Cisco 640-553 Study Guides, Useful Cisco 640-553 PDF On Sale

Do not you know how to choose the Cisco 640-553 exam dumps? Being worried about your Cisco 640-553 exam? Just try Flydumps new version Cisco 640-553 exam dumps.High pass rate and money back guarantee!

Which three primary functions are required to secure communication across network links? (Choose three.)
A. accounting
B. anti-replay protection
C. authentication
D. authorization
E. confidentiality
F. integrity
Correct Answer: CEF
Which two encryption algorithms are commonly used to encrypt the contents of a message? (Choose two.)
C. IPsec
Correct Answer: AB
An administrator requires a PKI that supports a longer lifetime for keys used for digital signing operations than for keys used for encrypting data. Which feature should the PKI support?
A. certificate keys
B. nonrepudiation keys
C. usage keys
D. variable keys
Correct Answer: C
Two users must authenticate each other using digital certificates and a CA. Which option describes the CA authentication procedure?
A. The CA is always required, even after user verification is complete.
B. The users must obtain the certificate of the CA and then their own certificate.
C. After user verification is complete, the CA is no longer required, even if one of the involved certificates expires.
D. CA certificates are retrieved out-of-band using the PSTN, and the authentication is done in-band over a network.
Correct Answer: B
A customer purchases an item from an e-commerce site. The e-commerce site must maintain proof that the data exchange took place between the site and the customer. Which feature of digital signatures is required?
A. authenticity of digitally signed data
B. integrity of digitally signed data
C. nonrepudiation of the transaction
D. confidentiality of the public key
Correct Answer: C QUESTION 6
What is the basic method used by 3DES to encrypt plaintext?
A. The data is encrypted three times with three different keys.
B. The data is encrypted, decrypted, and encrypted using three different keys.
C. The data is divided into three blocks of equal length for encryption.
D. The data is encrypted using a key length that is three times longer than the key used for DES.

Correct Answer: B QUESTION 7
Which statement describes a cryptographic hash function?
A. A one-way cryptographic hash function is hard to invert.
B. The output of a cryptographic hash function can be any length.
C. The input of a cryptographic hash function has a fixed length.
D. A cryptographic hash function is used to provide confidentiality.

Correct Answer: A QUESTION 8
Which statement is a feature of HMAC?
A. HMAC is based on the RSA hash function.
B. HMAC uses a secret key that is only known to the sender and defeats man-in-the-middle attacks.
C. HMAC uses a secret key as input to the hash function, adding authentication to integrity assurance.
D. HMAC uses protocols such as SSL or TLS to provide session layer confidentiality.

Correct Answer: C QUESTION 9
Why is RSA typically used to protect only small amounts of data?
A. The keys must be a fixed length.
B. The public keys must be kept secret.
C. The algorithms used to encrypt data are slow.
D. The signature keys must be changed frequently.

Correct Answer: C QUESTION 10
The network administrator for an e-commerce website requires a service that prevents customers from claiming that legitimate orders are fake. What service provides this type of guarantee?
A. authentication
B. confidentiality
C. integrity
D. nonrepudiation

Correct Answer: D QUESTION 11
Refer to the exhibit. Which encryption algorithm is described in the exhibit?

D. RC4

Correct Answer: A
Which statement describes asymmetric encryption algorithms?
A. They include DES, 3DES, and AES.
B. They have key lengths ranging from 80 to 256 bits.
C. They are also called shared-secret key algorithms.
D. They are relatively slow because they are based on difficult computational algorithms.
Correct Answer: D
Which symmetrical encryption algorithm is the most difficult to crack?
Correct Answer: B

What is a characteristic of the RSA algorithm?
A. RSA is much faster than DES.
B. RSA is a common symmetric algorithm.
C. RSA is used to protect corporate data in high-throughput, low-latency environments.
D. RSA keys of 512 bits can be used for faster processing, while keys of 2048 bits can be used for increased security.
Correct Answer: D
Refer to the exhibit. Which type of cipher method is depicted?

