Official 2014 Latest Cisco 640-864 Dump Free Download(51-60)!

QUESTION 51
Which two of these best describe the implementation of a WAN Backup design over the Internet? (Choose two.)

A.    a best-effort method
B.    bandwidth guaranteed based on interface configuration
C.    designed as an alternative to a failed WAN connection
D.    implemented with a point-to-point logical link using a Layer 2 tunnel
E.    requires no ISP coordination or involvement

Answer: AC

QUESTION 52
Which two design criteria require VLANs in a proposed solution? (Choose two.)

A.    the segmenting of collision domains
B.    a limited corporate budget
C.    the use of multivendor equipment
D.    security between departments
E.    video streaming on the LAN
F.    the segmenting of broadcast domains

Answer: DF

QUESTION 53
Which two methods are used to enhance VPN performance on Cisco ISRs? (Choose two.)

A.    SSL Acceleration Network Module
B.    VPN Shared Port Adapter
C.    VPN Acceleration Module
D.    high-performance VPN encryption AIM
E.    VPN Service Adapter
F.    built-in hardware-based encryption acceleration

Answer: DF

QUESTION 54
Which three factors best justify WAN link redundancy between geographically dispersed sites? (Choose three.)

A.    high expense of transmitting data
B.    important traffic flows
C.    excessive packet transmission rate
D.    uncertain reliability
E.    high link utilization
F.    lack of speed

Answer: BDF

QUESTION 55
Which three pieces of information should be documented for each step of each phase in a design implementation plan? (Choose three.)

A.    easy guidelines in case of failure
B.    estimated rollback time in case of failure
C.    simple implementation guidelines
D.    estimated implementation time
E.    design document references
F.    step description

Answer: DEF

QUESTION 56
The topology map in the draft design document should cover which two layers of the OSI model? (Choose two.)

A.    session
B.    data link
C.    transport
D.    application
E.    physical
F.    network

Answer: EF

QUESTION 57
In a Cisco CatOS switch, what is the recommended practice when configuring switch-to-switch intercommunications to carry multiple VLANs for Dynamic Trunk Protocol?

A.    auto to auto_negotiate
B.    disable Dynamic Trunk Protocol when operating in the distribution layer
C.    auto to auto_no_negotiate
D.    desirable to desirable_no_negotiate
E.    on to on_negotiate
F.    desirable to desirable_negotiate

Answer: E

QUESTION 58
What are the two most likely driving forces motivating businesses to integrate voice and data into converged networks? (Choose two.)

A.    Voice networks cannot carry data unless the PRI circuits aggregate the BRI circuits.
B.    Their PSTNs cannot deploy features quickly enough.
C.    Data, voice, and video cannot converge on their current PSTN structures.
D.    Voice has become the primary traffic on networks.
E.    WAN costs can be reduced by migrating to converged networks.

Answer: CE

QUESTION 59
A lightweight access point is added to a working network. Which sequence will it use to associate itself with a wireless LAN controller?

A.    primary, secondary, tertiary, greatest AP capacity, master
B.    primary, secondary, tertiary, master, greatest AP capacity
C.    master, primary, secondary, tertiary, greatest AP capacity
D.    greatest AP capacity, primary, secondary, tertiary, master

Answer: B

QUESTION 60
Which three mechanisms are required to deploy QoS on an IP WAN? (Choose three.)

A.    queuing and scheduling
B.    Call Admission Control
C.    traffic shaping
D.    link efficiency techniques
E.    traffic classification
F.    bandwidth provisioning

Answer: CDE

If you want to pass the Cisco 640-864 Exam sucessfully, recommend to read latest Cisco 640-864 Dump full version.

clip_image001

Official 2014 Latest Cisco 640-864 Dump Free Download(41-50)!

QUESTION 41
Which three terms describe the primary functions of the distribution layer of the campus network design hierarchy? (Chose three)

A.    provides end-user connectivity
B.    provides high speed transport
C.    provides QoS services
D.    enforces security policies
E.    provides WAN connection
F.    connects access devices to the core backbone

Answer: CDF

QUESTION 42
DataQuirk is a web-based medical transcription company for exotic-animal veterinarians. The company recently added a third ISP for international business. They are organizing the enterprise network into a fully operational Enterprise Edge.
To which two modules will the three ISPs be directly related? (Choose two.)

A.    PSTN
B.    E-commerce
C.    WAN/MAN
D.    Edge Distribution
E.    internet Connectivity
F.    Remote Access VPN

Answer: BE

QUESTION 43
Which codec does Cisco recommend tor WAN link?

