CCNA Security 640-554 Practice Test (76-80)

EnsurepassQUESTION NO: 76 Which three statements about the Cisco ASA appliance are true? (Choose three.) A. The DMZ interface(s) on the Cisco ASA appliance most typically use a security level between 1 and 99. B. The Cisco ASA appliance supports Active/Active or Active/Standby failover. C. The Cisco ASA appliance has no default MPF configurations. D. The Cisco ASA appliance uses security contexts to virtually partition the ASA into multiple virtual firewalls. E. The Cisco ASA appliance supports user-based Read more […]

Continue reading


CCNA Security 640-554 Practice Test (71-75)

EnsurepassQUESTION NO: 71 Which Cisco IPS product offers an inline, deep-packet inspection feature that is available in integrated services routers? A. Cisco iSDM B. Cisco AIM C. Cisco IOS IPS D. Cisco AIP-SSM Answer: C   QUESTION NO: 72 Which three modes of access can be delivered by SSL VPN? (Choose three.) A. full tunnel client B. IPsec SSL C. TLS transport mode D. thin client E. clientless F. TLS tunnel mode Answer: A,D,E QUESTION NO: 73 During role-based CLI configuration, what must Read more […]

Continue reading


CCNA Security 640-554 Practice Test (66-70)

EnsurepassQUESTION NO: 66 In which type of Layer 2 attack does an attacker broadcast BDPUs with a lower switch priority? A. MAC spoofing attack B. CAM overflow attack C. VLAN hopping attack D. STP attack Answer: D   QUESTION NO: 67 Which security measure must you take for native VLANs on a trunk port? A. Native VLANs for trunk ports should never be used anywhere else on the switch. B. The native VLAN for trunk ports should be VLAN 1. C. Native VLANs for trunk ports should match access VLANs Read more […]

Continue reading


CCNA Security 640-554 Practice Test (56-60)

EnsurepassQUESTION NO: 61 Which option represents a step that should be taken when a security policy is developed? A. Perform penetration testing. B. Determine device risk scores. C. Implement a security monitoring system. D. Perform quantitative risk analysis. Answer: D   QUESTION NO: 62 Which type of network masking is used when Cisco IOS access control lists are configured? A. extended subnet masking B. standard subnet masking C. priority masking D. wildcard masking Answer: D QUESTION Read more […]

Continue reading


CCNA Security 640-554 Practice Test (51-55)

EnsurepassQUESTION NO: 51  Which statement about asymmetric encryption algorithms is true?  A. They use the same key for encryption and decryption of data.  B. They use the same key for decryption but different keys for encryption of data.  C. They use different keys for encryption and decryption of data.  D. They use different keys for decryption but the same key for encryption of data.  Answer: C   QUESTION NO: 52  Which option can be used to authenticate the IPsec peers during IKE Read more […]

Continue reading


CCNA Security 640-554 Practice Test (46-50)

EnsurepassQUESTION NO: 46 Which two options are characteristics of the Cisco Configuration Professional Security Audit wizard? (Choose two.) A. displays a screen with fix-it check boxes to let you choose which potential security-related configuration changes to implement B. has two modes of operation: interactive and non-interactive C. automatically enables Cisco IOS firewall and Cisco IOS IPS to secure the router D. uses interactive dialogs and prompts to implement role-based CLI E. requires users Read more […]

Continue reading


CCNA Security 640-554 Practice Test (41-45)

EnsurepassQUESTION NO: 41  Which IPS technique commonly is used to improve accuracy and context awareness, aiming to detect and respond to relevant incidents only and therefore, reduce noise?  A. attack relevancy  B. target asset value  C. signature accuracy  D. risk rating  Answer: D   QUESTION NO: 42  Which two statements about SSL-based VPNs are true? (Choose two.)  A. Asymmetric algorithms are used for authentication and key exchange.  B. SSL VPNs and IPsec VPNs cannot be configured Read more […]

Continue reading


CCNA Security 640-554 Practice Test (36-40)

