New Updated Cisco CCNA Security 640-554 Real Exam Download 131-140



Refer to the exhibit. Which statement is correct based on the show login command output





A.      When the router goes into quiet mode, any host is permitted to access the router via Telnet,

SSH, and HTTP, since the quiet-mode access list has not been configured.

B.      The login block-for command is configured to block login hosts for 93 seconds.

C.      All logins from any sources are blocked for another 193 seconds.

D.      Three or more login requests have failed within the last 100 seconds.


Correct Answer: D




Which two statements about configuring the Cisco ACS server to perform router command

authorization are true? (Choose two.)


A.      When adding the router as an AAA client on the Cisco ACS server, choose the TACACS+ (Cisco

IOS) protocol.

B.      Configure the Cisco ACS server to forward authentication of users to an external user

databases, like Windows Database.

C.      In the ACS User Group setup screen, use the Shell Command Authorization Set options to

configure which commands and command arguments to permit or deny.

D.      From the ACS Interface Configuration screen, select RADIUS (Cisco IOS/PIX 6.0), and then

enable the Shell (exec) option on the RADIUS Services screen.


Correct Answer: AC




Which four methods are used by hackers? (Choose four.)


A.      footprint analysis attack

B.      privilege escalation attack

C.      buffer Unicode attack

D.      front door attacks

E.       social engineering attack

F.       Trojan horse attack


Correct Answer: ABEF




Which characteristic is the foundation of Cisco Self-Defending Network technology?


A.      secure connectivity

B.      threat control and containment

C.      policy management

D.      secure network platform


Correct Answer: D




Which kind of table do most firewalls use today to keep track of the connections through the



A.      dynamic ACL

B.      reflexive ACL

C.      netflow

D.      queuing

E.       state

F.       express forwarding


Correct Answer: E




Which Cisco IOS command is used to verify that either the Cisco IOS image, the configuration files, or both have been properly backed up and secured?


A.      show archive

B.      show secure bootset

C.      show flash

D.      show file systems

E.       dir

F.       dir archive


Correct Answer: B




What does the secure boot-config global configuration accomplish?


A.      enables Cisco IOS image resilience

B.      backs up the Cisco IOS image from flash to a TFTP server

C.      takes a snapshot of the router running configuration and securely archives it in persistent


D.      backs up the router running configuration to a TFTP server

E.       stores a secured copy of the Cisco IOS image in its persistent storage


Correct Answer: C




Which statement about Cisco IOS Zone-Based Policy Firewall is true?


A.      A router interface can belong to multiple zones.

B.      The pass action works in only one direction.

C.      Router management interfaces must be manually assigned to the self zone.

D.      A zone-pair is bidirectional because it specifies traffic flowing among the interfaces within

the zone-pair in both directions.

E.       Policy maps are used to classify traffic into different traffic classes, and class maps are used

to assign action to the traffic classes.

F.       Service policies are applied in the interface configuration mode.


Correct Answer: B




Refer to the exhibit. Based on the show policy-map type inspect zone-pair session command

output shown, what can be determined about this Cisco IOS zone based firewall policy?




A.      All packets will be dropped since the class-default traffic class is matching all traffic.

B.      This is an inbound policy (applied to traffic sourced from the less secured zone destined to

the more secured zone).

C.      This is an outbound policy (applied to traffic sourced from the more secured zone destined to

the less secured zone).

D.      Stateful packet inspection will be applied only to HTTP packets that also match ACL 110.

E.       All non-HTTP traffic will be permitted to pass as long as it matches ACL 110.

F.       All non-HTTP traffic will be inspected.


Correct Answer: D




When using a stateful firewall, which information is stored in the stateful session flow table?


A.      the outbound and inbound access rules (ACL entries)

B.      the source and destination IP addresses, port numbers, TCP sequencing information, and

additional flags for each TCP or UDP connection associated with a particular session

C.      all TCP and UDP header information only

D.      all TCP SYN packets and the associated return ACK packets only

E.       the inside private IP address and the translated inside global IP address


Correct Answer: B


Download Latest Complete collection of CCNA Security 640-554 Real Exam ,help you to pass exam 100%.

Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCNA Security Exams Questions and Answers



You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by