REAL QUESTIONS SUBMIT MATERIAL ADVERTISE
Braindumps

Microsoft

Cisco

Citrix

CIW

CompTia

CWNA

Apple

Adobe

HP

Legato

Exin

Filemaker

Brocade

Ericsson

TIA

Veritas

ISEB

SCP

IISFA

ISM

OMG

Apc

Mile2

Foundry

Huawei

McData

Symantec

TeraData

RedHat

Solar Winds

Blue Coat

Riverbed

 

 
 
Click on name of dumper to view the dump
 
Josha
 
 

Braindumps of 640-553
IINS Implementing Cisco IOS Network Security

 


Many thanks to all the dumpers, who submit their dumps on this site. Please submit more dumps. Coz everyone should contribute his share.
 


QUESTION NO: 1
Examine the following options, which access list will permit HTTP traffic sourced from host 10.1.129.100 port 3030 destined to host 192.168.1.10?
A. access-list 101 permit tcp host 192.168.1.10 eq 80 10.1.0.0 0.0.255.255 eq 3030
B. access-list 101permit tcp any eq 3030
C. access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.1.10 0.0.0.0 eq www
D. access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 3030 192.168.1.0 0.0.0.15 eq www
Answer: D


QUESTION NO: 2
Which key method is used to detect and prevent attacks by use of IDS and/or IPS technologies?
A. Signature-based detection
B. Anomaly-based detection
C. Honey pot detection
D. Policy-based detection
Answer: A


QUESTION NO: 3
In a brute-force attack, what percentage of the keyspace must an attacker generally search through until he or she finds the key that decrypts the data?
A. Roughly 50 percent
B. Roughly 66 percent
C. Roughly 75 percent
D. Roughly 10 percent
Answer: A


QUESTION NO: 4
Which one of the Cisco IOS commands can be used to verify that either the Cisco IOS image, the configuration files, or both have been properly backed up and secured?
A. show archive
B. show flash
C. show file systems
D. show secure bootset
Answer: D


QUESTION NO: 5
If you click the Configure button along the top of Cisco SDM??s graphical interface,which Tasks button permits you to configure such features as SSH, NTP, SNMP, and syslog?
A. Interfaces and Connections
B. Intrusion Prevention
C. Security Audit
D. Additional Tasks
Answer: D


QUESTION NO: 6
In an IEEE 802.1x deployment, between which two devices EAPOL messages typically are sent?
A. Between the supplicant and the authenticator
B. Between the authenticator and the authentication server
C. Between the supplicant and the authentication server
D. Between the RADIUS server and the authenticator
Answer: A


QUESTION NO: 7
For the following items ,which one can be used to authenticate the IPsec peers during IKE Phase 1?
A. pre-shared key
B. integrity check value
C. XAUTH
D. Diffie-Hellman Nonce
Answer: A


QUESTION NO: 8
Which description about asymmetric encryption algorithms is correct?
A. They use the same key for encryption and decryption of data.
B. They use different keys for decryption but the same key for encryption of data.
C. They use different keys for encryption and decryption of data.
D. They use the same key for decryption but different keys for encryption of data.
Answer: C


QUESTION NO: 9
For the following items, which management topology keeps management traffic isolated from production traffic?
A. OTP
B. OOB
C. SAFE
D. MARS
Answer: B


QUESTION NO: 10
You work as a network engineer, do you know an IPsec tunnel is negotiated within the protection of which type of tunnel?
A. L2F tunnel
B. L2TP tunnel
C. GRE tunnel
D. ISAKMP tunnel
Answer: D


QUESTION NO: 11
As a candidate for CCNA examination, when you are familiar with the basic commands, if you input the command "enable secret level 5 password" in the global mode , what does it indicate?
A. Set the enable secret command to privilege level 5.
B. The enable secret password is hashed using MD5.
C. The enable secret password is for accessing exec privilege level 5.
D. The enable secret password is hashed using SHA.
E. The enable secret password is encrypted using Cisco proprietary level 5 encryption.
Answer: C


QUESTION NO: 12
Examine the following options ,when editing global IPS settings, which one determines if the IOSbased IPS feature will drop or permit traffic for a particular IPS signature engine while a new signature for that engine is being compiled?
A. Enable Signature Default
B. Enable Engine Fail Closed
C. Enable Default IOS Signature
D. Enable Fail Opened
Answer: B


QUESTION NO: 13
Which statement best describes Cisco IOS Zone-Based Policy Firewall?
A. A router interface can belong to multiple zones.
B. Policy maps are used to classify traffic into different traffic classes, and class maps are used to assign action to the traffic classes.
C. The pass action works in only one direction.
D. A zone-pair is bidirectional because it specifies traffic flowing among the interfaces within the zone-pair in both directions.
Answer: C


QUESTION NO: 14
Which feature is a potential security weakness of a traditional stateful firewall?
A. It cannot support UDP flows.
B. It cannot ensure each TCP connection follows a legitimate TCP three-way handshake.
C. It cannot detect application-layer attacks.
D. The status of TCP sessions is retained in the state table after the sessions terminate.
Answer: C


640-553

 

 

Braindumps Real exam questions and verified answers - 100% passing guarantee - cheap prices.

 

Free brain dumps Braindumps, notes, books for free

 

Braindumps and Exams - Instant download real exam questions - Passing guarantee.

Follow us on FaceBook
Braindumps on Facebook
 
 
 
 
 

CheckPoint

Linux

Novell

DB/2

Network Appliance

EC-Council

Nortel

McAfee

Juniper

ISACA

PMI

Sybase

EMC

HDI

SNIA

ISC

Sair

IBM

Lotus

Exam Express

3COM

BICSI

DeLL

Enterasys

Extreme Networks

Guidance Software

Computer Associates

Network General

SAS Institute

Alcatel Lucent

SeeBeyond

TruSecure

Polycom

Hyperion

Hitachi

Nokia

Fortinet

Vmware

Fujitsu

Tibco

Intel

PostgreSQLCE

BusinessObjects

RESSoftware

BlackBerry

AccessData

ICDL

Isilon

SAP

The Open Group

ACSM

Altiris

Avaya

Cognos

F5

Genesys

SDI

ACI

ASQ

Google

H3C

HIPAA

HRCI

SOA

IIBA

Zend