie” computers, which can be used to launch a coordinated DDoS attack.
D. It sends ping requests in segments of an invalid size.

Correct Answer: A QUESTION 98
For the following statements, which one is perceived as a drawback of implementing Fibre Channel Authentication Protocol (FCAP)?
A. It is restricted in size to only three segments.
B. It requires the implementation of IKE.
C. It relies on an underlying Public Key Infrastructure (PKI).
D. It requires the use of netBT as the network protocol.

Correct Answer: C QUESTION 99
Which two primary port authentication protocols are used with VSANs? (Choose two.)
A. ESP
B. CHAP
C. DHCHAP
D. SPAP
Correct Answer: BC QUESTION 100
Which VoIP components can permit or deny a call attempt on the basis of a network’s available bandwidth?
A. MCU
B. Gatekeeper
C. Application server
D. Gateway

Correct Answer: B QUESTION 101
Which statement is true about vishing?
A. Influencing users to forward a call to a toll number (for example, a long distance or international number)
B. Influencing users to provide personal information over the phone
C. Using an inside facilitator to intentionally forward a call to a toll number (for example, a long distance or international number)
D. Influencing users to provide personal information over a web page

Correct Answer: B QUESTION 102
You work as a network engineer, do you know an IPsec tunnel is negotiated within the protection of which type of tunnel?
A. GRE tunnel
B. L2TP tunnel
C. L2F tunnel
D. ISAKMP tunnel

Correct Answer: D QUESTION 103
Which type of firewall is needed to open appropriate UDP ports required for RTP streams?
A. Proxy firewall
B. Packet filtering firewall
C. Stateful firewall
D. Stateless firewall

Correct Answer: C QUESTION 104
Please choose the correct description about Cisco Self-Defending Network characteristics.

A. INTEGRATED – TIS1 COLLABORATIVE – TIS2 ADAPTIVE – TIS3
B. INTEGRATED – TIS2 COLLABORATIVE – TIS1 ADAPTIVE – TIS3
C. INTEGRATED – TIS2 COLLABORATIVE – TIS3 www-CareerCert-info ADAPTIVE – TIS1
D. INTEGRATED – TIS3 COLLABORATIVE – TIS2 ADAPTIVE – TIS1

Correct Answer: B

CCNA Exam Certification Guide is a best-of-breed Cisco 640-553 exam study guide that has been completely updated to focus specifically on the objectives.Senior instructor and best-selling author Wendell Odom shares preparation hints and Cisco 640-553 tips to help you identify areas of weakness and improve both your conceptual and hands-on knowledge.Cisco 640-553 Material is presented in a concise manner,focusing on increasing your understanding and retention of exam topics.