Do not worry about your Cisco 640-553 exam,Flydumps now has published the new veriosn Cisco 640-553 exam dumps with more new added questions and answers,also you can free download Cisco 640-553 vce test software and pdf dumps on Flydumps.com.
QUESTION 65
The information of Cisco Router and Security Device Manager(SDM) is shown below: Within the “sdm-permit” policy map, what is the action assigned to the traffic class “class-default”?
A. inspect
B. pass
C. drop
D. police
Correct Answer: C
QUESTION 66
The information of Cisco Router and Security Device Manager(SDM) is shown below: Which policy map is associated to the “sdm-zp-in-out” security zone pair?
A. sdm-permit-icmpreply
B. sdm-permit
C. sdm-inspect
D. sdm-insp-traffic
Correct Answer: C
QUESTION 67
The information of Cisco Router and Security Device Manager(SDM) is shown below: Within the “sdm-inspect” policy map, what is the action assigned to the traffic class “sdm-invalid-src”, and which traffic is matched by the traffic class “sdm-invlid-src” ? (Choose two.)
A. traffic matched by ACL 100
B. traffic matched by the nested “sdm-cls-insp-traffic” class map
C. inspect/log
D. traffic matched by ACL 104
E. Drop/Log
Correct Answer: AE
QUESTION 68
Which one is the most important based on the following common elements of a network design?
A. Business needs
B. Best practices C. Risk analysis
D. Security policy
Correct Answer: A
QUESTION 69
Examine the following items, which one offers a variety of security solutions, including firewall, IPS, VPN, antispyware, antivirus, and antiphishing features?
A. Cisco 4200 series IPS appliance
B. Cisco ASA 5500 series security appliance
C. Cisco IOS router
D. Cisco PIX 500 series security appliance
Correct Answer: B
QUESTION 70
The enable secret password appears as an MD5 hash in a router’s configuration file, whereas the enable
password is not hashed (or encrypted, if the password-encryption service is not enabled).
What is the reason that Cisco still support the use of both enable secret and enable passwords in a
router’s configuration?
A. The enable password is used for IKE Phase I, whereas the enable secret password is used for IKE Phase II.
B. The enable password is considered to be a router’s public key, whereas the enable secret password is considered to be a router’s private key.
C. Because the enable secret password is a hash, it cannot be decrypted. Therefore, the enable password is used to match the password that was entered, and the enable secret is used to verify that the enable password has not been modified since the hash was generated.
D. The enable password is present for backward compatibility.
Correct Answer: D
QUESTION 71
Which classes does the U.S. government place classified data into? (Choose three.)
A. SBU
B. Confidential
C. Secret
D. Top-secret
Correct Answer: BCD
QUESTION 72
How does CLI view differ from a privilege level?
A. A CLI view supports only commands configured for that specific view, whereas a privilege level supports commands available to that level and all the lower levels.
B. A CLI view supports only monitoring commands, whereas a privilege level allows a user to make changes to an IOS configuration.
C. A CLI view and a privilege level perform the same function. However, a CLI view is used on a Catalyst switch, whereas a privilege level is used on an IOS router.
D. A CLI view can function without a AAA configuration, whereas a privilege level requires AAA to be configured.
Correct Answer: A
QUESTION 73
When configuring Cisco IOS login enhancements for virtual connections, what is the “quiet period”?
A. A period of time when no one is attempting to log in
B. The period of time in which virtual logins are blocked as security services fully initialize
C. The period of time in which virtual login attempts are blocked, following repeated failed login attempts
D. The period of time between successive login attempts
Correct Answer: C
QUESTION 74
Which three statements are valid SDM configuration wizards? (Choose three.)
A. Security Audit
B. VPN
C. STP
D. NAT
Correct Answer: ABD
QUESTION 75
How do you define the authentication method that will be used with AAA?
A. With a method list
B. With the method command
C. With the method aaa command
D. With a method statement
Correct Answer: A
QUESTION 76
What is the objective of the aaa authentication login console-in local command?
A. It specifies the login authorization method list named console-in using the local RADIUS username-password database.
B. It specifies the login authorization method list named console-in using the local username-password database on the router.
C. It specifies the login authentication method list named console-in using the local user database on the router.
D. It specifies the login authentication list named console-in using the local username- password database on the router.
