When using a stateful firewall, which information is stored in the stateful session flow table?
A. the outbound and inbound access rules (ACL entries)
B. the source and destination IP addresses, port numbers, TCP sequencing information, and additional
flags for each TCP or UDP connection associated with a particular session
C. all TCP and UDP header information only
D. all TCP SYN packets and the associated return ACK packets only
E. the inside private IP address and the translated inside global IP address
Which statement is true about configuring access control lists to control Telnet traffic destined to the router itself?
A. The ACL is applied to the Telnet port with the ip access-group command.
B. The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting
to an unsecured port.
C. The ACL applied to the vty lines has no in or out option like ACL being applied to an interface.
D. The ACL must be applied to each vty line individually.
When configuring role-based CLI on a Cisco router, which step is performed first?
A. Log in to the router as the root user.
B. Create a parser view called “root view.”
C. Enable role-based CLI globally on the router using the privileged EXEC mode Cisco IOS command.
D. Enable the root view on the router.
E. Enable AAA authentication and authorization using the local database.
F. Create a root local user in the local database.
Which characteristic is a potential security weakness of a traditional stateful firewall?
A. It cannot support UDP flows.
B. It cannot detect application-layer attacks.
C. It cannot ensure each TCP connection follows a legitimate TCP three-way handshake.
D. It works only in promiscuous mode.
E. The status of TCP sessions is retained in the state table after the sessions terminate.
F. It has low performance due to the use of syn-cookies.
What will be disabled as a result of the no service password-recovery command?
A. changes to the config-register setting
C. password encryption service
D. aaa new-model global configuration command
E. the xmodem privilege EXEC mode command to recover the Cisco IOS image
What does the MD5 algorithm do?
A. takes a message less than 2^64 bits as input and produces a 160-bit message digest
B. takes a variable-length message and produces a 168-bit message digest
C. takes a variable-length message and produces a 128-bit message digest
D. takes a fixed-length message and produces a 128-bit message digest
You have configured a standard access control list on a router and applied it to interface Serial 0 in an outbound direction. No ACL is applied to Interface Serial 1 on the same router. What happens when traffic being filtered by the access list does not match the configured ACL statements for Serial 0?
A. The resulting action is determined by the destination IP address.
B. The resulting action is determined by the destination IP address and port number.
C. The source IP address is checked, and, if a match is not found, traffic is routed out interface Serial 1.
D. The traffic is dropped.
Which two functions are required for IPsec operation? (Choose two.)
A. using SHA for encryption
B. using PKI for pre-shared-key authentication
C. using IKE to negotiate the SA
D. using AH protocols for encryption and authentication
E. using Diffie-Hellman to establish a shared-secret key
If you want to pass the Cisco 640-554 Exam sucessfully, recommend to read latest Cisco 640-554 Dump full version.