Official 2014 Latest Cisco 640-554 Dump Free Download(41-50)!
QUESTION 41
Refer to the exhibit.
*** Exhibit is Missing ***
This Cisco IOS access list has been configured on the FA0/0 interface in the inbound direction.
Which four TCP packets sourced from 10.1.1.1 port 1030 and routed to the FA0/0 interface are permitted? (Choose four.)
A. destination ip address: 192.168.15.37 destination port: 22
B. destination ip address: 192.168.15.80 destination port: 23
C. destination ip address: 192.168.15.66 destination port: 8080
D. destination ip address: 192.168.15.36 destination port: 80
E. destination ip address: 192.168.15.63 destination port: 80
F. destination ip address: 192.168.15.40 destination port: 21
Answer: BCDE
QUESTION 42
You use Cisco Configuration Professional to enable Cisco IOS IPS. Which state must a signature be in before any actions can be taken when an attack matches that signature?
A. enabled
B. unretired
C. successfully complied
D. successfully complied and unretired
E. successfully complied and enabled
F. unretired and enabled
G. enabled, unretired, and successfully complied
Answer: G
QUESTION 43
Which statement describes how the sender of the message is verified when asymmetric encryption is used?
A. The sender encrypts the message using the sender’s public key, and the receiver decrypts the message
using the sender’s private key.
B. The sender encrypts the message using the sender’s private key, and the receiver decrypts the message
using the sender’s public key.
C. The sender encrypts the message using the receiver’s public key, and the receiver decrypts the message
using the receiver’s private key.
D. The sender encrypts the message using the receiver’s private key, and the receiver decrypts the message
using the receiver’s public key.
E. The sender encrypts the message using the receiver’s public key, and the receiver decrypts the message
using the sender’s public key.
Answer: B
QUESTION 44
Refer to the exhibit.
***Exhibit is Missing***
Which three statements about these three show outputs are true? (Choose three.)
A. Traffic matched by ACL 110 is encrypted.
B. The IPsec transform set uses SHA for data confidentiality.
C. The crypto map shown is for an IPsec site-to-site VPN tunnel.
D. The default ISAKMP policy uses a digital certificate to authenticate the IPsec peer.
E. The IPsec transform set specifies the use of GRE over IPsec tunnel mode.
F. The default ISAKMP policy has higher priority than the other two ISAKMP policies with a priority of 1 and 2
Answer: ACD
QUESTION 45
Which type of security control is defense in depth?
A. threat mitigation
B. risk analysis
C. botnet mitigation
D. overt and covert channels
Answer: A
QUESTION 46
Which two options are two of the built-in features of IPv6? (Choose two.)
A. VLSM
B. native IPsec
C. controlled broadcasts
D. mobile IP
E. NAT
Answer: BD
QUESTION 47
Which option is a characteristic of the RADIUS protocol?
A. uses TCP
B. offers multiprotocol support
C. combines authentication and authorization in one process
D. supports bi-directional challenge
Answer: C
QUESTION 48
Refer to the exhibit.
***Exhibit is Missing***
Which statement about this debug output is true?
A. The requesting authentication request came from username GETUSER.
B. The TACACS+ authentication request came from a valid user.
C. The TACACS+ authentication request passed, but for some reason the user’s connection was closed
immediately.
D. The initiating connection request was being spoofed by a different source address.
Answer: B
QUESTION 49
When STP mitigation features are configured, where should the root guard feature be deployed?
A. toward ports that connect to switches that should not be the root bridge
B. on all switch ports
C. toward user-facing ports
D. Root guard should be configured globally on the switch.
Answer: A
QUESTION 50
Which option is a characteristic of a stateful firewall?
A. can analyze traffic at the application layer
B. allows modification of security rule sets in real time to allow return traffic
C. will allow outbound communication, but return traffic must be explicitly permitted
D. supports user authentication
Answer: B
If you want to pass the Cisco 640-554 Exam sucessfully, recommend to read latest Cisco 640-554 Dump full version.