You suspect that an attacker in your network has configured a rogue Layer 2 device to intercept traffic from multiple VLANs, which allows the attacker to capture potentially sensitive data. Which two methods will help to mitigate this type of activity? (Choose two.)
A. Turn off all trunk ports and manually configure each VLAN as required on each port
B. Disable DTP on ports that require trunking
C. Secure the native VLAN, VLAN 1 with encryption
D. Set the native VLAN on the trunk ports to an unused VLAN
E. Place unused active ports in an unused VLAN
You are the security administrator for a large enterprise network with many remote locations. You have been given the assignment to deploy a Cisco IPS solution. Where in the network would be the best place to deploy Cisco IOS IPS?
A. inside the firewall of the corporate headquarters Internet connection
B. at the entry point into the data center
C. outside the firewall of the corporate headquarters Internet connection
D. at remote branch offices
Which IPS technique commonly is used to improve accuracy and context awareness, aiming to detect and respond to relevant incidents only and therefore, reduce noise?
A. attack relevancy
B. target asset value
C. signature accuracy
D. risk rating
Which two statements about SSL-based VPNs are true? (Choose two.)
A. Asymmetric algorithms are used for authentication and key exchange.
B. SSL VPNs and IPsec VPNs cannot be configured concurrently on the same router.
C. The application programming interface can be used to modify extensively the SSL client software for use in special applications.
D. The authentication process uses hashing technologies.
E. Both client and clientless SSL VPNs require special-purpose client software to be installed on the client machine.
Which option describes the purpose of Diffie-Hellman?
A. used between the initiator and the responder to establish a basic security policy
B. used to verify the identity of the peer
C. used for asymmetric public key encryption
D. used to establish a symmetric shared key via a public key exchange process
Which three statements about the IPsec ESP modes of operation are true? (Choose three.)
A. Tunnel mode is used between a host and a security gateway.
B. Tunnel mode is used between two security gateways.
C. Tunnel mode only encrypts and authenticates the data.
D. Transport mode authenticates the IP header.
E. Transport mode leaves the original IP header in the clear.
When configuring SSL VPN on the Cisco ASA appliance, which configuration step is required only for Cisco AnyConnect full tunnel SSL VPN access and not required for clientless SSL VPN?
A. user authentication
B. group policy
C. IP address pool
D. SSL VPN interface
E. connection profile
For what purpose is the Cisco ASA appliance web launch SSL VPN feature used?
A. to enable split tunneling when using clientless SSL VPN access
B. to enable users to login to a web portal to download and launch the AnyConnect client
C. to enable smart tunnel access for applications that are not web-based
D. to optimize the SSL VPN connections using DTLS
E. to enable single-sign-on so the SSL VPN users need only log in once
Which statement describes how VPN traffic is encrypted to provide confidentiality when using asymmetric encryption?
A. The sender encrypts the data using the sender’s private key, and the receiver decrypts the data using the sender’s public key.
B. The sender encrypts the data using the sender’s public key, and the receiver decrypts the data using the sender’s private key.
C. The sender encrypts the data using the sender’s public key, and the receiver decrypts the data using the receiver’s public key.
D. The sender encrypts the data using the receiver’s private key, and the receiver decrypts the data using the receiver’s public key.
E. The sender encrypts the data using the receiver’s public key, and the receiver decrypts the data using the receiver’s private key.
F. The sender encrypts the data using the receiver’s private key, and the receiver decrypts the data using the sender’s public key.
Which four types of VPN are supported using Cisco ISRs and Cisco ASA appliances? (Choose four.)
A. SSL clientless remote-access VPNs
B. SSL full-tunnel client remote-access VPNs
C. SSL site-to-site VPNs
D. IPsec site-to-site VPNs
E. IPsec client remote-access VPNs
F. IPsec clientless remote-access VPNs
New Updated Passleader Cisco 640-554 Exam Dumps Free Download