A.    G.711
B.    G 723
C.    G 728
D.    G 729

Answer: D

QUESTION 44
Which codec does Cisco recommend for WAN links?

A.    G.711
B.    G.723
C.    G.728
D.    G.729

Answer: D

QUESTION 45
When considering the three VoIP design modelssingle site, centralized multisite, and distributed multisite which question below would help to eliminate one of the options?

A.    Will the switches be required to provide inline power?
B.    Will users need to make offsite calls, beyond the enterprise?
C.    Will users require applications such as voice mail and interactive voice response?
D.    Are there users whose only enterprise access is via a QoS-enabled WAN?

Answer: D

QUESTION 46
The enterprise campus core layer has requirements that are unique from the distribution and access layers. Which of the following is true about the core layer?

A.    The core layer provides convergence using Layer 2 and Layer 3 services and features.
B.    The core layer provides high availability to support the distribution layer connections to the
enterprise edge.
C.    The campus core layer is optional.
D.    The core layer requires high performance to manage the traffic policing across the backbone.

Answer: C

QUESTION 47
Which one of these statements is true concerning the data center distribution (aggregation) layer design?

A.    With Layer 3 at the aggregation layer, the physical loops in the topology must still be managed
by STP.
B.    The boundary between Layer 2 and Layer 3 must reside in the multilayer switches, independent
of any other devices such as firewalls or content switching devices.
C.    A mix of both Layer 2 and Layer 3 access is sometimes the most optimal.
D.    In a small data center, the aggregation layer can connect directly to the campus core, exchanging
IP routes and MAC address tables.

Answer: C

QUESTION 48
When designing the threat detection and mitigation portion for the enterprise data center network, which of the following would be the most appropriate solution to consider?

A.    802.1X
B.    ACLs in the core layer
C.    Cisco Security MARS
D.    Cisco Firewall Services Module

Answer: C

QUESTION 49
A Cisco Self-Defending Network has been installed, but DoS attacks are still being directed at e- commerce hosts. The connection rate at the Internet firewall was limited, but the problem persists.
What more can be done?

A.    Move the servers to the DMZ.
B.    Install all relevant operating system patches.
C.    Block the servers’ TCP traffic at the Internet firewall.
D.    Block the servers’ UDP traffic at the Internet firewall.

Answer: B

QUESTION 50
RST Corporation is planning to upgrade its current network. The chief technology officer has supplied a topology diagram and an IP addressing scheme of the current network during an interview.
RST has been growing at about twenty percent per year. It has been difficult to maintain customer support at a satisfactory level. Therefore, the RST board has met with and directed the chief technology officer to look into network improvements.
Which two items are most relevant in documenting RST’s business requirements? (Choose two.)

A.    existing network topologies
B.    network performance requirements
C.    the IP addresses assigned by the ISP
D.    improved customer support requirements
E.    projected growth estimates

Answer: DE

If you want to pass the Cisco 640-864 Exam sucessfully, recommend to read latest Cisco 640-864 Dump full version.

clip_image001

Official 2014 Latest Cisco 640-864 Dump Free Download(31-40)!

QUESTION 31
Which aspect would most likely be found in the draft design document?

A.    a list of QoS requirements
B.    a note that there are no segments with more than 70 percent broadcast or multicast traffic
C.    the level of redundancy or high availability that currently exists or is required in the network
D.    the list of network infrastructure services whir h are in use, such as voice and video

Answer: C

QUESTION 32
Your company’s Cisco routers are operating with EIGRP. You need to join networks with an acquisition’s heterogeneous routers at 3 sites, operating with EIGRP and OSPF. Which describes the best practice for routing protocol deployment?

A.    apply OSPF throughout both networks
B.    apply one-way redistribution exclusively at each location
C.    apply two way redistribution exclusively at each location
D.    apply two-way redistribution at each location with a route filter at only one location
E.    apply two-way redistribution at each location with a route filter at each location
F.    apply EIGRP with the same autonomous system throughout both networks

Answer: E

QUESTION 33
When considering the enterprise campus design, which network application category most influences the network design?

A.    peer-to-peer
B.    client-local server
C.    client-enterprise edge server
D.    client-server farm

Answer: D

QUESTION 34
Which two link state routing protocols support IPv6 routing? (Choose two)

A.    BGP4+
B.    OSPF
C.    RIPng
D.    EIGRP
E.    IS-IS

Answer: BE

QUESTION 35
When designing the wireless portion of an enterprise campus network, which one of these statements should serve as a strict guideline?