Correct Answer: C
QUESTION 77
Which one of the following commands can be used to enable AAA authentication to determine if a user can access the privilege command level?
A. aaa authentication enable default local
B. aaa authentication enable level
C. aaa authentication enable method default
D. aaa authentication enable default
Correct Answer: D
QUESTION 78
Please choose the correct matching relationships between the cryptography algorithms and the type of algorithm.
A. Symmetric – TIS1, TIS2 and TIS3 Asymmetric – TIS4, TIS5 and TIS6
B. Symmetric – TIS1, TIS4 and TIS5 Asymmetric – TIS2, TIS3 and TIS6
C. Symmetric – TIS2,TIS4 and TIS5 Asymmetric – TIS1, TIS3 and TIS6
D. Symmetric – TIS2, TIS5 and TIS6 Asymmetric – TIS1, TIS3 and TIS4
Correct Answer: B
QUESTION 79
Which two ports are used with RADIUS authentication and authorization?(Choose two.)
A. TCP port 2002
B. UDP port 2000
C. UDP port 1645
D. UDP port 1812
Correct Answer: CD
QUESTION 80
For the following items, which management topology keeps management traffic isolated from production traffic?
A. OOB
B. SAFE
C. MARS
D. OTP
Correct Answer: A
QUESTION 81
Information about a managed device??s resources and activity is defined by a series of objects. What defines the structure of these management objects?
A. FIB
B. LDAP
C. CEF
D. MIB
Correct Answer: D QUESTION 82
When configuring SSH, which is the Cisco minimum recommended modulus value?
A. 2048 bits
B. 256 bits
C. 1024 bits
D. 512 bits
Correct Answer: C QUESTION 83
When using the Cisco SDM Quick Setup Siteto-Site VPN wizard, which three parameters do you configure? (Choose three.)
A. Interface for the VPN connection
B. IP address for the remote peer
C. Transform set for the IPsec tunnel
D. Source interface where encrypted traffic originates
Correct Answer: ABD QUESTION 84
If you click the Configure button along the top of Cisco SDM??s graphical interface,which Tasks button permits you to configure such features as SSH, NTP, SNMP, and syslog?
A. Additional Tasks
B. Security Audit
C. Intrusion Prevention
D. Interfaces and Connections
Correct Answer: A QUESTION 85
Which method is of gaining access to a system that bypasses normal security measures?
A. Creating a back door
B. Starting a Smurf attack
C. Conducting social engineering
D. Launching a DoS attack
Correct Answer: A QUESTION 86
Examine the following options, which Spanning Tree Protocol (STP) protection mechanism disables a switch port if the port receives a Bridge Protocol Data Unit (BPDU)?
A. PortFast
B. BPDU Guard
C. UplinkFast
D. Root Guard
Correct Answer: B QUESTION 87
If a switch is working in the fail-open mode, what will happen when the switch’s CAM table fills to capacity and a new frame arrives?
A. The switch sends a NACK segment to the frame’s source MAC address.
B. A copy of the frame is forwarded out all switch ports other than the port the frame was received on.
C. The frame is dropped.
D. The frame is transmitted on the native VLAN.
Correct Answer: B QUESTION 88
Which type of MAC address is dynamically learned by a switch port and then added to the switch’s running configuration?
A. Pervasive secure MAC address
B. Static secure MAC address
C. Sticky secure MAC address
D. Dynamic secure MAC address
Correct Answer: C QUESTION 89
Which are the best practices for attack mitigations?
A. TIS1, TIS2, TIS3 and TIS5
B. TIS2, TIS5, TIS6 and TIS8
C. TIS2, TIS5, TIS6 and TIS7
D. TIS2, TIS3, TIS6 and TIS8
E. TIS3, TIS4, TIS6 and TIS7
Correct Answer: B
QUESTION 90
In an IEEE 802.1x deployment, between which two devices EAPOL messages typically are sent?
A. Between the RADIUS server and the authenticator
B. Between the authenticator and the authentication server
C. Between the supplicant and the authentication server
D. Between the supplicant and the authenticator
Correct Answer: D
QUESTION 91
Which item is the great majority of software vulnerabilities that have been discovered?
