IMPLEMENTING CISCO IOS NETWORK SECURITY 640-554 Sample Questions

1
Cisco 640-554 Exam Questions
www.Passin1day.com Presents
1

• Implementing Cisco IOS Network Security (IINS
  v2.0)
• Version 23.0

2
Description
2

• Descriptive but short introduction of 640-554
  Certification Exam is as Follows
• The 640-554 Implementing Cisco IOS Network
  Security (IINS) exam is associated with the CCNA
  Security certification. This exam tests a
  candidate's knowledge about securing Cisco
  routers and switches and their associated
  networks. It leads to validated skills for
  installation, troubleshooting and monitoring of
  network devices to maintain integrity,
  confidentiality and availability of data and
  devices and develops competency in the
  technologies that Cisco uses in its security
  infrastructure.

www.passin1day.com
3
Training Recommendations
3

• The Following Course is the Recommended Training
  for this Exam
• Implementing Cisco IOS Network Security (IINS)

www.passin1day.com
4
Exam Topics
4

• The Following Topics Should be Covered for
  640-554
• Security and Cisco Routers
• Common Security Threats
• AAA on Cisco Devices
• IOS ACLs
• Secure Network Management and Reporting
• Common Layer 2 Attacks
• Cisco Firewall Technologies
• Cisco IPS

www.passin1day.com
5
640-554 Exam Questions
5

• QUESTION NO 1
• Which statement about the role-based CLI access
  views on a Cisco router is true?
• A. The maximum number of configurable CLI access
  views is 10, including one lawful intercept view
  and excluding the root view.
• B. The maximum number of configurable CLI access
  views is 10, including one superview.
• C. The maximum number of configurable CLI access
  views is 15, including one lawful intercept view
  and excluding the root view.
• D. The maximum number of configurable CLI access
  views is 15, including one lawful intercept view.
• Answer C

www.passin1day.com
6
640-554 Exam Questions
6

• QUESTION NO 2
• Which statement about rule-based policies in
  Cisco Security Manager is true?
• A. Rule-based policies contain one or more rules
  that are related to a device security and
  operations parameters.
• B. Rule-based policies contain one or more rules
  that control how traffic is filtered and
  inspected on a device.
• C. Rule-based policies contain one or more user
  roles that are related to a device security and
  operations parameters.
• D. Rule-based policies contain one or more user
  roles that control how user traffic is filtered
  and inspected on a device.
• Answer B

www.passin1day.com
7
640-554 Exam Questions
7

• QUESTION NO 3
• Which command will configure a Cisco ASA firewall
  to authenticate users when they enter the enable
  syntax using the local database with no fallback
  method?
• A. aaa authentication enable console LOCAL
  SERVER_GROUP
• B. aaa authentication enable console SERVER_GROUP
  LOCAL
• C. aaa authentication enable console local
• D. aaa authentication enable console LOCAL
• Answer D

www.passin1day.com
8
640-554 Exam Questions
8

• QUESTION NO 4
• Which three statements about RADIUS are true?
  (Choose three.)
• A. RADIUS uses TCP port 49
• B. RADIUS uses UDP ports 1645 or 1812
• C. RADIUS encrypts the entire packet
• D. RADIUS encrypts only the password in the
  Access-Request packet
• E. RADIUS is a Cisco proprietary technology
• F. RADIUS is an open standard
• Answer B,D,F

www.passin1day.com
9
640-554 Exam Questions
9

• QUESTION NO 5
• Which command will configure AAA accounting using
  the list of all RADIUS servers on a device to
  generate a reload event message when the device
  reloads?
• A. aaa accounting network default start-stop
  group radius
• B. aaa accounting auth-proxy default start-stop
  group radius
• C. aaa accounting system default start-stop group
  radius
• D. aaa accounting exec default start-stop group
  radius
• Answer C

www.passin1day.com
10
640-554 Exam Questions
10

• QUESTION NO 6
• Which three statements about access lists are
  true? (Choose three.)
• A. Extended access lists should be placed as near
  as possible to the destination.
• B. Extended access lists should be placed as near
  as possible to the source.
• C. Standard access lists should be placed as near
  as possible to the destination.
• D. Standard access lists should be placed as near
  as possible to the source
• E. Standard access lists filter on the source
  address.
• F. Standard access lists filter on the
  destination address.
• Answer B,C,E

www.passin1day.com
11
640-554 Exam Questions
11

• QUESTION NO 7
• Which command configures a device to actively
  watch connection requests and provide immediate
  protection from DDoSattacks?
• A. router(config) iptcpintercept mode intercept
• B. router(config) iptcpintercept mode watch
• C. router(config) iptcpintercept max-incomplete
  high 100
• D. router(config) iptcpintercept drop-mode
  random
• Answer A

www.passin1day.com
12
640-554 Exam Questions
12

• QUESTION NO 8
• Which command will block external spoofed
  addresses?
• A. access-list 128 deny ip10.0.0.0 0.0.255.255
  any
• B. access-list 128 deny ip192.168.0.0 0.0.0.255
  any
• C. access-list 128 deny ip10.0.0.0 0.255.255.255
  any
• D. access-list 128 deny ip192.168.0.0 0.0.31.255
  any
• Answer C

www.passin1day.com
13
640-554 Exam Questions
13

• QUESTION NO 9
• Which option describes a function of a virtual
  VLAN?
• A. A virtual VLAN creates a logically partitioned
  LAN to place switch ports in a separate broadcast
  domain.
• B. A virtual VLAN creates trunks and links two
  switches together.
• C. A virtual VLAN adds every port on a switch to
  its own collision domain.
• D. A virtual VLAN connects many hubs together.
• Answer A

www.passin1day.com
14
640-554 Exam Questions
14

• QUESTION NO 10
• Which action can you take to add bandwidth to a
  trunk between two switches and end up with only
  one logical interface?
• A. Configure another trunk link.
• B. Configure EtherChannel.
• C. Configure an access port.
• D. Connect a hub between the two switches.
• Answer A

www.passin1day.com
15
Objectives of Course
15

• The Following Objectives, the learner will be
  able to meet at the end of this Course
• Describe the components of a comprehensive
  network security policy that can be used to
  counter threats against IT systems, within the
  context of a security policy lifecycle.
• Develop and implement security countermeasures
  that are aimed at protecting network elements as
  part of the network infrastructure.
• Deploy and maintain threat control and
  containment technologies for perimeter security
  in small and midsize networks.
• Describe secure connectivity strategies and
  technologies using VPNs, and configure
  site-to-site and remote access VPNs using Cisco
  IOS features.

www.passin1day.com
16
Choose Passin1day
16

• To obtain the above Mentioned Objectives the best
  way is provided by www.passin1day.com which
  provides the best study material with great deals
  Packages.Our Study Material Possess the
  Following Attributes
• Success
• Quality
• Guarantee
• Excellence

www.passin1day.com
17
17
Trust Us We Build Your Future
www.passin1day.com