A.    Wireless controllers should be distributed throughout the building distribution layers
B.    Dynamic controller redundancy, where the access points attempt to join the least loaded controller,
is a best-practice approach.
C.    Wireless controllers should be centralized in the core layer
D.    To improve the RF coverage, the controllers of any building should be put in the same mobility group.

Answer: C

QUESTION 36
When designing using the Cisco Enterprise Architecture, in which Enterprise Campus layer does the remote Access and VPN module establish its connection?

A.    Building Access
B.    Campus Core
C.    Enterprise Branch
D.    Enterprise Data Center

Answer: B

QUESTION 37
Which one of these statements is an example of how trust and identity management solutions should be deployed in the enterprise campus network?

A.    Authentication validation should be deployed as close to the data center as possible.
B.    Use the principle of top-down privilege, which means that each subject should have the privileges
that are necessary to perform their defined tasks, as well as all the tasks for those roles below them.
C.    Mixed ACL rules, using combinations of specific sources and destinations, should be applied as close
to the source as possible.
D.    For ease of management, practice defense in isolation security mechanisms should be in place one
time, in one place.

Answer: C

QUESTION 38
Which of these is the equation used to derive a 64 Kbps bit rate?

A.    2 x 8 kHz x 4-bit code words
B.    8 kHz x 8-bit code words
C.    2 x 4-bit code words x 8 kHz
D.    2 x 4 kHz x 8-bit code words

Answer: D

QUESTION 39
Which one of these statements best describes the challenge of the designer when dealing with IP routing?

A.    OSPF supports fast convergence does not require periodic routing table updates, so the optional
network design is best simplified with the network as a single backbone area.
B.    Manual summarization is limited to ABRs and ASBRs, therefore the designer must pay strict attention
to the EIGRP topology.
C.    EIGRP, as a proprietary protocol, has special challenges when dealing with networks deployed with IPv6.
D.    Effective scalability with OSPF requires the designer to pay strict attention to the hierarchical network
structure, localizing topology changes.

Answer: D

QUESTION 40
When designing the identity and access control portions for the enterprise campus network, which of these solutions would be the most appropriate solution to consider?

A.    802.1x
B.    ACLs in the core layer
C.    Cisco Security MARS
D.    NetFlow

Answer: A

If you want to pass the Cisco 640-864 Exam sucessfully, recommend to read latest Cisco 640-864 Dump full version.

clip_image001

Official 2014 Latest Cisco 640-864 Dump Free Download(21-30)!

QUESTION 21
Which two statements best describe an OSPF deployment? (Choose two)

A.    ABR provides automatic classful network boundary summarization.
B.    ABR requires manual configuration for classful network summarization
C.    External routes are propagated into the autonomous system from stub areas via ASBR.
D.    External routes are propagated into the autonomous system from regular areas or NSSA via ASBR.
E.    External routes are propagated into the autonomous system from regular areas or NSSA via ABR.

Answer: BD

QUESTION 22
A large enterprise requires sensitive information be transmitted over a public infrastructure. It requires confidentiality, integrity, and authenticity. Which security solution best meets these requirements?

A.    Cisco IOS Firewall
B.    Intrusion Prevention
C.    IPSEC
D.    AAA
E.    Traffic Guard Protector
F.    SECURE CONECTIVITY

Answer: C

QUESTION 23
There are a number of advantages to using virtualization within the data center module. Which the following two are samples of these advantages?

A.    Virtualization consolidates many low-performance devices into a few high-performance devices,
providing a more efficient utilization of hardware and increasing the price/performance ratio.
B.    Virtualization compartmentalizes a single device into a few high-performance devices, providing a
more efficient utilization of hardware and increasing the price/performance ratio.
C.    Dynamic forcibility eliminates the need to add, reassign, or repurpose resources in the system.
D.    Virtualization separates user via different physical networks into groups with visibility into only their
logical network.
E.    Virtualization provides distinct security policies per physical device.

Answer: AB

QUESTION 24
When selecting which hardware switches to use throughout an enterprise campus switched network, which consideration is not relevant?

A.    whether data link layer switching based the MAC address is required
B.    the number of shared media segments
C.    which infrastructure service capabilities are required
D.    whether to support Layer 3 services at the network edge.

Answer: B

QUESTION 25
Layer 2 switching is exclusively used in which Enterprise Campus Module layer?

A.    Server Farm
B.    Campus Core
C.    Building Access
D.    Building Distribution
E.    Internet Connectivity

Answer: C

QUESTION 26
Which one of these statements describes why, from a design perspective, a managed VPN approach for enterprise teleworkers is a most effective?

