New Updated Cisco CCNA Security 640-554 Real Exam Download 11-20



Which two characteristics of the TACACS+ protocol are true? (Choose two.)


A.      uses UDP ports 1645 or 1812

B.      separates AAA functions

C.      encrypts the body of every packet

D.      offers extensive accounting capabilities

E.       is an open RFC standard protocol


Correct Answer: BC




Refer to the exhibit. Which statement about this output is true?




A.      The user logged into the router with the incorrect username and password.

B.      The login failed because there was no default enable password.

C.      The login failed because the password entered was incorrect.

D.      The user logged in and was given privilege level 15.


Correct Answer: C




Refer to the exhibit. Which traffic is permitted by this ACL?




A.      TCP traffic sourced from any host in the subnet on any port to host port 80 or 443

B.      TCP traffic sourced from host on port 80 or 443 to host on any port

C.      any TCP traffic sourced from host destined to host

D.      any TCP traffic sourced from host to host


Correct Answer: C




Refer to the exhibit. Which statement about this partial CLI configuration of an access control list

is true?




A.      The access list accepts all traffic on the subnets.

B.      All traffic from the subnets is denied.

C.      Only traffic from is allowed.

D.      This configuration is invalid. It should be configured as an extended ACL to permit the

associated wildcard mask.

E.       From the subnet, only traffic sourced from is allowed; traffic sourced

from the other subnets also is allowed.

F.       The access list permits traffic destined to the host on FastEthernet0/0 from any



Correct Answer: E




Which type of Cisco ASA access list entry can be configured to match multiple entries in a single



A.      nested object-class

B.      class-map

C.      extended wildcard matching

D.      object groups


Correct Answer: D




Which statement about an access control list that is applied to a router interface is true?


A.      It only filters traffic that passes through the router.

B.      It filters pass-through and router-generated traffic.

C.      An empty ACL blocks all traffic.

D.      It filters traffic in the inbound and outbound directions.


Correct Answer: A




You have been tasked by your manager to implement syslog in your network. Which option is an

important factor to consider in your implementation?


A.      Use SSH to access your syslog information.

B.      Enable the highest level of syslog function available to ensure that all possible event

messages are logged.

C.      Log all messages to the system buffer so that they can be displayed when accessing the


D.      Synchronize clocks on the network with a protocol such as Network Time Protocol.


Correct Answer: D




Which protocol secures router management session traffic?


A.      SSTP

B.      POP

C.      Telnet

D.      SSH


Correct Answer: D




Which two considerations about secure network management are important? (Choose two.)


A.      log tampering

B.      encryption algorithm strength

C.      accurate time stamping

D.      off-site storage

E.       Use RADIUS for router commands authorization.

F.       Do not use a loopback interface for device management access.


Correct Answer: AC




Which command enables Cisco IOS image resilience?


A.      secure boot-<IOS image filename>

B.      secure boot-running-config

C.      secure boot-start

D.      secure boot-image


Correct Answer: D


Download Latest Complete collection of CCNA Security 640-554 Real Exam ,help you to pass exam 100%.

Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCNA Security Exams Questions and Answers



You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by