Official 2014 Latest Cisco 640-554 Dump Free Download(61-70)!

QUESTION 61
Which two characteristics of the TACACS+ protocol are true? (Choose two.)

A.    uses UDP ports 1645 or 1812
B.    separates AAA functions
C.    encrypts the body of every packet
D.    offers extensive accounting capabilities
E.    is an open RFC standard protocol

Answer: BC

QUESTION 62
Refer to the exhibit. Which statement about this partial CLI configuration of an access control list is true?

clip_image001

A.    The access list accepts all traffic on the 10.0.0.0 subnets.
B.    All traffic from the 10.10.0.0 subnets is denied.
C.    Only traffic from 10.10.0.10 is allowed.
D.    This configuration is invalid. It should be configured as an extended ACL to permit the associated
wildcard mask.
E.    From the 10.10.0.0 subnet, only traffic sourced from 10.10.0.10 is allowed; traffic sourced from the
other 10.0.0.0 subnets also is allowed.
F.    The access list permits traffic destined to the 10.10.0.10 host on FastEthernet0/0 from any source.

Answer: E

QUESTION 63
Which type of Cisco ASA access list entry can be configured to match multiple entries in a single statement?

A.    nested object-class
B.    class-map
C.    extended wildcard matching
D.    object groups

Answer: D

QUESTION 64
Which statement about an access control list that is applied to a router interface is true?

A.    It only filters traffic that passes through the router.
B.    It filters pass-through and router-generated traffic.
C.    An empty ACL blocks all traffic.
D.    It filters traffic in the inbound and outbound directions.

Answer: A

QUESTION 65
You have been tasked by your manager to implement syslog in your network. Which option is an important factor to consider in your implementation?

A.    Use SSH to access your syslog information.
B.    Enable the highest level of syslog function available to ensure that all possible event messages are logged.
C.    Log all messages to the system buffer so that they can be displayed when accessing the router.
D.    Synchronize clocks on the network with a protocol such as Network Time Protocol.

Answer: D

QUESTION 66
Which protocol secures router management session traffic?

A.    SSTP
B.    POP
C.    Telnet
D.    SSH

Answer: D

QUESTION 67
Which two considerations about secure network management are important? (Choose two.)

A.    log tampering
B.    encryption algorithm strength
C.    accurate time stamping
D.    off-site storage
E.    Use RADIUS for router commands authorization.
F.    Do not use a loopback interface for device management access.

Answer: AC

QUESTION 68
Which command enables Cisco IOS image resilience?

A.    secure boot-<IOS image filename>
B.    secure boot-running-config
C.    secure boot-start
D.    secure boot-image

Answer: D

QUESTION 69
Which router management feature provides for the ability to configure multiple administrative views?

A.    role-based CLI
B.    virtual routing and forwarding
C.    secure config privilege {level}
D.    parser view view name

Answer: A

QUESTION 70
You suspect that an attacker in your network has configured a rogue Layer 2 device to intercept traffic from multiple VLANs, which allows the attacker to capture potentially sensitive data.
Which two methods will help to mitigate this type of activity? (Choose two.)

A.    Turn off all trunk ports and manually configure each VLAN as required on each port
B.    Disable DTP on ports that require trunking
C.    Secure the native VLAN, VLAN 1 with encryption
D.    Set the native VLAN on the trunk ports to an unused VLAN
E.    Place unused active ports in an unused VLAN

Answer: BD

If you want to pass the Cisco 640-554 Exam sucessfully, recommend to read latest Cisco 640-554 Dump full version.

clip_image001