How to pass the newest 640-554 exam? What new questions are on the latest 640-554 exam? PassLeader’s best 640-554 VCE and PDF exam dumps will tell you all about the 640-554 exam. For all PassLeader’s 265q 640-554 exam questions are the newest and covered all new added questions and answers, which will help you 100% passing exam. And we PassLeader will continue update 640-554 exam questions and answers, you will never fail the exam 640-554. Hurry up and get the free VCE Player with your premium 640-554 VCE dumps from passleader.com now!
keywords: 640-554 exam,265q 640-554 exam dumps,265q 640-554 exam questions,640-554 pdf dumps,640-554 vce dumps,640-554 braindumps,Implementing Cisco IOS Network Security (IINS v2.0)
QUESTION 188
Which statement about the role-based CLI access views on a Cisco router is true?
A. The maximum number of configurable CLI access views is 10, including one lawful intercept view and excluding the root view.
B. The maximum number of configurable CLI access views is 10, including one superview.
C. The maximum number of configurable CLI access views is 15, including one lawful intercept view and excluding the root view.
D. The maximum number of configurable CLI access views is 15, including one lawful intercept view.
QUESTION 189
Which three protocols are supported by management plane protection? (Choose three.)
A. SNMP
B. SMTP
C. SSH
D. OSPF
E. HTTPS
F. EIGRP
Answer: ACE
QUESTION 190
Which statement about rule-based policies in Cisco Security Manager is true?
A. Rule-based policies contain one or more rules that are related to a device’s security and operations parameters.
B. Rule-based policies contain one or more rules that control how traffic is filtered and inspected on a device.
C. Rule-based policies contain one or more user roles that are related to a device’s security and operations parameters.
D. Rule-based policies contain one or more user roles that control how user traffic is filtered and inspected on a device.
Answer: B
QUESTION 191
Which Cisco Security Manager feature enables the configuration of unsupported device features?
A. Deployment Manager
B. FlexConfig
C. Policy Object Manager
D. Configuration Manager
Answer: B
QUESTION 192
Which statement about IPv6 address allocation is true?
A. IPv6-enabled devices can be assigned only one IPv6 IP address.
B. A DHCP server is required to allocate IPv6 IP addresses.
C. IPv6-enabled devices can be assigned multiple IPv6 IP addresses.
D. ULA addressing is required for Internet connectivity.
Answer: C
QUESTION 193
Which command will configure a Cisco ASA firewall to authenticate users when they enter the enable syntax using the local database with no fallback method?
A. aaa authentication enable console LOCAL SERVER_GROUP
B. aaa authentication enable console SERVER_GROUP LOCAL
C. aaa authentication enable console local
D. aaa authentication enable console LOCAL
Answer: D
QUESTION 194
Which command will configure a Cisco router to use a TACACS+ server to authorize network services with no fallback method?
A. aaa authorization exec default group tacacs+ none
B. aaa authorization network default group tacacs+ none
C. aaa authorization network default group tacacs+
D. aaa authorization network default group tacacs+ local
Answer: C
QUESTION 195
Which three statements about RADIUS are true? (Choose three.)
A. RADIUS uses TCP port 49.
B. RADIUS uses UDP ports 1645 or 1812.
C. RADIUS encrypts the entire packet.
D. RADIUS encrypts only the password in the Access-Request packet.
E. RADIUS is a Cisco proprietary technology.
F. RADIUS is an open standard.
Answer: BDF
http://www.passleader.com/640-554.html
QUESTION 196
Which command will configure AAA accounting using the list of all RADIUS servers on a device to generate a reload event message when the device reloads?
A. aaa accounting network default start-stop group radius
B. aaa accounting auth-proxy default start-stop group radius
C. aaa accounting system default start-stop group radius
D. aaa accounting exec default start-stop group radius
Answer: C
QUESTION 197
Which two accounting notices are used to send a failed authentication attempt record to a AAA server? (Choose two.)
A. start-stop
B. stop-record
C. stop-only
D. stop
Answer: AC
QUESTION 198
What is the first command you enter to configure AAA on a new Cisco router?
A. aaa configuration
B. no aaa-configuration
C. no aaa new-model
D. aaa new-model
Answer: D
QUESTION 199
Which three TACACS+ server-authentication protocols are supported on Cisco ASA firewalls? (Choose three.)
A. EAP
B. ASCII
C. PAP
D. PEAP
E. MS-CHAPv1
F. MS-CHAPv2
Answer: BCE
QUESTION 200
What is the default privilege level for a new user account on a Cisco ASA firewall?
A. 0
B. 1
C. 2
D. 15
Answer: C
QUESTION 201
Which statement about ACL operations is true?
A. The access list is evaluated in its entirety.
B. The access list is evaluated one access-control entry at a time.
C. The access list is evaluated by the most specific entry.
D. The default explicit deny at the end of an access list causes all packets to be dropped.
Answer: B
QUESTION 202
Which three statements about access lists are true? (Choose three.)
A. Extended access lists should be placed as near as possible to the destination.
B. Extended access lists should be placed as near as possible to the source.
C. Standard access lists should be placed as near as possible to the destination.
D. Standard access lists should be placed as near as possible to the source.
E. Standard access lists filter on the source address.
F. Standard access lists filter on the destination address.
Answer: BCE
QUESTION 203
Which command configures a device to actively watch connection requests and provide immediate protection from DDoS attacks?
A. router(config)# ip tcp intercept mode intercept
B. router(config)# ip tcp intercept mode watch
C. router(config)# ip tcp intercept max-incomplete high 100
D. router(config)# ip tcp intercept drop-mode random
Answer: A
QUESTION 204
Which command will block external spoofed addresses?
A. access-list 128 deny ip 10.0.0.0 0.0.255.255 any
B. access-list 128 deny ip 192.168.0.0 0.0.0.255 any
C. access-list 128 deny ip 10.0.0.0 0.255.255.255 any
D. access-list 128 deny ip 192.168.0.0 0.0.31.255 any
Answer: C