Braindumps of 640-553
IINS Implementing Cisco IOS Network Security
Many thanks to all the dumpers, who submit their dumps
on this site. Please submit more dumps. Coz everyone
should contribute his share.
QUESTION NO: 1
Examine the following options, which access list will
permit HTTP traffic sourced from host 10.1.129.100 port
3030 destined to host 192.168.1.10?
A. access-list 101 permit tcp host 192.168.1.10 eq 80
10.1.0.0 0.0.255.255 eq 3030
B. access-list 101permit tcp any eq 3030
C. access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq
www 192.168.1.10 0.0.0.0 eq www
D. access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq
3030 192.168.1.0 0.0.0.15 eq www
QUESTION NO: 2
Which key method is used to detect and prevent attacks
by use of IDS and/or IPS technologies?
A. Signature-based detection
B. Anomaly-based detection
C. Honey pot detection
D. Policy-based detection
QUESTION NO: 3
In a brute-force attack, what percentage of the keyspace
must an attacker generally search through until he or
she finds the key that decrypts the data?
A. Roughly 50 percent
B. Roughly 66 percent
C. Roughly 75 percent
D. Roughly 10 percent
QUESTION NO: 4
Which one of the Cisco IOS commands can be used to verify
that either the Cisco IOS image, the configuration files,
or both have been properly backed up and secured?
A. show archive
B. show flash
C. show file systems
D. show secure bootset
QUESTION NO: 5
If you click the Configure button along the top of Cisco
SDM??s graphical interface,which Tasks button permits
you to configure such features as SSH, NTP, SNMP, and
A. Interfaces and Connections
B. Intrusion Prevention
C. Security Audit
D. Additional Tasks
QUESTION NO: 6
In an IEEE 802.1x deployment, between which two devices
EAPOL messages typically are sent?
A. Between the supplicant and the authenticator
B. Between the authenticator and the authentication
C. Between the supplicant and the authentication server
D. Between the RADIUS server and the authenticator
QUESTION NO: 7
For the following items ,which one can be used to authenticate
the IPsec peers during IKE Phase 1?
A. pre-shared key
B. integrity check value
D. Diffie-Hellman Nonce
QUESTION NO: 8
Which description about asymmetric encryption algorithms
A. They use the same key for encryption and decryption
B. They use different keys for decryption but the same
key for encryption of data.
C. They use different keys for encryption and decryption
D. They use the same key for decryption but different
keys for encryption of data.
QUESTION NO: 9
For the following items, which management topology keeps
management traffic isolated from production traffic?
QUESTION NO: 10
You work as a network engineer, do you know an IPsec
tunnel is negotiated within the protection of which
type of tunnel?
A. L2F tunnel
B. L2TP tunnel
C. GRE tunnel
D. ISAKMP tunnel
QUESTION NO: 11
As a candidate for CCNA examination, when you are familiar
with the basic commands, if you input the command "enable
secret level 5 password" in the global mode , what
does it indicate?
A. Set the enable secret command to privilege level
B. The enable secret password is hashed using MD5.
C. The enable secret password is for accessing exec
privilege level 5.
D. The enable secret password is hashed using SHA.
E. The enable secret password is encrypted using Cisco
proprietary level 5 encryption.
QUESTION NO: 12
Examine the following options ,when editing global IPS
settings, which one determines if the IOSbased IPS feature
will drop or permit traffic for a particular IPS signature
engine while a new signature for that engine is being
A. Enable Signature Default
B. Enable Engine Fail Closed
C. Enable Default IOS Signature
D. Enable Fail Opened
QUESTION NO: 13
Which statement best describes Cisco IOS Zone-Based
A. A router interface can belong to multiple zones.
B. Policy maps are used to classify traffic into different
traffic classes, and class maps are used to assign action
to the traffic classes.
C. The pass action works in only one direction.
D. A zone-pair is bidirectional because it specifies
traffic flowing among the interfaces within the zone-pair
in both directions.
QUESTION NO: 14
Which feature is a potential security weakness of a
traditional stateful firewall?
A. It cannot support UDP flows.
B. It cannot ensure each TCP connection follows a legitimate
TCP three-way handshake.
C. It cannot detect application-layer attacks.
D. The status of TCP sessions is retained in the state
table after the sessions terminate.