New Updated Cisco CCNA Security 640-554 Real Exam Download 61-70

Ensurepass

QUESTION 61

Which option represents a step that should be taken when a security policy is developed?

 

A.      Perform penetration testing.

B.      Determine device risk scores.

C.      Implement a security monitoring system.

D.      Perform quantitative risk analysis.

 

Correct Answer: D

 

 

QUESTION 62

Which type of network masking is used when Cisco IOS access control lists are configured?

 

A.      extended subnet masking

B.      standard subnet masking

C.      priority masking

D.      wildcard masking

 

Correct Answer: D

 

 

QUESTION 63

How are Cisco IOS access control lists processed?

 

A.      Standard ACLs are processed first.

B.      The best match ACL is matched first.

C.      Permit ACL entries are matched first before the deny ACL entries.

D.      ACLs are matched from top down.

E.       The global ACL is matched first before the interface ACL.

 

Correct Answer: D

 

 

QUESTION 64

Which type of management reporting is defined by separating management traffic from

production traffic?

 

A.      IPsec encrypted

B.      in-band

C.      out-of-band

D.      SSH

 

Correct Answer: C

 

 

QUESTION 65

Which syslog level is associated with LOG_WARNING?

 

A.      1

B.      2

C.      3

D.      4

E.       5

F.       6

G.      7

H.      0

 

Correct Answer: D

 

 

QUESTION 66

In which type of Layer 2 attack does an attacker broadcast BDPUs with a lower switch priority?

 

A.      MAC spoofing attack

B.      CAM overflow attack

C.      VLAN hopping attack

D.      STP attack

 

Correct Answer: D

 

 

QUESTION 67

Which security measure must you take for native VLANs on a trunk port?

 

A.      Native VLANs for trunk ports should never be used anywhere else on the switch.

B.      The native VLAN for trunk ports should be VLAN 1.

C.      Native VLANs for trunk ports should match access VLANs to ensure that cross-VLAN traffic

from multiple switches can be delivered to physically disparate switches.

D.      Native VLANs for trunk ports should be tagged with 802.1Q.

 

Correct Answer: A

 

 

QUESTION 68

Refer to the exhibit. Which switch is designated as the root bridge in this topology?

 

clip_image002

A.      It depends on which switch came on line first.

B.      Neither switch would assume the role of root bridge because they have the same default

priority.

C.      switch X

D.      switch Y

 

Correct Answer: C

 

 

QUESTION 69

Which type of firewall technology is considered the versatile and commonly used firewall

technology?

 

A.      static packet filter firewall

B.      application layer firewall

C.      stateful packet filter firewall

D.      proxy firewall

E.       adaptive layer firewall

 

Correct Answer: C

 

 

QUESTION 70

Which type of NAT is used where you translate multiple internal IP addresses to a single global,

routable IP address?

 

A.      policy NAT

B.      dynamic PAT

C.      static NAT

D.      dynamic NAT

E.       policy PAT

 

Correct Answer: B

 

Download Latest Complete collection of CCNA Security 640-554 Real Exam ,help you to pass exam 100%.

Ensurepass Cisco Certifications Exam Questions and Answers
Ensurepass CCNA Security Exams Questions and Answers

HOT EXAM!

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com