A. Caesar cipher
B. stream cipher
C. substitution cipher
D. transposition cipher
Correct Answer: D
What does it mean when a hashing algorithm is collision resistant?
A. Exclusive ORs are performed on input data and produce a digest.
B. It is not feasible to compute the hash given the input data.
C. It uses a two-way function that computes a hash from the input and output data.
D. Two messages with the same hash are unlikely to occur.
Correct Answer: D
How do modern cryptographers defend against brute-force attacks?
A. Use statistical analysis to eliminate the most common encryption keys.
B. Use an algorithm that requires the attacker to have both ciphertext and plaintext to conduct a successful attack.
C. Use a keyspace large enough that it takes too much money and too much time to conduct a successful attack.
D. Use frequency analysis to ensure that the most popular letters used in the language are not used in the cipher message.
Correct Answer: C
Which two statements correctly describe certificate classes used in the PKI? (Choose two.)
A. A class 0 certificate is for testing purposes.
B. A class 0 certificate is more trusted than a class 1 certificate.
C. The lower the class number, the more trusted the certificate.
D. A class 5 certificate is for users with a focus on verification of email.
E. A class 4 certificate is for online business transactions between companies.
Correct Answer: AE
Which statement describes the use of keys for encryption?
A. The sender and receiver must use the same key when using symmetric encryption.
B. The sender and receiver must use the same key when using asymmetric encryption.
C. The sender and receiver must use the same keys for both symmetric and asymmetric encryption.
D. The sender and receiver must use two keys: one for symmetric encryption and another for asymmetric encryption.
Correct Answer: A
Which encryption protocol provides network layer confidentiality?
A. IPsec protocol suite
B. Keyed MD5
C. Message Digest 5
D. Secure Sockets Layer
E. Secure Hash Algorithm 1
F. Transport Layer Security
Correct Answer: A Exam H

Which IPsec protocol should be selected when confidentiality is required?
A. tunnel mode
B. transport mode
C. authentication header
D. encapsulating security payload
E. generic routing encapsulation
Correct Answer: D
When using ESP tunnel mode, which portion of the packet is not authenticated?
A. ESP header
B. ESP trailer
C. new IP header
D. original IP header
Correct Answer: C
When configuring an IPsec VPN, what is used to define the traffic that is sent through the IPsec tunnel and protected by the IPsec process?
A. crypto map
B. crypto ACL
C. ISAKMP policy
D. IPsec transform set
Correct Answer: A
Refer to the exhibit. Which two IPsec framework components are valid options when configuring an IPsec VPN on a Cisco ISR router? (Choose two.)

A. Integrity options include MD5 and RSA.
B. IPsec protocol options include GRE and AH.
C. Confidentiality options include DES, 3DES, and AES.
D. Authentication options include pre-shared key and SHA.
E. Diffie-Hellman options include DH1, DH2, and DH5.
Correct Answer: CE
Refer to the exhibit. Based on the SDM screen, which Easy VPN Server component is being configured?

A. group policy
B. transform set
C. IKE proposal
D. user authentication
Correct Answer: A QUESTION 6
Refer to the exhibit. Under the ACL Editor, which option is used to specify the traffic to be encrypted on a secure

A. connection?
B. Access Rules
C. IPsec Rules
D. Firewall Rules
E. SDM Default Rules

Correct Answer: C
What are two authentication methods that can be configured using the SDM Site-to-Site VPN Wizard? (Choose two.)
A. MD5
C. pre-shared keys
D. encrypted nonces
E. digital certificates
Correct Answer: CE
Refer to the exhibit. A site-to-site VPN is required from R1 to R3. The administrator is using the SDM Site-to-Site VPN Wizard on R1. Which IP address should the administrator enter in the highlighted field?

Correct Answer: D
What is required for a host to use an SSL VPN?
A. VPN client software must be installed.
B. A site-to-site VPN must be preconfigured.
C. The host must be in a stationary location.
D. A web browser must be installed on the host.
Correct Answer: D
Which two statements accurately describe characteristics of IPsec? (Choose two.)
A. IPsec works at the application layer and protects all application data.
B. IPsec works at the transport layer and protects data at the network layer.
C. IPsec works at the network layer and operates over all Layer 2 protocols.
D. IPsec is a framework of proprietary standards that depend on Cisco specific algorithms.
E. IPsec is a framework of standards developed by Cisco that relies on OSI algorithms.
F. IPsec is a framework of open standards that relies on existing algorithms.
Correct Answer: C
QUESTION 11 When configuring a site-to-site IPsec VPN using the CLI, the authentication pre-share command is configured in the ISAKMP policy. Which additional peer authentication configuration is required?
A. Configure the message encryption algorithm with the encryptiontype ISAKMP policy configuration command.
B. Configure the DH group identifier with the groupnumber ISAKMP policy configuration command.
C. Configure a hostname with the crypto isakmp identity hostname global configuration command.
D. Configure a PSK with the crypto isakmp key global configuration command.
Correct Answer: D QUESTION 12
Which action do IPsec peers take during the IKE Phase 2 exchange?
A. exchange of DH keys
B. negotiation of IPsec policy
C. verification of peer identity
D. negotiation of IKE policy sets