A.    A managed VPN solution uses a cost effective, on-demand VPN tunnel back to the enterprise
B.    This solution supports all teleworkers who do not require voce or video
C.    This architecture provides centralized management where the enterprise can apply security policies
and push configurations.
D.    It provides complete flexibility for remote access through a wireless hotspot or a guest network at a
host, in addition to a home office.

Answer: C

QUESTION 27
Which one of these statements is true when considering the design of voice and video services for the enterprise campus network?

A.    Access layer switches should support 802.1Q trunking and 802.1p for Layer 2 CoS packet marking
on Layer 2 ports with IP phones connected.
B.    Combining voice and data and a single VLAN simplifies QoS trust boundaries, VLAN access control,
and ease of management.
C.    Data devices will also require access to priority queues via packet tagging.
D.    Fixed network delays (serialization, propagation, and so on) are generally unpredictable and more
difficult to calculate than variable network delays.

Answer: A

QUESTION 28
Which statement describes the recommended deployments of IPv4 addressing in the Cisco Network Architecture for the Enterprise?

A.    private addressing throughout with public addressing in the Internet Connectivity module
B.    private addressing throughout with public addressing in the Internet Connectivity and E- Commerce
modules
C.    private addressing throughout with public addressing in the Internet Connectivity, E-Commerce,
and Remote Access and VPN modules
D.    private addressing throughout with public addressing in the Internet Connectivity, E-Commerce,
and Enterprise Branch modules

Answer: C

QUESTION 29
For which network scenario is static routing most appropriate?

A.    parallel WAN links
B.    IPSec VPN
C.    expanding networks
D.    hierarchical routing

Answer: B

QUESTION 30
When considering the three VoIP design models single site, centralized multisite, and distributed multisite which question below would help to eliminate one of these questions?

A.    Will the switches be required to provide inline power?
B.    Will users need to make off site calls, beyond the enterprise?
C.    Will users require applications such as voice mail and interactive voice response?
D.    Are there users whose only enterprise access is via a QoS-enabled WAN?

Answer: D

If you want to pass the Cisco 640-864 Exam sucessfully, recommend to read latest Cisco 640-864 Dump full version.

clip_image001

Official 2014 Latest Cisco 640-864 Dump Free Download(11-20)!

QUESTION 11
Which one of these statements is true concerning the enterprise data center?

A.    It can be located either at the enterprise campus or at a remote branch.
B.    Remote data center connectivity requirements align with the small office design.
C.    The data center designs will differ substantially depending on whether the location is on campus
or remote.
D.    A remote branch with a data center becomes the enterprise campus.

Answer: C

QUESTION 12
Which Cisco security management solution provides the means to identify, isolate, and counter security threats to the network?

A.    Adaptive Security Device Manager
B.    Intrusion Prevention Device Manager
C.    Security Device Manager
D.    Cisco Security Manager
E.    Cisco Security Monitoring, Analysis, and Response System

Answer: E

QUESTION 13
A global corporation has an internal network with the following characteristics:
– 2,000,000+ hosts
– 10,000 + routers
– Internal connectivity
– high traffic volumes with business partners and customers
Which statement best describes what a flexible IPv6 strategy would look like for this corporation?

A.    Both hosts and routers would run dual stack
B.    Hosts would run IPv4 and routers would run native IPv6
C.    Hosts would run dual stack and routers would run IPv4 only
D.    Hosts would run IPv6 and routers would run native IPv6

Answer: A

QUESTION 14
Which of these is the best routing deployment for a single dedicated link to an ISP for Internet access?

A.    EIGRP
B.    RIP
C.    BGP
D.    Static
E.    OSPF

Answer: D

Read more

Official 2014 Latest Cisco 640-864 Dump Free Download(1-10)!

QUESTION 1
Which consideration is the most important for the network designer when considering IP routing?

A.    convergence
B.    scalability
C.    on-demand routing
D.    redistribution

Answer: A

QUESTION 2
You want to gather as much detail as possible during a network audit, to include data time stamping across a large number of interfaces, customized according to interface, with a minimal impact on the network devices themselves. Which tool would you use to meet these requirements?

