640-553 - IINS Implementing Cisco IOS Network Security

Go back to Cisco

Example Questions

Which one of the following commands can be used to enable AAA authentication to determine if a user can access the privilege command level? Which location will be recommended for extended or extended named ACLs? Which option is a desirable feature of using symmetric encryption algorithms? Before a Diffie-Hellman exchange may begin, the two parties involved must agree on what? When configuring AAA login authentication on CISCO routers, which two authentication methods should be used as the final method to ensure that the administrator can still log in to the router in case the external AAA server fails? (Choose two) Examine the following options, which access list will permit HTTP traffic sourced from host 10.1.129.100 port 3030 destined to host 192.168.1.10? Which option is the term for the likelihood that a particular threat using a specific attack will exploit particular vulnerability of a system that results in an undesirable consequence? Which three are distinctions between asymmetric and symmetric algorithms? (Choose all that apply.) Which type of firewall is needed to open appropriate UDP ports required for RTP streams? Which one of the following items may be added to a password stored in MD5 to make it more secure? Which two ports are used with RADIUS authentication and authorization?(Choose two.) As a candidate for CCNA examination, when you are familiar with the basic commands, if you input the command "enable secret level 5 password" in the global mode , what does it indicate? Stream ciphers run on which of the following? DES typically operates in block mode, where it encrypts data in what size blocks? Which one is the most important based on the following common elements of a network design? You have several operating groups in your enterprise that require different access restrictions to the routers to perform their jobs roles. These groups range from Help Desk personnel to advanced troubleshooters. 33 What is one methodology for controlling access rights to the router in these situation? You are a network technician at Cisco.com. Which description is correct when you have generated RSA keys on your Cisco router to prepare for secure device management? Which option is true of using cryptographic hashes? In an IEEE 802.1x deployment, between which two devices EAPOL messages typically are sent? The enable secret password appears as an MD5 hash in a router's configuration file, whereas the enable password is not hashed (or encrypted, if the password-encryption service is not enabled). What is the reason that Cisco still support the use of both enable secret and enable passwords in a router's configuration? What will be disabled as a result of the no service password-recovery command? Which statement is true about configuring access control lists to control Telnet traffic destined to the router itself? Which option ensures that data is not modified in transit? Which option is the term for a weakness in a system or its design that can be exploited by a threat Examine the following items, which one offers a variety of security solutions, including firewall, IPS, VPN, antispyware, antivirus, and antiphishing features? Which statement about disabled signatures when using Cisco IOS IPS is true? Which threat are the most serious? Which type of MAC address is dynamically learned by a switch port and then added to the switch's running configuration? Which statement is true about a certificate authority (CA)? What is a static packet-filtering firewall used for? Refer to Cisco IOS Zone-Based Policy Firewall, where will the inspection policy be applied? Which Public Key Cryptographic Standards (PKCS) defines the syntax for encrypted messages and messages with digital signatures? Which option correctly defines asymmetric encryption? You work as a network engineer, do you know an IPsec tunnel is negotiated within the protection of which type of tunnel? What is the purpose of Diffie-Hellman? Which protocol will use a LUN as a way to differentiate the individual disk drives that comprise a target device? Which two functions are required for IPsec operation? (Choose two.) When configuring Cisco IOS login enhancements for virtual connections, what is the "quiet period"? Which option is true of intrusion prevention systems? Examine the following options ,when editing global IPS settings, which one determines if the IOS-based IPS feature will drop or permit traffic for a particular IPS signature engine while a new signature for that engine is being compiled? Which statement is true about vishing? Which of these options is a Cisco IOS feature that lets you more easily configure security features on your router? Regarding constructing a good encryption algorithm, what does creating an avalanche effect indicate? Which of the following are techniques used by symmetric encryption cryptography? (Choose all that apply.) If you click the Configure button along the top of Cisco SDM's graphical interface,which Tasks button permits you to configure such features as SSH, NTP, SNMP, and syslog? How does CLI view differ from a privilege level? Which description is true about ECB mode? Which is the main difference between host-based and network-based intrusion prevention? Which VoIP components can permit or deny a call attempt on the basis of a network's available bandwidth? When configuring SSH, which is the Cisco minimum recommended modulus value?

Study Guides