Cisco 640-553 IINS Implementing Cisco IOS Network Security 41-45

Ensurepass QUESTION d1 Which type of intrusion prevention technology will be primarily used by the Cisco IPS security appliances? A. rule-based B. protocol analysis-based C. signature-based D. profile-based Answer: C Section: IOS Security Explanation/Reference: QUESTION 42 What will be enabled by the scanning technology-The Dynamic Vector Streaming (DVS)? A. Firmware-level virus detection B. Layer 4 virus detection C. Signature-based spyware filtering D. Signature-based virus filtering Answer: Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 36-40

Ensurepass QUESTION d6 Which kind of table will be used by most firewalls today to keep track of the connections through the firewall? A. queuing B. netflow C. dynamic ACL D. reflexive ACL E. state Answer: E Section: IOS Security Explanation/Reference: The “State” table keeps track of all connection information for traffic flows through the firewall. The state table holds info from the headers, including source/destination IP’s (layer 3) and port information (layer 4). It particularly takes Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 31-35

Ensurepass QUESTION d1 If you click the Configure button along the top of Cisco SDM’s graphical interface,which Tasks button permits you to configure such features as SSH, NTP, SNMP, and syslog? A. Additional Tasks B. Security Audit C. Intrusion Prevention D. Interfaces and Connections Answer: A Section: SDM Explanation/Reference: QUESTION 32 Which item is correct regarding Cisco IOS IPS on Cisco IOS Release 12.4(11)T and later ? A. uses Cisco IPS 5.x signature format B. supports SDEE, SYSLOG, Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 26-30

Ensurepass QUESTION d6 What are four methods used by hackers? (Choose four.) A. social engineering attack B. Trojan horse attack C. front door attacks D. buffer Unicode attack E. privilege escalation attack F. footprint analysis attack Answer: ABEF Section: Security Explanation/Reference: QUESTION 27 Information about a managed device’s resources and activity is defined by a series of objects. What defines the structure of these management objects? A. FIB B. LDAP C. CEF D. MIB Answer: Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 21-25

Ensurepass QUESTION d1 What is the objective of the aaa authentication login console-in local command? A. It specifies the login authorization method list named console-in using the local RADIUS username- password database. B. It specifies the login authorization method list named console-in using the local username-password database on the router. C. It specifies the login authentication method list named console-in using the local user database on the router. D. It specifies the login authentication Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 16-20

Ensurepass QUESTION 16 How does CLI view differ from a privilege level? A. A CLI view supports only commands configured for that specific view, whereas a privilege level supports commands available to that level and all the lower levels. B. A CLI view supports only monitoring commands, whereas a privilege level allows a user to make changes to an IOS configuration. C. A CLI view and a privilege level perform the same function. However, a CLI view is used on a Catalyst switch, whereas a privilege Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 156-160

Ensurepass QUESTION 156 Drag two characteristics of the SDM Security Audit wizard on the above to the list on the below. requircs uscrs 10 Ii’st identify which routcr intcrfaccon ncct to thc insidc nctwork IInd which conncct to thc outsidc nctwork bas two lodcs of opcrationnteractive a.od non-jntcractive uscs iotcractive dialogs and prompts to implemcot role-based CLl automatically cnables Cisco 108 lircwall and C i sco 108 1 1’8 to sccurc thc routcr dis pJays a screen with Fix-it check boxes Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 151-155

Ensurepass QUESTION dd1 Which statement best describes the relationships between AAA function and TACACS+, RADIUS based on the exhibit shown? A. TACACS+ – PG1 and PG3 RADIUS – PG2 and PG4 B. TACACS+ – PG2 and PG4 RADIUS – PG1 and PG3 C. TACACS+ – PG1 and PG4 RADIUS – PG2 and PG3 D. TACACS+ – PG2 and PG3 RADIUS – PG1 and PG4 Answer: B Section: IOS Security Explanation/Reference: QUESTION 152 Which item is the correct matching relationships associated with IKE Phase? A. IKE Phase 1 – PG1 and Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 146-150

Ensurepass QUESTION dd6 LAB You are the passguide network security administrator for Big Money BankCo. You are informed that an attacker has performed a CAM table overflow attack by sending spoofed MAC addresses on one of the switch ports. The attacker has since been identified and escorted out of the campus. You now need to take action to configure the swtich port to protect against this kind of attack in the future. For purposes of this test, the attacker was connected via a hub to the Fa0/12 Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 11-15

Ensurepass QUESTION 11 Which is the main difference between host-based and network-based intrusion prevention? A. Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows. B. Host-based IPS can work in promiscuous mode or inline mode. C. Network-based IPS can provide protection to desktops and servers without the need of installing specialized software on the end hosts and servers. D. Host-based IPS deployment requires less planning than network-based IPS. Answer: Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 141-145

