New Updated Passleader Cisco 640-554 Exam Dumps Free Download (21-30)

QUESTION 21
Which option can be used to authenticate the IPsec peers during IKE Phase 1?

A.    Diffie-Hellman Nonce
B.    pre-shared key
C.    XAUTH
D.    integrity check value
E.    ACS
F.    AH

Answer: B

QUESTION 22
Which single Cisco IOS ACL entry permits IP addresses from 172.16.80.0 to 172.16.87.255?

A.    permit 172.16.80.0 0.0.3.255
B.    permit 172.16.80.0 0.0.7.255
C.    permit 172.16.80.0 0.0.248.255
D.    permit 176.16.80.0 255.255.252.0
E.    permit 172.16.80.0 255.255.248.0
F.    permit 172.16.80.0 255.255.240.0

Answer: B

QUESTION 23
You want to use the Cisco Configuration Professional site-to-site VPN wizard to implement a site- to-site IPsec VPN using pre-shared key. Which four configurations are required (with no defaults)? (Choose four.)

A.    the interface for the VPN connection
B.    the VPN peer IP address
C.    the IPsec transform-set
D.    the IKE policy
E.    the interesting traffic (the traffic to be protected)
F.    the pre-shared key

Answer: ABEF

QUESTION 24
Which two options represent a threat to the physical installation of an enterprise network? (Choose two.)

A.    surveillance camera
B.    security guards
C.    electrical power
D.    computer room access
E.    change control

Answer: CD

QUESTION 25
Which option represents a step that should be taken when a security policy is developed?

A.    Perform penetration testing.
B.    Determine device risk scores.
C.    Implement a security monitoring system.
D.    Perform quantitative risk analysis.

Answer: D

QUESTION 26
Which type of network masking is used when Cisco IOS access control lists are configured?

A.    extended subnet masking
B.    standard subnet masking
C.    priority masking
D.    wildcard masking

Answer: D

QUESTION 27
How are Cisco IOS access control lists processed?

A.    Standard ACLs are processed first.
B.    The best match ACL is matched first.
C.    Permit ACL entries are matched first before the deny ACL entries.
D.    ACLs are matched from top down.
E.    The global ACL is matched first before the interface ACL.

Answer: D

QUESTION 28
Which type of management reporting is defined by separating management traffic from production traffic?

A.    IPsec encrypted
B.    in-band
C.    out-of-band
D.    SSH

Answer: C

QUESTION 29
Which syslog level is associated with LOG_WARNING?

A.    1
B.    2
C.    3
D.    4
E.    5
F.    6

Answer: D

QUESTION 30
In which type of Layer 2 attack does an attacker broadcast BDPUs with a lower switch priority?

A.    MAC spoofing attack
B.    CAM overflow attack
C.    VLAN hopping attack
D.    STP attack

Answer: D

New Updated Passleader Cisco 640-554 Exam Dumps Free Download

Welcome To Visit PassLeader