640-554 - Implementing Cisco IOS Network Security

Go back to Cisco

Example Questions

Refer to Cisco IOS Zone-Based Policy Firewall, where will the inspection policy be applied? Which three statements about applying access control lists to a Cisco router are true? (Choose three.) On Cisco ISR routers, for what purpose is the realm-cisco.pub public encryption key used? Which router management feature provides for the ability to configure multiple administrative views? Which option is a feature of Cisco ScanSafe technology? Which type of management reporting is defined by separating management traffic from production traffic? Which location is recommended for extended or extended named ACLs? Which type of firewall technology is considered the versatile and commonly used firewall technology? Which type of security control is defense in depth? When logging is enabled for an ACL entry, how does the router switch packets filtered by the ACL? Which statement is true about configuring access control lists to control Telnet traffic destined to the router itself? When a network transitions from IPv4 to IPv6, how many bits does the address expand to? How many crypto map sets can you apply to a router interface What does the secure boot-config global configuration accomplish? Which statement about asymmetric encryption algorithms is true? Which network security framework is used to set up access control on Cisco Appliances? You are troubleshooting a Cisco AnyConnect VPN on a firewall and issue the command show webvpn anyconnect. The output shows the message "SSL VPN is not enabled" instead of showing the AnyConnect package. Which action can you take to resolve the problem? When port security is enabled on a Cisco Catalyst switch, what is the default action when the configured maximum number of allowed MAC addresses value is exceeded? When configuring a site-to-site IPsec VPN using the CLI, the authentication pre-share command is configured in the ISAKMP policy. Which additional peer authentication configuration is required? Which option is the correct representation of the IPv6 address 2001:0000:150C:0000:0000:41B1:45A3:041D? Which command will configure AAA accounting using the list of all RADIUS servers on a device to generate a reload event message when the device reloads? Which type of NAT would you configure if a host on the external network required access to an internal host? Which two protocols are used in a server-based AAA deployment? (Choose two.) Which two statements about SSL-based VPNs are true? (Choose two.) Which type of Layer 2 attack causes a switch to flood all incoming traffic to all ports? How are Cisco IOS access control lists processed? Which two options are for securing NTP? (Choose two.) Which two countermeasures can mitigate MAC spoofing attacks? (Choose two.) Which type of encryption algorithm uses public and private keys to provide authentication, integrity, and confidentiality? In an IPsec VPN, what determination does the access list make about VPN traffic? Which option describes a function of a virtual VLAN? Which statement describes how the sender of the message is verified when asymmetric encryption is used? What is the best way to prevent a VLAN hopping attack? Which type of network masking is used when Cisco lOS access control lists are configured? Which statement describes a best practice when configuring trunking on a switch port? What is the purpose of a trunk port? The host A Layer 2 port is configured in VLAN 5 on switch 1, and the host B Layer 2 port is configured in VLAN 10 on switch 1. Which two actions you can take to enable the two hosts to communicate with each other? (Choose two.) Which aaa accounting command is used to enable logging of the start and stop records for user terminal sessions on the router? What are two disadvantages of using network IPS? (Choose two.) On which protocol number does the authentication header operate? Which statement about disabled signatures when using Cisco IOS IPS is true? Which two options are characteristics of the Cisco Configuration Professional Security Audit wizard? (Choose two.) Which statement about Control Plane Policing is true? Which step is important to take when implementing secure network management? Under which higher-level policy is a VPN security policy categorized? Which protocol provides security to Secure Copy? When port security is enabled on a Cisco Catalyst switch, what is the default action when the maximum number of allowed MAC addresses is exceeded? Which Cisco management tool provides the ability to centrally provision all aspects of device configuration across the Cisco family of security products? Which option is a key difference between Cisco lOS interface ACL configurations and Cisco ASA appliance interface ACL configurations? Which authentication method is available when specifying a method list for group policy lookup using the CCP Easy VPN Server wizard?

Study Guides