A.    RMON
B.    SNMFV3
C.    NetFlow
D.    Cisco Discovery Protocol

Answer: C

QUESTION 3
DataQuirk is a web-based medical transcription company for exotic-animal veterinarians. The company recently added a third ISP for international business. They are organizing the enterprise network into a fully operational Enterprise Edge.
To which two modules will the three ISPs be directly related? (Choose two)

A.    PSTN
B.    E- Commerce
C.    WAN/MAN
D.    Edge Distribution
E.    Internet Connectivity
F.    Remote Access VPN

Answer: BE

QUESTION 4
Which two of these practices are considered to be best practices when designing the access layer for the enterprise campus? (Choose two)

A.    Implement all of the services (QoS, security, STP, and so on) in the access layer, offloading the
work from the distribution and core layers.
B.    Always use a Spanning Tree Protocol; preferred is Rapid PVST+.
C.    Use automatic VLAN pruning to prune unused VLANs from trunked interface to avoid broadcast
propagation.
D.    Avoid wasted processing by disabling STP where loops are not possible.
E.    Use VTP transparent mode to decrease the potential for operational error

Answer: BE

QUESTION 5
With deterministic Wireless LAN Controller redundancy design, the different options available to the designer have their own strengths. Which one of these statements is an example of such a strength?

A.    Dynamic load balancing, or salt-and-pepper access point design, avoids the potential impact of
oversubscription on aggregate network performance.
B.    N+N redundancy configuration allows logically grouping access points on controllers to minimize
intercontroller roaming events.
C.    N+N+1 redundancy configuration has the least impact to system management because all of the
controllers are collocated in an NOC or data center
D.    N+1 redundancy configuration uses Layer 3 intercontroller roaming, maintaining traffic on the same
subnet for more efficiency.

Answer: B

QUESTION 6
Which of these statements is true concerning the data center access layer design?

A.    The access layer in the data center is typically built at Layer 3, which allows for better shaping of
services across multiple servers.
B.    With Layer 2 access, the default gateway for the servers can be configured at the access or aggregation
layer.
C.    A dual-homing NIC requires a VLAN or trunk between the two access switches to support the dual IP
address on the two server links to two separate switches.
D.    The access layer is normally not required, as dual homing is standard from the servers to the
aggregation layer.

Answer: B

QUESTION 7
Which one of these statements should the designer keep in mind when considering the advanced routing features?

A.    one-way router redistribution avoids the requirement for state or default routes.
B.    Redistribution, summarization, and filtering are most often applied between the campus core and
enterprise edge.
C.    Filtering only occurs on the routing domain boundary using redistribution.
D.    Summarize routes at the core toward the distribution layer.
E.    The hierarchical flexibility of IPv6 addressing avoids the requirement for routing traffic reduction
using aggregation.

Answer: E

QUESTION 8
Which two statements about designing the Data Center Access layer are correct? (Choose two)

A.    Multiport NIC servers should each have their own IP address
B.    Layer 3 connectivity should never be used in the access layer
C.    Layer 2 connectivity is primarily implemented in the access layer
D.    Multiport NIC servers should never be used in the access layer
E.    Layer 2 clustering implementation requires servers to be Layer 2 adjacent

Answer: CE

QUESTION 9
Which IPv6 feature enables routing to distribute connection requests to the nearest content server?

A.    Link-local
B.    Site-local
C.    Anycast
D.    Multicast
E.    Global aggregatable

Answer: C

QUESTION 10
Which one of these statements is true about addressing redundancy within the WAN environment?

A.    The reliability and speed of DSL allow for cost savings by not including redundant links.
B.    CAMDM and dark fiber offer advanced redundancy features such as automatic backup and repair
mechanism to cope system faults.
C.    An SLA is one way to eliminate the need for redundancy.
D.    The failure of a single SONET/SDH link or network element does not lead to failure of the entire
network.

Answer: D

If you want to pass the Cisco 640-864 Exam sucessfully, recommend to read latest Cisco 640-864 Dump full version.

clip_image001

Official 2014 Latest Cisco 640-554 Dump Free Download(101-108)!

QUESTION 101
When using a stateful firewall, which information is stored in the stateful session flow table?

A.    the outbound and inbound access rules (ACL entries)
B.    the source and destination IP addresses, port numbers, TCP sequencing information, and additional
flags for each TCP or UDP connection associated with a particular session
C.    all TCP and UDP header information only
D.    all TCP SYN packets and the associated return ACK packets only
E.    the inside private IP address and the translated inside global IP address

Answer: B

QUESTION 102
Which statement is true about configuring access control lists to control Telnet traffic destined to the router itself?

A.    The ACL is applied to the Telnet port with the ip access-group command.
B.    The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting
to an unsecured port.
C.    The ACL applied to the vty lines has no in or out option like ACL being applied to an interface.
D.    The ACL must be applied to each vty line individually.

Answer: B

QUESTION 103
When configuring role-based CLI on a Cisco router, which step is performed first?

A.    Log in to the router as the root user.
B.    Create a parser view called “root view.”
C.    Enable role-based CLI globally on the router using the privileged EXEC mode Cisco IOS command.
D.    Enable the root view on the router.
E.    Enable AAA authentication and authorization using the local database.
F.    Create a root local user in the local database.

