Which statement describes a best practice when configuring trunking on a switch port?
A. Disable double tagging by enabling DTP on the trunk port.
B. Enable encryption on the trunk port.
C. Enable authentication and encryption on the trunk port.
D. Limit the allowed VLAN(s) on the trunk to the native VLAN only.
E. Configure an unused VLAN as the native VLAN.
Which type of Layer 2 attack causes a switch to flood all incoming traffic to all ports?
A. MAC spoofing attack
B. CAM overflow attack
C. VLAN hopping attack
D. STP attack
What is the best way to prevent a VLAN hopping attack?
A. Encapsulate trunk ports with IEEE 802.1Q.
B. Physically secure data closets.
C. Disable DTP negotiations.
D. Enable BDPU guard.
Which statement about PVLAN Edge is true?
A. PVLAN Edge can be configured to restrict the number of MAC addresses that appear on a single port.
B. The switch does not forward any traffic from one protected port to any other protected port.
C. By default, when a port policy error occurs, the switchport shuts down.
D. The switch only forwards traffic to ports within the same VLAN Edge.
If you are implementing VLAN trunking, which additional configuration parameter should be added to the trunking configuration?
A. no switchport mode access
B. no switchport trunk native VLAN 1
C. switchport mode DTP
D. switchport nonnegotiate
When Cisco IOS zone-based policy firewall is configured, which three actions can be applied to a traffic class? (Choose three.)
With Cisco IOS zone-based policy firewall, by default, which three types of traffic are permitted by the router when some of the router interfaces are assigned to a zone? (Choose three.)
A. traffic flowing between a zone member interface and any interface that is not a zone member
B. traffic flowing to and from the router interfaces (the self zone)
C. traffic flowing among the interfaces that are members of the same zone
D. traffic flowing among the interfaces that are not assigned to any zone
E. traffic flowing between a zone member interface and another interface that belongs in a different zone
F. traffic flowing to the zone member interface that is returned traffic
Which option is a key difference between Cisco IOS interface ACL configurations and Cisco ASA appliance interface ACL configurations?
A. The Cisco IOS interface ACL has an implicit permit-all rule at the end of each interface ACL.
B. Cisco IOS supports interface ACL and also global ACL. Global ACL is applied to all interfaces.
C. The Cisco ASA appliance interface ACL configurations use netmasks instead of wildcard masks.
D. The Cisco ASA appliance interface ACL also applies to traffic directed to the IP addresses of the Cisco ASA appliance interfaces.
E. The Cisco ASA appliance does not support standard ACL. The Cisco ASA appliance only support extended ACL.
Which two options are advantages of an application layer firewall? (Choose two.)
A. provides high-performance filtering
B. makes DoS attacks difficult
C. supports a large number of applications
D. authenticates devices
E. authenticates individuals
On Cisco ISR routers, for what purpose is the realm-cisco.pub public encryption key used?
A. used for SSH server/client authentication and encryption
B. used to verify the digital signature of the IPS signature file
C. used to generate a persistent self-signed identity certificate for the ISR so administrators can authenticate the ISR when accessing it using Cisco Configuration Professional
D. used to enable asymmetric encryption on IPsec and SSL VPNs
E. used during the DH exchanges on IPsec VPNs
New Updated Passleader Cisco 640-554 Exam Dumps Free Download