EnsurepassQUESTION NO: 36  Which two functions are required for IPsec operation? (Choose two.)  A. using SHA for encryption  B. using PKI for pre-shared key authentication  C. using IKE to negotiate the SA  D. using AH protocols for encryption and authentication  E. using Diffie-Hellman to establish a shared-secret key  Answer: C,E   QUESTION NO: 37  On Cisco ISR routers, for what purpose is the realm-cisco.pub public encryption key used?  A. used for SSH server/client authentication Read more […]

Continue reading


CCNA Security 640-554 Practice Test (31-35)

EnsurepassQUESTION NO: 31  Which two options are advantages of an application layer firewall? (Choose two.)  A. provides high-performance filtering  B. makes DoS attacks difficult  C. supports a large number of applications  D. authenticates devices  E. authenticates individuals  Answer: B,E   QUESTION NO: 32  Refer to the exhibit.  Using a stateful packet firewall and given an inside ACL entry of permit ip 192.16.1.0 0.0.0.255 any, what would be the resulting dynamically configured Read more […]

Continue reading


CCNA Security 640-554 Practice Test (26-30)

EnsurepassQUESTION NO: 26  Which statement about PVLAN Edge is true?  A. PVLAN Edge can be configured to restrict the number of MAC addresses that appear on a single port.  B. The switch does not forward any traffic from one protected port to any other protected port.  C. By default, when a port policy error occurs, the switchport shuts down.  D. The switch only forwards traffic to ports within the same VLAN Edge.  Answer: B   QUESTION NO: 27  If you are implementing VLAN trunking, Read more […]

Continue reading


CCNA Security 640-554 Practice Test (21-25)

EnsurepassQUESTION NO: 21  Which router management feature provides for the ability to configure multiple administrative views?  A. role-based CLI  B. virtual routing and forwarding  C. secure config privilege {level}  D. parser view view name  Answer: A   QUESTION NO: 22  You suspect that an attacker in your network has configured a rogue Layer 2 device to intercept traffic from multiple VLANs, which allows the attacker to capture potentially sensitive data.  Which two methods will Read more […]

Continue reading


CCNA Security 640-554 Practice Test (16-20)

EnsurepassQUESTION NO: 16  Which statement about an access control list that is applied to a router interface is true?  A. It only filters traffic that passes through the router.  B. It filters pass-through and router-generated traffic.  C. An empty ACL blocks all traffic.  D. It filters traffic in the inbound and outbound directions.  Answer: A   QUESTION NO: 17  You have been tasked by your manager to implement syslog in your network. Which option is an important factor to consider Read more […]

Continue reading


CCNA Security 640-554 Practice Test (11-15)

EnsurepassQUESTION NO: 11  Which two characteristics of the TACACS+ protocol are true? (Choose two.)  A. uses UDP ports 1645 or 1812  B. separates AAA functions  C. encrypts the body of every packet  D. offers extensive accounting capabilities  E. is an open RFC standard protocol  Answer: B,C   QUESTION NO: 12  Refer to the exhibit.  Which statement about this output is true?  A. The user logged into the router with the incorrect username and password.  B. The login failed because Read more […]

Continue reading


CCNA Security 640-554 Practice Test (6-10)

EnsurepassQUESTION NO: 6  What does level 5 in this enable secret global configuration mode command indicate?  A. router#enable secret level 5 password  B. The enable secret password is hashed using MD5.  C. The enable secret password is hashed using SHA.  D. The enable secret password is encrypted using Cisco proprietary level 5 encryption.  E. Set the enable secret command to privilege level 5.  F. The enable secret password is for accessing exec privilege level 5.  Answer: E   QUESTION Read more […]

Continue reading


CCNA Security 640-554 Practice Test (1-5)

EnsurepassQUESTION NO: 1 Which two features are supported by Cisco IronPort Security Gateway? (Choose two.) A. spam protection B. outbreak intelligence C. HTTP and HTTPS scanning D. email encryption E. DDoS protection Answer: A,D   QUESTION NO: 2 Which option is a feature of Cisco ScanSafe technology? A. spam protection B. consistent cloud-based policy C. DDoS protection D. RSA Email DLP Answer: B QUESTION NO: 3 Which two characteristics represent a blended threat? (Choose two.) A. man-in-the-middle Read more […]

Continue reading