Correct Answer: B QUESTION 13
Refer to the exhibit. A network administrator is troubleshooting a GRE VPN tunnel between R1 and R2. Assuming the R2 GRE configuration is correct and based on the running configuration of R1, what must

A. change the tunnel source interface to Fa0/0
B. change the tunnel destination to
C. change the tunnel IP address to
D. change the tunnel destination to
E. change the tunnel IP address to

Correct Answer: D
QUESTION 14 When verifying IPsec configurations, which show command displays the encryption algorithm, hash algorithm, authentication method, and Diffie-Hellman group configured, as well as default settings?
A. show crypto map
B. show crypto ipsec sa
C. show crypto isakmp policy
D. show crypto ipsec transform-set

Correct Answer: C
With the Cisco Easy VPN feature, which process ensures that a static route is created on the Cisco Easy VPN Server for the internal IP address of each VPN client?
A. Cisco Express Forwarding
B. Network Access Control
C. On-Demand Routing
D. Reverse Path Forwarding
E. Reverse Route Injection
Correct Answer: E
Which statement describes an important characteristic of a site-to-site VPN?
A. It must be statically set up.
B. It is ideally suited for use by mobile workers.
C. It requires using a VPN client on the host PC.
D. It is commonly implemented over dialup and cable modem networks.
E. After the initial connection is established, it can dynamically change connection information.
Correct Answer: A
What is the default IKE policy value for authentication?
A. MD5
C. RSA signatures
D. pre-shared keys
E. RSA encrypted sconces
Correct Answer: C
Which requirement necessitates using the Step-by-Step option of the SDM Site-to-Site VPN wizard instead of the Quick Setup option?
A. AES encryption is required.
B. 3DES encryption is required.
C. Pre-shared keys are to be used.
D. The remote peer is a Cisco router.
E. The remote peer IP address is unknown.
Correct Answer: A
How many bytes of overhead are added to each IP packet while it is transported through a GRE tunnel?
A. 8
B. 16
C. 24
D. 32
Correct Answer: C
What are two benefits of an SSL VPN? (Choose two.)
A. It supports all client/server applications.
B. It supports the same level of cryptographic security as an IPsec VPN.
C. It has the option of only requiring an SSL-enabled web browser.
D. The thin client mode functions without requiring any downloads or software.
E. It is compatible with DMVPNs, Cisco IOS Firewall, IPsec, IPS, Cisco Easy VPN, and NAT.
Correct Answer: BE
Which UDP port must be permitted on any IP interface used to exchange IKE information between security gateways?
A. 400
B. 500
C. 600
D. 700
Correct Answer: B Exam I

What are the two major elements of the Cisco Secure Communications solution? (Choose two.)
A. secure communications for extranets
B. secure communications for intranets
C. secure communications for management
D. secure communications for remote access
E. secure communications for site-to-site connections
Correct Answer: DE
Which component of the security policy lists specific websites, newsgroups, or bandwidth-intensive applications that are not allowed on the company network?
A. remote access policies
B. acceptable use policies
C. incident handling procedures
D. identification and authentication policies
Correct Answer: B
What are the two major components of a security awareness program? (Choose two.)
A. awareness campaign
B. security policy development
C. security solution development
D. self-defending network implementation
E. training and education
Correct Answer: AE
Which term describes a completely redundant backup facility, with almost identical equipment to the operational facility that is maintained in the event of a disaster?
A. backup site
B. cold site
C. hot site
D. reserve site
Correct Answer: C

What are three benefits of a comprehensive security policy? (Choose three.)
A. defines legal consequences of violations
B. ensures consistency in system operations
C. ensures diversity in system operations, software and hardware acquisition and use, and maintenance
D. identifies reputable network equipment providers
E. sets the rules for expected behavior
F. provides a database for information assets
Correct Answer: ACE QUESTION 6