Answer: D

QUESTION 104
Which characteristic is a potential security weakness of a traditional stateful firewall?

A.    It cannot support UDP flows.
B.    It cannot detect application-layer attacks.
C.    It cannot ensure each TCP connection follows a legitimate TCP three-way handshake.
D.    It works only in promiscuous mode.
E.    The status of TCP sessions is retained in the state table after the sessions terminate.
F.    It has low performance due to the use of syn-cookies.

Answer: B

QUESTION 105
What will be disabled as a result of the no service password-recovery command?

A.    changes to the config-register setting
B.    ROMMON
C.    password encryption service
D.    aaa new-model global configuration command
E.    the xmodem privilege EXEC mode command to recover the Cisco IOS image

Answer: B

QUESTION 106
What does the MD5 algorithm do?

A.    takes a message less than 2^64 bits as input and produces a 160-bit message digest
B.    takes a variable-length message and produces a 168-bit message digest
C.    takes a variable-length message and produces a 128-bit message digest
D.    takes a fixed-length message and produces a 128-bit message digest

Answer: C

QUESTION 107
You have configured a standard access control list on a router and applied it to interface Serial 0 in an outbound direction. No ACL is applied to Interface Serial 1 on the same router. What happens when traffic being filtered by the access list does not match the configured ACL statements for Serial 0?

A.    The resulting action is determined by the destination IP address.
B.    The resulting action is determined by the destination IP address and port number.
C.    The source IP address is checked, and, if a match is not found, traffic is routed out interface Serial 1.
D.    The traffic is dropped.

Answer: D

QUESTION 108
Which two functions are required for IPsec operation? (Choose two.)

A.    using SHA for encryption
B.    using PKI for pre-shared-key authentication
C.    using IKE to negotiate the SA
D.    using AH protocols for encryption and authentication
E.    using Diffie-Hellman to establish a shared-secret key

Answer: CE

If you want to pass the Cisco 640-554 Exam sucessfully, recommend to read latest Cisco 640-554 Dump full version.

clip_image001

Official 2014 Latest Cisco 640-554 Dump Free Download(91-100)!

QUESTION 91
Which Layer 2 protocol provides loop resolution by managing the physical paths to given network segments?

A.    root guard
B.    port fast
C.    HSRP
D.    STP

Answer: D

QUESTION 92
Which statement is true when you have generated RSA keys on your Cisco router to prepare for secure device management?

A.    You must then zeroize the keys to reset secure shell before configuring other parameters.
B.    The SSH protocol is automatically enabled.
C.    You must then specify the general-purpose key size used for authentication with the crypto key generate
rsa general-keys modulus command.
D.    All vty ports are automatically enabled for SSH to provide secure management.

Answer: B

QUESTION 93
What is the key difference between host-based and network-based intrusion prevention?

A.    Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows.
B.    Network-based IPS provides better protection against OS kernel-level attacks against hosts and servers.
C.    Network-based IPS can provide protection to desktops and servers without the need of installing
specialized software on the end hosts and servers.
D.    Host-based IPS can work in promiscuous mode or inline mode.
E.    Host-based IPS is more scalable then network-based IPS.
F.    Host-based IPS deployment requires less planning than network-based IPS.

Answer: C

QUESTION 94
Refer to the exhibit. You are a network manager for your organization. You are looking at your Syslog server reports. Based on the Syslog message shown, which two statements are true? (Choose two.)
A.    Service timestamps have been globally enabled.
B.    This is a normal system-generated information message and does not require further investigation.
C.    This message is unimportant and can be ignored.
D.    This message is a level 5 notification message.

Answer: AD

QUESTION 95
Which four methods are used by hackers? (Choose four.)

A.    footprint analysis attack
B.    privilege escalation attack
C.    buffer Unicode attack
D.    front door attacks
E.    social engineering attack
F.    Trojan horse attack

Answer: ABEF

QUESTION 96
Which statement about Cisco IOS IPS on Cisco IOS Release 12.4(11)T and later is true?

A.    uses Cisco IPS 5.x signature format
B.    requires the Basic or Advanced Signature Definition File
C.    supports both inline and promiscuous mode
D.    requires IEV for monitoring Cisco IPS alerts
E.    uses the built-in signatures that come with the Cisco IOS image as backup
F.    supports SDEE, SYSLOG, and SNMP for sending Cisco IPS alerts

Answer: A

QUESTION 97
Which characteristic is the foundation of Cisco Self-Defending Network technology?

