Cisco 640-554 Study Guide Book, Most Popular Cisco 640-554 Prep Guide Are The Best Materials

100% Pass Guarantee You can download free Cisco 640-554 exam dumps with all new added questions and answers from Flydumps.com.With our Cisco 640-554 exam questions and answers in hand,a lot candidates pass the Cisco 640-554 exam at their first time. We make our promise that Flydumps is your best choice.

QUESTION 46
For what purpose is the Cisco ASA appliance web launch SSL VPN feature used?
A. to enable split tunneling when using clientless SSL VPN access
B. to enable users to login to a web portal to download and launch the AnyConnect client
C. to enable smart tunnel access for applications that are not web-based
D. to optimize the SSL VPN connections using DTLS
E. to enable single-sign-on so the SSL VPN users need only log in once

Correct Answer: B
QUESTION 47
Which statement describes how VPN traffic is encrypted to provide confidentiality when using asymmetric encryption?
A. The sender encrypts the data using the sender’s private key, and the receiver decrypts the data using the sender’s public key.
B. The sender encrypts the data using the sender’s public key, and the receiver decrypts the data using the sender’s private key.
C. The sender encrypts the data using the sender’s public key, and the receiver decrypts the data using the receiver’s public key.
D. The sender encrypts the data using the receiver’s private key, and the receiver decrypts the data using the receiver’s public key.
E. The sender encrypts the data using the receiver’s public key, and the receiver decrypts the data using the receiver’s private key.
F.     The sender encrypts the data using the receiver’s private key, and the receiver decrypts the data using the sender’s public key.

Correct Answer: E
QUESTION 48
Which four types of VPN are supported using Cisco ISRs and Cisco ASA appliances? (Choose four.)
A. SSL clientless remote-access VPNs
B. SSL full-tunnel client remote-access VPNs
C. SSL site-to-site VPNs
D. IPsec site-to-site VPNs
E. IPsec client remote-access VPNs
F. IPsec clientless remote-access VPNs

Correct Answer: ABDE
QUESTION 49
Which description of the Diffie-Hellman protocol is true?
A. It uses symmetrical encryption to provide data confidentiality over an unsecured communications channel.
B. It uses asymmetrical encryption to provide authentication over an unsecured communications channel.
C. It is used within the IKE Phase 1 exchange to provide peer authentication.
D. It provides a way for two peers to establish a shared-secret key, which only they will know, even though they are communicating over an unsecured channel.
E. It is a data integrity algorithm that is used within the IKE exchanges to guarantee the integrity of the message of the IKE exchanges.

Correct Answer: D
QUESTION 50
Which IPsec transform set provides the strongest protection?
A. crypto ipsec transform-set 1 esp-3des esp-sha-hmac
B. crypto ipsec transform-set 2 esp-3des esp-md5-hmac
C. crypto ipsec transform-set 3 esp-aes 256 esp-sha-hmac
D. crypto ipsec transform-set 4 esp-aes esp-md5-hmac
E. crypto ipsec transform-set 5 esp-des esp-sha-hmac
F. crypto ipsec transform-set 6 esp-des esp-md5-hmac

Correct Answer: C
QUESTION 51
Which two options are characteristics of the Cisco Configuration Professional Security Audit wizard? (Choose two.)
A. displays a screen with fix-it check boxes to let you choose which potential security-related configuration changes to implement
B. has two modes of operation: interactive and non-interactive
C. automatically enables Cisco IOS firewall and Cisco IOS IPS to secure the router
D. uses interactive dialogs and prompts to implement role-based CLI
E. requires users to first identify which router interfaces connect to the inside network and which connect to the outside network

Correct Answer: AE
QUESTION 52
Which statement describes a result of securing the Cisco IOS image using the Cisco IOS image resilience feature?
A. The show version command does not show the Cisco IOS image file location.
B. The Cisco IOS image file is not visible in the output from the show flash command.
C. When the router boots up, the Cisco IOS image is loaded from a secured FTP location.
D. The running Cisco IOS image is encrypted and then automatically backed up to the NVRAM.
E. The running Cisco IOS image is encrypted and then automatically backed up to a TFTP server.