Which two Cisco Threat Control and Containment technologies address endpoint security? (Choose two.)
A. Cisco Application Control Engine
B. Cisco Network Admission Control
C. Cisco Security Agent
D. Cisco Security Monitoring, Analysis, and Response System
E. virtual private network
Correct Answer: BC
What are three key principles of a Cisco Self-Defending Network? (Choose three.)
A. adaptability
B. authentication
C. collaboration
D. confidentiality
E. integration
F. integrity
Correct Answer: ACE
Which three detailed documents are used by security staff for an organization to implement the security policies? (Choose three.)
A. asset inventory
B. best practices
C. guidelines
D. procedures
E. risk assessment
F. standards
Correct Answer: CDF
Which security document includes implementation details, usually with step-by-step instructions and graphics?
A. guideline document
B. standard document
C. procedure document
D. overview document
Correct Answer: C

When an organization implements the two-person control principle, how are tasks handled?
A. A task requires two individuals who review and approve the work of each other.
B. A task is broken down into two parts, and each part is assigned to a different individual.
C. A task must be completed twice by two operators who must achieve the same results.
D. A task is rotated among individuals within a team, each completing the entire task for a specific amount of time.
Correct Answer: A
Which policy includes standards regarding the installation and update of endpoint threat-control software?
A. distribution policy
B. end-user policy
C. management policy
D. technical policy
Correct Answer: B
Which three statements describe ethics in network security? (Choose three.)
A. principles put into action in place of laws
B. foundations for current laws
C. set of moral principles that govern civil behavior
D. standard that is higher than the law
E. set of regulations established by the judiciary system
F. set of legal standards that specify enforceable actions when the law is broken
Correct Answer: BCD
What are the two components in the Cisco Security Management Suite? (Choose two.)
A. Cisco Intrusion Prevention
B. Cisco Network Admission Control
C. Cisco Security Agent
D. Cisco Security Manager
E. Cisco Security MARS
Correct Answer: DE
In which phase of the system development life cycle should security requirements be addressed?
A. Add security requirements during the initiation phase.
B. Include a minimum set of security requirements at each phase.
C. Apply critical security requirements during the implementation phase.
D. Implement the majority of the security requirements at the acquisition phase.
Correct Answer: D

Which security services, available through the Cisco Self-Defending Network, include VPN access?
A. secure communications
B. threat control and containment
C. operational control and policy management
D. application control for infrastructure
Correct Answer: B
Which type of analysis uses a mathematical model that assigns a monetary figure to the value of assets,
the cost of threats being realized, and the cost of security implementations?
A. Qualitative Risk Analysis
B. Quantitative Risk Analysis
C. Qualitative Asset Analysis
D. Quantitative Continuity Analysis
Correct Answer: B QUESTION 17
Which principle of the Cisco Self-Defending Network emphasizes that security should be built in?
A. adapt
B. collaborate
C. integrate
D. simplify

Correct Answer: C QUESTION 18
Refer to the exhibit. When implementing the Cisco Self-Defending Network, which two technologies ensure confidentiality when referring to secure communications? (Choose two.)

A. Cisco NAC appliances and Cisco Security Agent
B. Cisco Security Manager
C. Cisco Security Monitoring, Analysis, and Response System
D. Intrusion Prevention System
E. IPsec VPN

Correct Answer: EF QUESTION 19
Which three documents comprise the hierarchical structure of a comprehensive security policy for an organization? (Choose three.)
A. backup policy
B. server policy
C. incident policy
D. governing policy
E. end-user policy
F. technical policy
Correct Answer: DEF
Which network security test requires a network administrator to launch an attack within the network?
A. network scan
B. password crack
C. penetration test
D. vulnerability scan
Correct Answer: C

What is the primary focus of network operations security?
A. to design and develop secure application code
B. to support deployment and periodic maintenance of secure systems
C. to conduct regular employee background checks
D. to reprimand personnel who do not adhere to security policies
Correct Answer: B
The Cisco contains more than 400 practice questions for the Cisco 640-553 exams,including simulation-based questions.Also contains hands-on exercises and a customized copy of the Cisco 640-553 exams network simulation software.