A.    secure connectivity
B.    threat control and containment
C.    policy management
D.    secure network platform

Answer: D

QUESTION 98
Which kind of table do most firewalls use today to keep track of the connections through the firewall?

A.    dynamic ACL
B.    reflexive ACL
C.    netflow
D.    queuing
E.    state
F.    express forwarding

Answer: E

QUESTION 99
Which Cisco IOS command is used to verify that either the Cisco IOS image, the configuration files, or both have been properly backed up and secured?

A.    show archive
B.    show secure bootset
C.    show flash
D.    show file systems
E.    dir
F.    dir archive

Answer: B

QUESTION 100
What does the secure boot-config global configuration accomplish?

A.    enables Cisco IOS image resilience
B.    backs up the Cisco IOS image from flash to a TFTP server
C.    takes a snapshot of the router running configuration and securely archives it in persistent storage
D.    backs up the router running configuration to a TFTP server
E.    stores a secured copy of the Cisco IOS image in its persistent storage

Answer: C

If you want to pass the Cisco 640-554 Exam sucessfully, recommend to read latest Cisco 640-554 Dump full version.

clip_image001

Official 2014 Latest Cisco 640-554 Dump Free Download(81-90)!

QUESTION 81
A Cisco ASA appliance has three interfaces configured. The first interface is the inside interface with a security level of 100. The second interface is the DMZ interface with a security level of 50. The third interface is the outside interface with a security level of 0.
By default, without any access list configured, which five types of traffic are permitted? (Choose five.)

A.    outbound traffic initiated from the inside to the DMZ
B.    outbound traffic initiated from the DMZ to the outside
C.    outbound traffic initiated from the inside to the outside
D.    inbound traffic initiated from the outside to the DMZ
E.    inbound traffic initiated from the outside to the inside
F.    inbound traffic initiated from the DMZ to the inside
G.    HTTP return traffic originating from the inside network and returning via the outside interface
H.    HTTP return traffic originating from the inside network and returning via the DMZ interface
I.    HTTP return traffic originating from the DMZ network and returning via the inside interface
J.    HTTP return traffic originating from the outside network and returning via the inside interface

Answer: ABCGH

QUESTION 82
Which two protocols enable Cisco Configuration Professional to pull IPS alerts from a Cisco ISR router? (Choose two.)

A.    syslog
B.    SDEE
C.    FTP
D.    TFTP
E.    SSH
F.    HTTPS

Answer: BF

QUESTION 83
Which two functions are required for IPsec operation? (Choose two.)

A.    using SHA for encryption
B.    using PKI for pre-shared key authentication
C.    using IKE to negotiate the SA
D.    using AH protocols for encryption and authentication
E.    using Diffie-Hellman to establish a shared-secret key

Answer: CE

QUESTION 84
Which statement about disabled signatures when using Cisco IOS IPS is true?

A.    They do not take any actions, but do produce alerts.
B.    They are not scanned or processed.
C.    They still consume router resources.
D.    They are considered to be “retired” signatures.

Answer: C

QUESTION 85
Which type of intrusion prevention technology is the primary type used by the Cisco IPS security appliances?

A.    profile-based
B.    rule-based
C.    protocol analysis-based
D.    signature-based
E.    NetFlow anomaly-based

Answer: D

QUESTION 86
Which two services are provided by IPsec? (Choose two.)

A.    Confidentiality
B.    Encapsulating Security Payload
C.    Data Integrity
D.    Authentication Header
E.    Internet Key Exchange

Answer: AC

QUESTION 87
Which type of Cisco IOS access control list is identified by 100 to 199 and 2000 to 2699?

A.    standard
B.    extended
C.    named
D.    IPv4 for 100 to 199 and IPv6 for 2000 to 2699

Answer: B

QUESTION 88
Which priority is most important when you plan out access control lists?

A.    Build ACLs based upon your security policy.
B.    Always put the ACL closest to the source of origination.
C.    Place deny statements near the top of the ACL to prevent unwanted traffic from passing through the router.
D.    Always test ACLs in a small, controlled production environment before you roll it out into the larger
production network.

Answer: A

QUESTION 89
Which step is important to take when implementing secure network management?

A.    Implement in-band management whenever possible.
B.    Implement telnet for encrypted device management access.
C.    Implement SNMP with read/write access for troubleshooting purposes.
D.    Synchronize clocks on hosts and devices.
E.    Implement management plane protection using routing protocol authentication.

Answer: D

QUESTION 90
Which statement best represents the characteristics of a VLAN?

A.    Ports in a VLAN will not share broadcasts amongst physically separate switches.
B.    A VLAN can only connect across a LAN within the same building.
C.    A VLAN is a logical broadcast domain that can span multiple physical LAN segments.
D.    A VLAN provides individual port security.

