Tips for ccna security 640-554 official cert guide

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 640-554 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/640-554-dumps.html

Cause all that matters here is passing the Cisco 640-554 exam. Cause all that you need is a high score of 640-554 Implementing Cisco IOS Network Security (IINS v2.0) exam. The only one thing you need to do is downloading Testking 640-554 exam study guides now. We will not let you down with our money-back guarantee.

2021 Aug cbt nuggets cisco ccna security 640-554:

Q51. - (Topic 9) 

On which protocol number does Encapsulating Security Payload operate? 

A. 06 

B. 47 

C. 50 

D. 51 

Answer: C 

Q52. - (Topic 3) 

Which three statements about RADIUS are true? (Choose three.) 

A. RADIUS uses TCP port 49. 

B. RADIUS uses UDP ports 1645 or 1812. 

C. RADIUS encrypts the entire packet. 

D. RADIUS encrypts only the password in the Access-Request packet. 

E. RADIUS is a Cisco proprietary technology. 

F. RADIUS is an open standard. 

Answer: B,D,F 

Q53. - (Topic 9) 

Which command verifies phase 2 of an IPsec VPN on a Cisco router? 

A. show crypto map 

B. show crypto ipsec sa 

C. show crypto isakmp sa 

D. show crypto engine connection active 

Answer: B 

Q54. - (Topic 2) 

Which option isthe correct representation of the IPv6 address 2001:0000:150C:0000:0000:41B1:45A3:041D? 

A. 2001::150c::41b1:45a3:041d 

B. 2001:0:150c:0::41b1:45a3:04d1 

C. 2001:150c::41b1:45a3::41d 

D. 2001:0:150c::41b1:45a3:41d 

Answer: D 

Explanation: 

http://www.cisco.com/web/strategy/docs/gov/IPv6_WP.pdf Address Representation The first area to address is how to represent these 128 bits. Due to the size of the numbering space, hexadecimal numbers and colons were chosen to represent IPv6 addresses. An example IPv6 address is: 2001:0DB8:130F:0000:0000:7000:0000:140B Note the following: 

.There is no case sensitivity. Lower case “a” means the same as capital “A”. 

.There are 16 bits ineach grouping between the colons. 

–8 fields * 16 bits/field = 128 bits 

There are some accepted ways to shorten the representation of the above address: 

.Leading zeroes can be omitted, so a field of zeroes can be represented by a single 0. 

.Trailing zeroes must be represented. 

.Successive fields of zeroes can be shortened down to “::”. This shorthand representation 

can only occur once in the address. 

Taking these rules into account, the address shown above can be shortened to: 

2001:0DB8:130F:0000:0000:7000:0000:140B 

2001:DB8:130F:0:0:7000:0:140B (Leading zeroes) 

2001:DB8:130F:0:0:7000:0:140B (Trailing zeroes) 

2001:DB8:130F::7000:0:140B (Successive field of zeroes) 

Q55. - (Topic 10) 

Which three statements about RADIUS are true? (Choose three.) 

A. RADIUS uses TCP port 49. 

B. RADIUS uses UDP ports 1645 or 1812. 

C. RADIUS encrypts the entire packet. 

D. RADIUS encrypts only the password in the Access-Request packet. 

E. RADIUS is a Cisco proprietary technology. 

F. RADIUS is an open standard. 

Answer: B,D,F 

Regenerate ccna security 640-554 official cert guide ebook:

Q56. - (Topic 1) 

Which two options represent a threat to the physical installation of an enterprise network? (Choose two.) 

A. surveillance camera 

B. security guards 

C. electrical power 

D. computer room access 

E. changecontrol 

Answer: C,D 

Explanation: 

http://www.cisco.com/E-Learning/bulk/public/celc/CRS/media/targets/1_3_1.swf 

Q57. - (Topic 10) 

What type of packet creates and performs network operations on a network device? 

A. control plane packets 

B. data plane packets 

C. management plane packets 

D. services plane packets 

Answer: A 

Q58. - (Topic 10) 

How does a zone-based firewall implementation handle traffic between interfaces in the same zone? 

A. Traffic between two interfaces in the same zone is allowed by default. 

B. Traffic between interfaces in the same zone is blocked unless you configure the same-security permit command. 

C. Traffic between interfaces in the same zone is always blocked. 

D. Traffic between interfaces in the same zone is blocked unless you apply a service policy to the zone pair. 

Answer: A 

Q59. - (Topic 9) 

Which option can be used to authenticate the IPsec peers during IKE Phase 1? 

A. Diffie-Hellman Nonce 

B. pre-shared key 

C. XAUTH 

D. integrity check value 

E. ACS 

F. AH 

Answer: B 

Explanation: 

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfike.html 

Encryption algorithm 56-bit DES-CBC, des, Default 56-bit DES-CBC 168-bit DES, 3des, Default 168-bit DES 

Hash algorithm SHA-1 (HMAC variant), sha, Default SHA-1 MD5 (HMAC variant), md5 

Authentication method RSA signatures, rsa-sig, Default RSA signatures RSA encrypted nonces, rsa-encr preshared keys, pre-share Diffie-Hellman group identifier 768-bit Diffie-Hellman, 1, Default 768-bit Diffie-Hellman 1024-bit Diffie-Hellman,2 Lifetime of the security association Any number of seconds, Default 86400 seconds (one day) 

Q60. - (Topic 10) 

Which two protocols can SNMP use to send messages over a secure communications channel? (Choose two.) 

A. DTLS 

B. TLS 

C. ESP 

D. AH 

E. ISAKMP 

Answer: A,B