New Updated Passleader Cisco 640-554 Exam Dumps Free Download (91-100)

QUESTION 91
Refer to the exhibit. Using a stateful packet firewall and given an inside ACL entry of permit ip 192.16.1.0 0.0.0.255 any, what would be the resulting dynamically configured ACL for the return traffic on the outside ACL?
911

A.    permit tcp host 172.16.16.10 eq 80 host 192.168.1.11 eq 2300
B.    permit ip 172.16.16.10 eq 80 192.168.1.0 0.0.0.255 eq 2300
C.    permit tcp any eq 80 host 192.168.1.11 eq 2300
D.    permit ip host 172.16.16.10 eq 80 host 192.168.1.0 0.0.0.255 eq 2300

Answer: A

QUESTION 92
Which option is the resulting action in a zone-based policy firewall configuration with these conditions?
Source: Zone 1
Destination: Zone 2
Zone pair exists?: Yes
Policy exists?: No

A.    no impact to zoning or policy
B.    no policy lookup (pass)
C.    drop
D.    apply default policy

Answer: C

QUESTION 93
A Cisco ASA appliance has three interfaces configured. The first interface is the inside interface with a security level of 100. The second interface is the DMZ interface with a security level of 50. The third interface is the outside interface with a security level of 0. By default, without any access list configured, which five types of traffic are permitted? (Choose five.)

A.    outbound traffic initiated from the inside to the DMZ
B.    outbound traffic initiated from the DMZ to the outside
C.    outbound traffic initiated from the inside to the outside
D.    inbound traffic initiated from the outside to the DMZ
E.    inbound traffic initiated from the outside to the inside
F.    inbound traffic initiated from the DMZ to the inside
G.    HTTP return traffic originating from the inside network and returning via the outside interface
H.    HTTP return traffic originating from the inside network and returning via the DMZ interface
I.    HTTP return traffic originating from the DMZ network and returning via the inside interface
J.    HTTP return traffic originating from the outside network and returning via the inside interface

Answer: ABCGH

QUESTION 94
Which two protocols enable Cisco Configuration Professional to pull IPS alerts from a Cisco ISR router? (Choose two.)

A.    syslog
B.    SDEE
C.    FTP
D.    TFTP
E.    SSH
F.    HTTPS

Answer: BF

QUESTION 95
Which two functions are required for IPsec operation? (Choose two.)

A.    using SHA for encryption
B.    using PKI for pre-shared key authentication
C.    using IKE to negotiate the SA
D.    using AH protocols for encryption and authentication
E.    using Diffie-Hellman to establish a shared-secret key

Answer: CE

QUESTION 96
Which statement about disabled signatures when using Cisco IOS IPS is true?

A.    They do not take any actions, but do produce alerts.
B.    They are not scanned or processed.
C.    They still consume router resources.
D.    They are considered to be "retired" signatures.

Answer: C

QUESTION 97
Which type of intrusion prevention technology is the primary type used by the Cisco IPS security appliances?

A.    profile-based
B.    rule-based
C.    protocol analysis-based
D.    signature-based
E.    NetFlow anomaly-based

Answer: D

QUESTION 98
Which two services are provided by IPsec? (Choose two.)

A.    Confidentiality
B.    Encapsulating Security Payload
C.    Data Integrity
D.    Authentication Header
E.    Internet Key Exchange

Answer: AC

QUESTION 99
Drag and Drop Questions
991

Answer:
992

QUESTION 100
Drag and Drop Questions
1001

Answer:
1002

New Updated Passleader Cisco 640-554 Exam Dumps Free Download

         

Welcome To Visit PassLeader