Answer: C

If you want to pass the Cisco 640-554 Exam sucessfully, recommend to read latest Cisco 640-554 Dump full version.

clip_image001

Official 2014 Latest Cisco 640-554 Dump Free Download(71-80)!

QUESTION 71
You are the security administrator for a large enterprise network with many remote locations. You have been given the assignment to deploy a Cisco IPS solution.
Where in the network would be the best place to deploy Cisco IOS IPS?

A.    inside the firewall of the corporate headquarters Internet connection
B.    at the entry point into the data center
C.    outside the firewall of the corporate headquarters Internet connection
D.    at remote branch offices

Answer: D

QUESTION 72
Which IPS technique commonly is used to improve accuracy and context awareness, aiming to detect and respond to relevant incidents only and therefore, reduce noise?

A.    attack relevancy
B.    target asset value
C.    signature accuracy
D.    risk rating

Answer: D

QUESTION 73
Which two statements about SSL-based VPNs are true? (Choose two.)

A.    Asymmetric algorithms are used for authentication and key exchange.
B.    SSL VPNs and IPsec VPNs cannot be configured concurrently on the same router.
C.    The application programming interface can be used to modify extensively the SSL client software for
use in special applications.
D.    The authentication process uses hashing technologies.
E.    Both client and clientless SSL VPNs require special-purpose client software to be installed on the
client machine.

Answer: AD

QUESTION 74
Which option describes the purpose of Diffie-Hellman?

A.    used between the initiator and the responder to establish a basic security policy
B.    used to verify the identity of the peer
C.    used for asymmetric public key encryption
D.    used to establish a symmetric shared key via a public key exchange process

Answer: D

QUESTION 75
Which three statements about the IPsec ESP modes of operation are true? (Choose three.)

A.    Tunnel mode is used between a host and a security gateway.
B.    Tunnel mode is used between two security gateways.
C.    Tunnel mode only encrypts and authenticates the data.
D.    Transport mode authenticates the IP header.
E.    Transport mode leaves the original IP header in the clear.

Answer: ABE

QUESTION 76
When configuring SSL VPN on the Cisco ASA appliance, which configuration step is required only for Cisco AnyConnect full tunnel SSL VPN access and not required for clientless SSL VPN?

A.    user authentication
B.    group policy
C.    IP address pool
D.    SSL VPN interface
E.    connection profile

Answer: C

QUESTION 77
For what purpose is the Cisco ASA appliance web launch SSL VPN feature used?

A.    to enable split tunneling when using clientless SSL VPN access
B.    to enable users to login to a web portal to download and launch the AnyConnect client
C.    to enable smart tunnel access for applications that are not web-based
D.    to optimize the SSL VPN connections using DTLS
E.    to enable single-sign-on so the SSL VPN users need only log in once

Answer: B

QUESTION 78
Which statement describes how VPN traffic is encrypted to provide confidentiality when using asymmetric encryption?

A.    The sender encrypts the data using the sender’s private key, and the receiver decrypts the data using
the sender’s public key.
B.    The sender encrypts the data using the sender’s public key, and the receiver decrypts the data using
the sender’s private key.
C.    The sender encrypts the data using the sender’s public key, and the receiver decrypts the data using
the receiver’s public key.
D.    The sender encrypts the data using the receiver’s private key, and the receiver decrypts the data using
the receiver’s public key.
E.    The sender encrypts the data using the receiver’s public key, and the receiver decrypts the data using
the receiver’s private key.
F.    The sender encrypts the data using the receiver’s private key, and the receiver decrypts the data using
the sender’s public key.

Answer: E

QUESTION 79
Which four types of VPN are supported using Cisco ISRs and Cisco ASA appliances? (Choose four.)

A.    SSL clientless remote-access VPNs
B.    SSL full-tunnel client remote-access VPNs
C.    SSL site-to-site VPNs
D.    IPsec site-to-site VPNs
E.    IPsec client remote-access VPNs
F.    IPsec clientless remote-access VPNs

Answer: ABDE

QUESTION 80
Which option is the resulting action in a zone-based policy firewall configuration with these conditions?
Source: Zone 1
Destination: Zone 2
Zone pair exists?: Yes
Policy exists?: No

A.    no impact to zoning or policy
B.    no policy lookup (pass)
C.    drop
D.    apply default policy

Answer: C

If you want to pass the Cisco 640-554 Exam sucessfully, recommend to read latest Cisco 640-554 Dump full version.

clip_image001

1 563 564 565 566 567 569