Exam Number/Code: 640-554
Exam name: Implementing Cisco IOS Network Security (IINS v2.0)
308 questions with full explanations
Free Today! Guaranteed Training- Pass 640-554 Exam.
640-554 Exam Questions and Answers (2016 Updated):
Qustion No. 1
– (Topic 6)
What is the best way to prevent a VLAN hopping attack?
A. Encapsulate trunk ports with IEEE 802.1Q.
B. Physically secure data closets.
C. Disable DTP negotiations.
D. Enable BDPU guard.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008 013159f.shtml 802.1Q and ISL Tagging Attack Tagging attacks are malicious schemes that allow a user on a VLAN to get unauthorized access to another VLAN. For example, if a switch port were configured as DTP auto and were to receive a fake DTP packet, it might become a trunk port and it might start accepting traffic destined for any VLAN. Therefore, a malicious user could start communicating with other VLANs through that compromised port. Sometimes, even when simply receiving regular packets, a switch port may behave like a full-fledged trunk port (for example, accept packets for VLANs different from the native), even if it is not supposed to. This is commonly referred to as "VLAN leaking" (see  for a report on a similar issue).
Qustion No. 2
– (Topic 2)
Which two options are two of the built-in features of IPv6? (Choose two.)
B. native IPsec C. controlled broadcasts
D. mobile IP
IPv6 IPsec Site-to-Site Protection UsingVirtual Tunnel Interface The IPv6 IPsec feature provides IPv6 crypto site-to-site protection of all types of IPv6 unicast and multicast traffic using native IPsec IPv6 encapsulation. The IPsec virtual tunnel interface (VTI) feature provides this function,using IKE as the management protocol. An IPsec VTI supports native IPsec tunneling and includes most of the properties of a physical interface. The IPsec VTI alleviates the need to apply crypto maps to multiple interfaces and provides a routable interface.
The IPsec VTI allows IPv6 routers to work as security gateways, establish IPsec tunnels between other security gateway routers, and provide crypto IPsec protection for traffic from internal network when being transmitting across the public IPv6 Internet. http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-mobile.html
Mobile IPv6 Overview Mobile IPv4 provides an IPv4 node with the ability to retain the same IPv4 address and maintain uninterrupted network and application connectivity while traveling across networks. In Mobile IPv6, the IPv6 address space enables Mobile IP deployment in any kind of large environment. No foreign agent is needed to use Mobile IPv6.
System infrastructures do not need an upgrade to accept Mobile IPv6 nodes. IPv6 autoconfiguration simplifies mobile node (MN) Care of Address (CoA) assignment. Mobile IPv6 benefits from the IPv6 protocol itself; for example, Mobile IPv6 uses IPv6 option headers (routing, destination, and mobility) and benefits from the use of neighbor discovery. Mobile IPv6 provides optimized routing, which helps avoid triangular routing. Mobile IPv6 nodes work transparently even with nodesthat do not support mobility (although these nodes do not have route optimization). Mobile IPv6 is fully backward-compatible with existing IPv6 specifications. Therefore, any existing host that does not understand the new mobile messages will send an errormessage, and communications with the mobile node will be able to continue, albeit without the direct routing optimization.
Qustion No. 3
– (Topic 9)
Which two options are symmetric-key algorithms that are recommended by Cisco? (Choose two.)
B. Advanced Encryption Standard
D. Triple Data Encryption Standard
QUESTIONNO: 23 Which technology provides an automated digital certificate management system for use with IPsec?
B. public key infrastructure
C. Digital Signature Algorithm
D. Internet Key Exchange
Qustion No. 4
– (Topic 2)
Which two options are characteristics of the Cisco Configuration Professional Security Audit wizard? (Choose two.)
A. displays a screen with fix-it check boxes to let you choose which potential security-related configuration changes to implement
B. has two modes of operation: interactive and non-interactive
C. automatically enables Cisco IOS firewall and Cisco IOS IPS to secure the router
D. uses interactive dialogs and prompts to implement role-based CLI
E. requires users to first identify which router interfaces connect to the inside network and which connect to the outside network
Perform Security Audit
This option starts the Security Audit wizard. The Security Audit wizard tests your router configuration to determine if any potential security problems exist in the configuration, and then presents you with a screen that lets you determine which of those security problems you want tofix. Once determined, the Security Audit wizard will make the necessary changes to the router configuration to fix those problems
To have Cisco CP perform a security audit and then fix the problems it has found:
In the Feature bar, select Configure > Security > Security Audit.
Click Perform Security Audit.
The Welcome page of the Security Audit wizard appears.
The Security Audit Interface Configuration page appears.
The Security Audit wizard needs to know which of your router interfaces connect to your inside network and which connect outside of your network. For each interface listed, check either the Inside or Outside check box to indicate where the interface connects.
Click Next> .
The Security Audit wizard tests your router configuration to determine which possible security problems may exist. A screen showing the progress of this action appears, listing all of the configuration options being tested for, and whether or not the current router configuration passes those tests. If you want to save this report to a file, click Save Report.
The Security Audit Report Card screen appears, showing a list of possible security problems.
Check the Fix it boxes next to any problems that you want Cisco Configuration Professional (Cisco CP) to fix.
For a description of the problem and a list of the Cisco IOS commands that will be added to your configuration, click the problem description to display a help page about that problem.
The Security Audit wizard may display one or more screens requiring you to enter information to fix certain problems. Enter the information as required and click Next> for each of those screens.
The Summarypage of the wizard shows a list of all the configuration changes that Security
Audit will make.
Click Finish to deliver those changes to your router.
Qustion No. 5
– (Topic 10)
Which three statements about access lists are true? (Choose three.)
A. Extended access lists should be placed as near as possible to the destination.
B. Extended access lists should be placed as near as possible to the source.
C. Standard access lists should be placed as near as possible to the destination.
D. Standard access lists should be placed as near as possible to the source.
E. Standard access lists filter on the source address.
F. Standard access lists filter on the destination address.
External 640-554 vce links
640-554 vce rapidshare.net
640-554 Pearsonvue Scheduled Home:
640-554 Dumps exambibl.com