Refer to the exhibit. Using a stateful packet firewall and given an inside ACL entry of permit ip 220.127.116.11 0.0.0.255 any, what would be the resulting dynamically configured ACL for the return traffic on the outside ACL?
A. permit tcp host 172.16.16.10 eq 80 host 192.168.1.11 eq 2300
B. permit ip 172.16.16.10 eq 80 192.168.1.0 0.0.0.255 eq 2300
C. permit tcp any eq 80 host 192.168.1.11 eq 2300
D. permit ip host 172.16.16.10 eq 80 host 192.168.1.0 0.0.0.255 eq 2300
Which option is the resulting action in a zone-based policy firewall configuration with these conditions?
Source: Zone 1
Destination: Zone 2
Zone pair exists?: Yes
Policy exists?: No
A. no impact to zoning or policy
B. no policy lookup (pass)
D. apply default policy
A Cisco ASA appliance has three interfaces configured. The first interface is the inside interface with a security level of 100. The second interface is the DMZ interface with a security level of 50. The third interface is the outside interface with a security level of 0. By default, without any access list configured, which five types of traffic are permitted? (Choose five.)
A. outbound traffic initiated from the inside to the DMZ
B. outbound traffic initiated from the DMZ to the outside
C. outbound traffic initiated from the inside to the outside
D. inbound traffic initiated from the outside to the DMZ
E. inbound traffic initiated from the outside to the inside
F. inbound traffic initiated from the DMZ to the inside
G. HTTP return traffic originating from the inside network and returning via the outside interface
H. HTTP return traffic originating from the inside network and returning via the DMZ interface
I. HTTP return traffic originating from the DMZ network and returning via the inside interface
J. HTTP return traffic originating from the outside network and returning via the inside interface
Which two protocols enable Cisco Configuration Professional to pull IPS alerts from a Cisco ISR router? (Choose two.)
Which two functions are required for IPsec operation? (Choose two.)
A. using SHA for encryption
B. using PKI for pre-shared key authentication
C. using IKE to negotiate the SA
D. using AH protocols for encryption and authentication
E. using Diffie-Hellman to establish a shared-secret key
Which statement about disabled signatures when using Cisco IOS IPS is true?
A. They do not take any actions, but do produce alerts.
B. They are not scanned or processed.
C. They still consume router resources.
D. They are considered to be "retired" signatures.
Which type of intrusion prevention technology is the primary type used by the Cisco IPS security appliances?
C. protocol analysis-based
E. NetFlow anomaly-based
Which two services are provided by IPsec? (Choose two.)
B. Encapsulating Security Payload
C. Data Integrity
D. Authentication Header
E. Internet Key Exchange
New Updated Passleader Cisco 640-554 Exam Dumps Free Download