Ensurepass QUESTION dd1 Drag & Drop Answer: Section: Drag and Drop Explanation/Reference: QUESTION 142 Scenario: Next Gen University main campus is located in Santa Cruz. The University has recently establisheci various remote campuses offening -lerning services. The UnverIty is using IPec VPN connectivity between its main and remote campus Phoenix (PHX), Newadla (ND). Sacremento (SAC). As a recent addition to The IT/Networking team. You have beeni tasked to document the IPsec VPN configurations Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 135-140

Ensurepass QUESTION dd6 On the basis ofthe Cisco 10S Zone-Based Policy Firewallby defaultwhich three types of traffic are permitted by the router when some interfaces of the routers are assigned to a zone? Drag three proper characterizations on the above to the list on the below traflic nOwi l1g to tbc zon e mem bcr i l1terface t hat is rct urn cd trllfl?c traffic nowing among the interfaces thM are memhers of t’he same zone traffic f10wing among thc intcrfaccs thM arc not assign cd to uny :wn Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 131-135

Ensurepass QUESTION dd1 What method does 3DES use to encrypt plain text? A. 3DES-EDE B. EDE-3DES C. 3DES-AES D. AES-3DES Answer: A Section: Cryptography Explanation/Reference: QUESTION 132 Which of the following is not considered a trustworthy symmetric encryption algorithm? A. 3DES B. IDEA C. EDE D. AES Answer: C Section: Cryptography Explanation/Reference: QUESTION 133 On the basis of the description of SSL-based VPN, place the correct descriptions in the proper locations. Answer: Section: Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 126-130

Ensurepass QUESTION dd6 Which two statements are true about the differences between IDS and IPS? (Choose two.) A. IPS operates in promiscuous mode. B. IPS receives a copy of the traffic to be analyzed. C. IPS operates in inline mode. D. IDS receives a copy of the traffic to be analyzed. Answer: CD Section: Security Explanation/Reference: QUESTION 127 What form of attack are all algorithms susceptible to? A. Meet-in-the-middle B. Spoofing C. Stream cipher D. Brute-force Answer: D Section: Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 121-125

Ensurepass QUESTION dd1 Which option is true of intrusion prevention systems? A. they operate in promiscuous mode B. they operate in inline mode C. they have no potential impact on the data segment being monitored D. they are more vulnerable to evasion techniques than IDS Answer: B Section: Security Explanation/Reference: QUESTION 122 Which statement is true when using zone-based firewalls on a Cisco router? A. policies are applied to traffic moving between zones, not between interfaces B. Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 116-120

Ensurepass QUESTION dd6 Which of these options is a Cisco IOS feature that lets you more easily configure security features on your router? A. cisco self-defending network B. implementing AAA command authorization C. the auto secure CLI command D. performing a security audit via SDM Answer: C Section: IOS Security Explanation/Reference: QUESTION 117 Which three of these options are some of the best practices when you implement an effective firewall security policy? (choose three) A. position Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 111-115

Ensurepass QUESTION dd1 Which option is a key principal of the Cisco Self-Defending Network strategy? A. security is static and should prevent most know attack on the network B. the self-defending network should be the key point of your security policy C. integrate security throughout the existing infracture D. upper management is ultimately responsible for policy implementation Answer: C Section: Security Explanation/Reference: QUESTION 112 Which three option are areas of router security? A. Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 106-110

Ensurepass QUESTION dd6 Network security aims to provide which three key services? (choose three) A. data integrity B. data strategy C. data & system availability D. data mining E. data storage F. data confidentiality Answer: ACF Section: Security Explanation/Reference: QUESTION 107 Which option is the term for a weakness in a system or its design that can be exploited by a threat A. a vulnerability B. a risk C. an exploit D. an attack E. a joke Answer: A Section: Security Explanation/Reference: QUESTION Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 101-105

Ensurepass QUESTION dd1 When configuring Cisco IOS Zone-Based Policy Firewall, what are the three actions that can be applied to a traffic class? (Choose three.) A. Pass B. Police C. Inspect D. Drop E. Queue F. Shape Answer: ACD Section: IOS Security Explanation/Reference: Reference: Chapter 10, page 371. Section “Zone Membership Rules” QUESTION 102 Which three statements about applying access control lists to a Cisco router are true? (Choose three.) A. Place more specific ACL entries at Read more […]

Continue reading


Cisco 640-553 IINS Implementing Cisco IOS Network Security 96-100

Ensurepass QUESTION d6 Which Public Key Cryptographic Standards (PKCS) defines the syntax for encrypted messages and messages with digital signatures? A. PKCS #12 B. PKCS #10 C. PKCS #8 D. PKCS #7 Answer: D Section: Cryptography Explanation/Reference: QUESTION 97 For the following items, which one acts as a VPN termination device and is located at a primary network location? A. Headend VPN device B. Tunnel C. Broadband service D. VPN access device Answer: A Section: VPNs Explanation/Reference: QUESTION Read more […]

Continue reading