Official 2014 Latest Cisco 640-554 Dump Free Download(71-80)!

QUESTION 71
You are the security administrator for a large enterprise network with many remote locations. You have been given the assignment to deploy a Cisco IPS solution.
Where in the network would be the best place to deploy Cisco IOS IPS?

A.    inside the firewall of the corporate headquarters Internet connection
B.    at the entry point into the data center
C.    outside the firewall of the corporate headquarters Internet connection
D.    at remote branch offices

Answer: D

QUESTION 72
Which IPS technique commonly is used to improve accuracy and context awareness, aiming to detect and respond to relevant incidents only and therefore, reduce noise?

A.    attack relevancy
B.    target asset value
C.    signature accuracy
D.    risk rating

Answer: D

QUESTION 73
Which two statements about SSL-based VPNs are true? (Choose two.)

A.    Asymmetric algorithms are used for authentication and key exchange.
B.    SSL VPNs and IPsec VPNs cannot be configured concurrently on the same router.
C.    The application programming interface can be used to modify extensively the SSL client software for
use in special applications.
D.    The authentication process uses hashing technologies.
E.    Both client and clientless SSL VPNs require special-purpose client software to be installed on the
client machine.

Answer: AD

QUESTION 74
Which option describes the purpose of Diffie-Hellman?

A.    used between the initiator and the responder to establish a basic security policy
B.    used to verify the identity of the peer
C.    used for asymmetric public key encryption
D.    used to establish a symmetric shared key via a public key exchange process

Answer: D

QUESTION 75
Which three statements about the IPsec ESP modes of operation are true? (Choose three.)

A.    Tunnel mode is used between a host and a security gateway.
B.    Tunnel mode is used between two security gateways.
C.    Tunnel mode only encrypts and authenticates the data.
D.    Transport mode authenticates the IP header.
E.    Transport mode leaves the original IP header in the clear.

Answer: ABE

QUESTION 76
When configuring SSL VPN on the Cisco ASA appliance, which configuration step is required only for Cisco AnyConnect full tunnel SSL VPN access and not required for clientless SSL VPN?

A.    user authentication
B.    group policy
C.    IP address pool
D.    SSL VPN interface
E.    connection profile

Answer: C

QUESTION 77
For what purpose is the Cisco ASA appliance web launch SSL VPN feature used?

A.    to enable split tunneling when using clientless SSL VPN access
B.    to enable users to login to a web portal to download and launch the AnyConnect client
C.    to enable smart tunnel access for applications that are not web-based
D.    to optimize the SSL VPN connections using DTLS
E.    to enable single-sign-on so the SSL VPN users need only log in once

Answer: B

QUESTION 78
Which statement describes how VPN traffic is encrypted to provide confidentiality when using asymmetric encryption?

A.    The sender encrypts the data using the sender’s private key, and the receiver decrypts the data using
the sender’s public key.
B.    The sender encrypts the data using the sender’s public key, and the receiver decrypts the data using
the sender’s private key.
C.    The sender encrypts the data using the sender’s public key, and the receiver decrypts the data using
the receiver’s public key.
D.    The sender encrypts the data using the receiver’s private key, and the receiver decrypts the data using
the receiver’s public key.
E.    The sender encrypts the data using the receiver’s public key, and the receiver decrypts the data using
the receiver’s private key.
F.    The sender encrypts the data using the receiver’s private key, and the receiver decrypts the data using
the sender’s public key.

Answer: E

QUESTION 79
Which four types of VPN are supported using Cisco ISRs and Cisco ASA appliances? (Choose four.)

A.    SSL clientless remote-access VPNs
B.    SSL full-tunnel client remote-access VPNs
C.    SSL site-to-site VPNs
D.    IPsec site-to-site VPNs
E.    IPsec client remote-access VPNs
F.    IPsec clientless remote-access VPNs

Answer: ABDE

QUESTION 80
Which option is the resulting action in a zone-based policy firewall configuration with these conditions?
Source: Zone 1
Destination: Zone 2
Zone pair exists?: Yes
Policy exists?: No

A.    no impact to zoning or policy
B.    no policy lookup (pass)
C.    drop
D.    apply default policy

Answer: C

If you want to pass the Cisco 640-554 Exam sucessfully, recommend to read latest Cisco 640-554 Dump full version.

clip_image001