New Updated Cisco CCNA Security 640-554 Real Exam Download 21-30

Ensurepass

QUESTION 21

Which router management feature provides for the ability to configure multiple administrative

views?

 

A.      role-based CLI

B.      virtual routing and forwarding

C.      secure config privilege {level}

D.      parser view view name

 

Correct Answer: A

 

 

QUESTION 22

You suspect that an attacker in your network has configured a rogue Layer 2 device to intercept

traffic from multiple VLANs, which allows the attacker to capture potentially sensitive data.

Which two methods will help to mitigate this type of activity? (Choose two.)

 

A.      Turn off all trunk ports and manually configure each VLAN as required on each port.

B.      Place unused active ports in an unused VLAN.

C.      Secure the native VLAN, VLAN 1, with encryption.

D.      Set the native VLAN on the trunk ports to an unused VLAN.

E.       Disable DTP on ports that require trunking.

 

Correct Answer: DE

 

 

QUESTION 23

Which statement describes a best practice when configuring trunking on a switch port?

 

A.      Disable double tagging by enabling DTP on the trunk port.

B.      Enable encryption on the trunk port.

C.      Enable authentication and encryption on the trunk port.

D.      Limit the allowed VLAN(s) on the trunk to the native VLAN only.

E.       Configure an unused VLAN as the native VLAN.

 

Correct Answer: E

 

 

QUESTION 24

Which type of Layer 2 attack causes a switch to flood all incoming traffic to all ports?

 

A.      MAC spoofing attack

B.      CAM overflow attack

C.      VLAN hopping attack

D.      STP attack

 

Correct Answer: B

 

 

QUESTION 25

What is the best way to prevent a VLAN hopping attack?

 

A.      Encapsulate trunk ports with IEEE 802.1Q.

B.      Physically secure data closets.

C.      Disable DTP negotiations.

D.      Enable BDPU guard.

 

Correct Answer: C

 

 

QUESTION 26

Which statement about PVLAN Edge is true?

 

A.      PVLAN Edge can be configured to restrict the number of MAC addresses that appear on a

single port.

B.      The switch does not forward any traffic from one protected port to any other protected port.

C.      By default, when a port policy error occurs, the switchport shuts down.

D.      The switch only forwards traffic to ports within the same VLAN Edge.

 

Correct Answer: B

 

 

QUESTION 27

If you are implementing VLAN trunking, which additional configuration parameter should be

added to the trunking configuration?

 

A.      no switchport mode access

B.      no switchport trunk native VLAN 1

C.      switchport mode DTP

D.      switchport nonnegotiate

 

Correct Answer: D

 

 

QUESTION 28

When Cisco IOS zone-based policy firewall is configured, which three actions can be applied to a

traffic class? (Choose three.)

 

A.      pass

B.      police

C.      inspect

D.      drop

E.       queue

F.       shape

 

Correct Answer: ACD

 

 

QUESTION 29

With Cisco IOS zone-based policy firewall, by default, which three types of traffic are permitted

by the router when some of the router interfaces are assigned to a zone? (Choose three.)

 

A.      traffic flowing between a zone member interface and any interface that is not a zone

member

B.      traffic flowing to and from the router interfaces (the self zone)

C.      traffic flowing among the interfaces that are members of the same zone

D.      traffic flowing among the interfaces that are not assigned to any zone

E.       traffic flowing between a zone member interface and another interface that belongs in a

different zone

F.       traffic flowing to the zone member interface that is returned traffic

 

Correct Answer: BCD

 

 

QUESTION 30

Which option is a key difference between Cisco IOS interface ACL configurations and Cisco ASA

appliance interface ACL configurations?

 

A.      The Cisco IOS interface ACL has an implicit permit-all rule at the end of each interface ACL.

B.      Cisco IOS supports interface ACL and also global ACL. Global ACL is applied to all interfaces.

C.      The Cisco ASA appliance interface ACL configurations use netmasks instead of wildcard

masks.

D.      The Cisco ASA appliance interface ACL also applies to traffic directed to the IP addresses of

the Cisco ASA appliance interfaces.

E.       The Cisco ASA appliance does not support standard ACL. The Cisco ASA appliance only

support extended ACL.

 

Correct Answer: C

 

Download Latest Complete collection of CCNA Security 640-554 Real Exam ,help you to pass exam 100%.

Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCNA Security Exams Questions and Answers

HOT EXAM!

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com