New Updated Cisco CCNA Security 640-554 Real Exam Download 51-60



Which two options are characteristics of the Cisco Configuration Professional Security Audit

wizard? (Choose two.)


A.      displays a screen with fix-it check boxes to let you choose which potential security-related

configuration changes to implement

B.      has two modes of operation: interactive and non-interactive

C.      automatically enables Cisco IOS firewall and Cisco IOS IPS to secure the router

D.      uses interactive dialogs and prompts to implement role-based CLI

E.       requires users to first identify which router interfaces connect to the inside network and

which connect to the outside network


Correct Answer: AE




Which statement describes a result of securing the Cisco IOS image using the Cisco IOS image

resilience feature?


A.      The show version command does not show the Cisco IOS image file location.

B.      The Cisco IOS image file is not visible in the output from the show flash command.

C.      When the router boots up, the Cisco IOS image is loaded from a secured FTP location.

D.      The running Cisco IOS image is encrypted and then automatically backed up to the NVRAM.

E.       The running Cisco IOS image is encrypted and then automatically backed up to a TFTP server.


Correct Answer: B




Which aaa accounting command is used to enable logging of the start and stop records for user

terminal sessions on the router?


A.      aaa accounting network start-stop tacacs+

B.      aaa accounting system start-stop tacacs+

C.      aaa accounting exec start-stop tacacs+

D.      aaa accounting connection start-stop tacacs+

E.       aaa accounting commands 15 start-stop tacacs+


Correct Answer: C




Which access list permits HTTP traffic sourced from host port 3030 destined to host


A.      access-list 101 permit tcp any eq 3030

B.      access-list 101 permit tcp 0.0.1 .255 eq 3030 192.1 68.1 .0 eq www

C.      access-list 101 permit tcp eq www eq www

D.      access-list 101 permit tcp host 192.1 68.1 .10 eq 80 eq 3030

E.       access-list 101 permit tcp eq 80

F.       access-list 101 permit ip host eq 3030 host eq 80


Correct Answer: B




Which location is recommended for extended or extended named ACLs?


A.      an intermediate location to filter as much traffic as possible

B.      a location as close to the destination traffic as possible

C.      when using the established keyword, a location close to the destination point to ensure that

return traffic is allowed

D.      a location as close to the source traffic as possible


Correct Answer: D




Which statement about asymmetric encryption algorithms is true?


A.      They use the same key for encryption and decryption of data.

B.      They use the same key for decryption but different keys for encryption of data.

C.      They use different keys for encryption and decryption of data.

D.      They use different keys for decryption but the same key for encryption of data.


Correct Answer: C




Which option can be used to authenticate the IPsec peers during IKE Phase 1?


A.      Diffie-Hellman Nonce

B.      pre-shared key

C.      XAUTH

D.      integrity check value

E.       ACS

F.       AH


Correct Answer: B




Which single Cisco IOS ACL entry permits IP addresses from to


A.      permit

B.      permit

C.      permit

D.      permit

E.       permit

F.       permit


Correct Answer: B




You want to use the Cisco Configuration Professional site-to-site VPN wizard to implement a

site-to-site IPsec VPN using pre-shared key. Which four configurations are required (with no

defaults)? (Choose four.)


A.      the interface for the VPN connection

B.      the VPN peer IP address

C.      the IPsec transform-set

D.      the IKE policy

E.       the interesting traffic (the traffic to be protected)

F.       the pre-shared key


Correct Answer: ABEF




Which two options represent a threat to the physical installation of an enterprise network?

(Choose two.)


A.      surveillance camera

B.      security guards

C.      electrical power

D.      computer room access

E.       change control


Correct Answer: CD


Download Latest Complete collection of CCNA Security 640-554 Real Exam ,help you to pass exam 100%.

Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCNA Security Exams Questions and Answers


You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by