A. Stack vulnerabilities
B. Software overflows C. Heap overflows
D. Buffer overflows
Correct Answer: D QUESTION 92
What will be enabled by the scanning technology-The Dynamic Vector Streaming (DVS)?
A. Firmware-level virus detection
B. Layer 4 virus detection
C. Signature-based spyware filtering
D. Signature-based virus filtering
Correct Answer: C QUESTION 93
What Cisco Security Agent Interceptor is in charge of intercepting all read/write requests to the rc files in UNIX?
A. Network interceptor
B. Configuration interceptor
C. Execution space interceptor
D. File system interceptor
Correct Answer: B QUESTION 94
Which name is of the e-mail traffic monitoring service that underlies that architecture of IronPort?
A. IronPort M-Series
B. E-Base
C. TrafMon
D. SenderBase
Correct Answer: D QUESTION 95
Which statement is not a reason for an organization to incorporate a SAN in its enterprise infrastructure?
A. To increase the performance of long-distance replication, backup, and recovery
B. To decrease the threat of viruses and worm attacks against data storage devices
C. To decrease both capital and operating expenses associated with data storage
D. To meet changing business priorities, applications, and revenue growth
Correct Answer: B QUESTION 96
Which protocol will use a LUN as a way to differentiate the individual disk drives that comprise a target device?
A. iSCSI
B. ATA
C. SCSI
D. HBA Correct Answer: C QUESTION 97
Which statement is true about a Smurf attack?
A. It sends ping requests to a subnet, requesting that devices on that subnet send ping replies to a target system.
B. It intercepts the third step in a TCP three-way handshake to hijack a session.
C. It uses Trojan horse applications to create a distributed collection of “zombie” computers, which can be used to launch a coordinated DDoS attack.
D. It sends ping requests in segments of an invalid size.
Correct Answer: A QUESTION 98
For the following statements, which one is perceived as a drawback of implementing Fibre Channel Authentication Protocol (FCAP)?
A. It is restricted in size to only three segments.
B. It requires the implementation of IKE.
C. It relies on an underlying Public Key Infrastructure (PKI).
D. It requires the use of netBT as the network protocol.
Correct Answer: C QUESTION 99
Which two primary port authentication protocols are used with VSANs? (Choose two.)
A. ESP
B. CHAP
C. DHCHAP
D. SPAP
Correct Answer: BC QUESTION 100
Which VoIP components can permit or deny a call attempt on the basis of a network’s available bandwidth?
A. MCU
B. Gatekeeper
C. Application server
D. Gateway
Correct Answer: B QUESTION 101
Which statement is true about vishing?
A. Influencing users to forward a call to a toll number (for example, a long distance or international number)
B. Influencing users to provide personal information over the phone
C. Using an inside facilitator to intentionally forward a call to a toll number (for example, a long distance or international number)
D. Influencing users to provide personal information over a web page
Correct Answer: B QUESTION 102
You work as a network engineer, do you know an IPsec tunnel is negotiated within the protection of which type of tunnel?
A. GRE tunnel
B. L2TP tunnel
C. L2F tunnel
D. ISAKMP tunnel
Correct Answer: D QUESTION 103
Which type of firewall is needed to open appropriate UDP ports required for RTP streams?
A. Proxy firewall
B. Packet filtering firewall
C. Stateful firewall
D. Stateless firewall
Correct Answer: C QUESTION 104
Please choose the correct description about Cisco Self-Defending Network characteristics.
A. INTEGRATED – TIS1 COLLABORATIVE – TIS2 ADAPTIVE – TIS3
B. INTEGRATED – TIS2 COLLABORATIVE – TIS1 ADAPTIVE – TIS3
C. INTEGRATED – TIS2 COLLABORATIVE – TIS3 www-CareerCert-info ADAPTIVE – TIS1
D. INTEGRATED – TIS3 COLLABORATIVE – TIS2 ADAPTIVE – TIS1
Correct Answer: B
CCNA Exam Certification Guide is a best-of-breed Cisco 640-553 exam study guide that has been completely updated to focus specifically on the objectives.Senior instructor and best-selling author Wendell Odom shares preparation hints and Cisco 640-553 tips to help you identify areas of weakness and improve both your conceptual and hands-on knowledge.Cisco 640-553 Material is presented in a concise manner,focusing on increasing your understanding and retention of exam topics.