Correct Answer: B
QUESTION 53
Which aaa accounting command is used to enable logging of the start and stop records for user terminal sessions on the router?
A. aaa accounting network start-stop tacacs+
B. aaa accounting system start-stop tacacs+
C. aaa accounting exec start-stop tacacs+
D. aaa accounting connection start-stop tacacs+
E. aaa accounting commands 15 start-stop tacacs+

Correct Answer: C
QUESTION 54
Which access list permits HTTP traffic sourced from host 10.1.129.100 port 3030 destined to host 192.168.1.10?
A. access-list 101 permit tcp any eq 3030
B. access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 3030 192.168.1.0 0.0.0.15 eq www
C. access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.1.10 0.0.0.0 eq www
D. access-list 101 permit tcp host 192.168.1.10 eq 80 10.1.0.0 0.0.255.255 eq 3030
E. access-list 101 permit tcp 192.168.1.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255
F. access-list 101 permit ip host 10.1.129.100 eq 3030 host 192.168.1.100 eq 80

Correct Answer: B
QUESTION 55
Which location is recommended for extended or extended named ACLs?
A. an intermediate location to filter as much traffic as possible
B. a location as close to the destination traffic as possible
C. when using the established keyword, a location close to the destination point to ensure that return traffic is allowed
D. a location as close to the source traffic as possible
Correct Answer: D
QUESTION 56
Which statement about asymmetric encryption algorithms is true?
A. They use the same key for encryption and decryption of data.
B. They use the same key for decryption but different keys for encryption of data.
C. They use different keys for encryption and decryption of data.
D. They use different keys for decryption but the same key for encryption of data.
Correct Answer: C
QUESTION 57
Which option can be used to authenticate the IPsec peers during IKE Phase 1?
A. Diffie-Hellman Nonce
B. pre-shared key
C. XAUTH
D. integrity check value
E. ACS
F. AH

Correct Answer: B
QUESTION 58
Which single Cisco IOS ACL entry permits IP addresses from 172.16.80.0 to 172.16.87.255?
A. permit 172.16.80.0 0.0.3.255
B. permit 172.16.80.0 0.0.7.255
C. permit 172.16.80.0 0.0.248.255
D. permit 176.16.80.0 255.255.252.0
E. permit 172.16.80.0 255.255.248.0
F. permit 172.16.80.0 255.255.240.0

Correct Answer: B
QUESTION 59
You want to use the Cisco Configuration Professional site-to-site VPN wizard to implement a site- to-site IPsec VPN using pre-shared key.
Which four configurations are required (with no defaults)? (Choose four.)
A. the interface for the VPN connection
B. the VPN peer IP address
C. the IPsec transform-set
D. the IKE policy
E. the interesting traffic (the traffic to be protected)
F. the pre-shared key
Correct Answer: ABEF
QUESTION 60
Which two options represent a threat to the physical installation of an enterprise network? (Choose two.)
A. surveillance camera
B. security guards
C. electrical power
D. computer room access
E. change control
Correct Answer: CD
QUESTION 61
Which option represents a step that should be taken when a security policy is developed?
A. Perform penetration testing.
B. Determine device risk scores.
C. Implement a security monitoring system.
D. Perform quantitative risk analysis.
Correct Answer: D QUESTION 62
Which type of network masking is used when Cisco IOS access control lists are configured?
A. extended subnet masking
B. standard subnet masking
C. priority masking
D. wildcard masking

Correct Answer: D
QUESTION 63
How are Cisco IOS access control lists processed?
A. Standard ACLs are processed first.
B. The best match ACL is matched first.
C. Permit ACL entries are matched first before the deny ACL entries.
D. ACLs are matched from top down.
E. The global ACL is matched first before the interface ACL.

Correct Answer: D
QUESTION 64
Which type of management reporting is defined by separating management traffic from production traffic?
A. IPsec encrypted
B. in-band
C. out-of-band
D. SSH

Correct Answer: C
QUESTION 65
Which syslog level is associated with LOG_WARNING?
A. 1
B. 2
C. 3
D. 4
E. 5
F. 6
Correct Answer: D

Flydumps is ready to provide Cisco 640-554 candidates with Cisco 640-554 training materials which can be very much helpful for getting Cisco 640-554 certification, which means that candidates.Cisco 640-554 can easily get access to the services of Cisco 640-554 for practice exam, which will assure them 100% Cisco 640-554 success rate.Though Cisco 640-554 tests are not easy at all,but they do not make Cisco 640-554 things complicated.