★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 640-554 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/640-554-dumps.html


Investigate the certification demands to discover precisely what is expected. For example, Cisco certification demonstrates that youve got months or years associated with operating practical experience. Using a Cisco quiz analyze manual, you can expect to commence to learn how a test-writers imagine to check out the manner in which inquiries are generally requested. Browsing This certification discussion boards may be proved to be a superb for ones 640-554 quiz getting ready. Have you got a few useful reports regarding a persons analyze, or simply a few challenges, and also a few methods? Reveal him or her while in the community. Individuals to whom time is really a account should go designed for exercising courses. It really is made for applicants who have a few days or simply a four week period pick a Cisco quiz.The easiest method to receive the abilities you would like will be to bring internet perform assessments designed for Cisco quiz. That permits you to work if you have time (so long as you dont put a persons researching away). Cisco source internet sites keep you up-to-date with the most recent announcement information and facts regarding the goings about while in the it entire world. Stop by that commonly.

2021 Nov ccna security 640-554 video training:

Q161. - (Topic 7) 

Which type of firewall technology is considered the versatile and commonly used firewall technology? 

A. static packet filter firewall 

B. application layer firewall 

C. stateful packet filter firewall 

D. proxy firewall 

E. adaptive layer firewall 

Answer:

Explanation: 

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/ 

product_implementation_design_guide09186a00800fd670.html 

Cisco IOS Firewall includes multiple security features: 

.Cisco IOS Firewall statefulpacket inspection provides true firewall capabilities to protect networks against unauthorized traffic and control legitimate business-critical data. 

.Authentication proxy controls access to hosts or networks based on user credentials stored in an authentication, authorization, and accounting (AAA) server. 

.Multi-VRF firewall offers firewall services on virtual routers with virtual routing and forwarding (VRF), accommodating overlapping address space to provide multiple isolated private route spaces witha full range of security services. 

.Transparent firewall adds stateful inspection without time-consuming, disruptive IP addressing modifications. . Application inspection controls application activity to provide granular policy enforcement of applicationusage, protecting legitimate application protocols from rogue applications and malicious activity. 


Q162. - (Topic 10) 

You want to allow all of your company's users to access the Internet without allowing other Web servers to collect the IP addresses of individual users. What two solutions can you use? (Choose two). 

A. Configure a proxy server to hide users' local IP addresses. 

B. Assign unique IP addresses to all users. 

C. Assign the same IP address to all users. 

D. Install a Web content filter to hide users' local IP addresses. 

E. Configure a firewall to use Port Address Translation. 

Answer: A,E 


Q163. - (Topic 10) 

Which statement about personal firewalls is true? 

A. They can protect a system by denying probing requests. 

B. They are resilient against kernel attacks. 

C. They can protect email messages and private documents in a similar way to a VPN. 

D. They can protect the network against attacks. 

Answer:


Q164. - (Topic 7) 

Which two options are advantages of an application layer firewall? (Choose two.) 

A. provides high-performance filtering 

B. makes DoS attacks difficult 

C. supports a large number of applications 

D. authenticates devices 

E. authenticates individuals 

Answer: B,E 

Explanation: 

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_white_p aper0900aecd8058ec85.html 

Adding Intrusion Prevention Gartner's definition of a next-generation firewall is one that combines firewall filtering and intrusion prevention systems (IPSs). Like firewalls, IPSs filter packets in real time. But instead of filtering based on user profiles and application policies, they scan for known malicious patterns in incoming code, called signatures. These signatures indicate the presence of malware, such as worms, Trojan horses, and spyware. 

Malware can overwhelm server and network resources and cause denial of service (DoS) to internal employees, external Web users, or both. By filtering for known malicious signatures, IPSs add an extra layer of security to firewall capabilities; once the malware is detected by the IPS, the system will block it from the network. Firewalls provide the first line of defense in any organization's network security infrastructure. They do so by matching corporate policies about users' network access rights to the connection information surrounding each access attempt. If the variables don't match, the firewall blocks the access connection. If the variables do match, the firewall allows the acceptable traffic to flow through the network. 

In this way, the firewall forms the basic building block of an organization's network security architecture. It pays to use one with superior performance to maximize network uptime for business-critical operations. The reason is that the rapid addition of voice, video, and collaborative traffic to corporate networks is driving the need for firewall engines that operate at very high speeds and that also support application-level inspection. While standard Layer 2 and Layer 3 firewalls prevent unauthorized access to internal and external networks, firewalls enhanced with application-level inspection examine, identify, and verify application types at Layer 7 to make sure unwanted or misbehaving application traffic doesn't join the network. With these capabilities, the firewall can enforce endpoint user registration and authentication and provide administrative control over the use of multimedia applications. 


Q165. CORRECT TEXT - (Topic 6) 

Answer: Switch1>enable 

Switch1#config t Switch1(config)#interface fa0/12 Switch1(config-if)#switchport mode access Switch1(config-if)#switchport port-security maximum 2 Switch1(config-if)#switchport port-security violation shutdown Switch1(config-if)#no shut Switch1(config-if)#end Switch1#copy run start 


Avant-garde cbt nuggets ccna security 640-554:

Q166. - (Topic 10) 

In a security context, which action can you take to address compliance? 

A. Implement rules to prevent a vulnerability. 

B. Correct or counteract a vulnerability. 

C. Reduce the severity of a vulnerability. 

D. Follow directions from the security appliance manufacturer to remediate a vulnerability. 

Answer:


Q167. - (Topic 7) 

Which kind of table do most firewalls use today to keep track of the connections through the firewall? 

A. dynamic ACL 

B. reflexive ACL 

C. netflow 

D. queuing 

E. state 

F. express forwarding 

Answer:

Explanation: 

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/intro.html 

Stateful Inspection Overview All traffic that goes through the ASA is inspected using the Adaptive Security Algorithm and either allowed through or dropped. A simple packet filter can check for the correct sourceaddress, destination address, and ports, but it does not check that the packet sequence or flags are correct. A filter also checks every packet against the filter, which can be a slow process. 

A stateful firewall like the ASA, however, takes into consideration the state of a packet: 

.Is this a new connection? If it is a new connection, the ASA has to check the packet against access lists and perform other tasks to determine if the packet is allowed or denied. To perform this check, the first packet of the session goes through the "session management path," and depending on the type of traffic, it might also pass through the "control plane path." The session management path is responsible for the following tasks: –Performing the access list checks –Performing route lookups –Allocating NAT translations (xlates) –Establishing sessions in the "fast path" The ASA creates forward and reverse flows in the fast path for TCP traffic; the ASA also creates connection state information for connectionless protocols like UDP, ICMP (when you enable ICMP inspection), so that they can also use the fast path. Some packets that require Layer 7 inspection (the packet payload must be inspected or altered) are passed on to the control plane path. Layer 7 inspection engines are required for protocols that have two or more channels: Adata channel, which uses well-known port numbers, and a control channel, which uses different port numbers for each session. These protocols include FTP, H.323, and SNMP. 

.Is this an established connection? If the connection is already established, the ASA does not need to re-check packets; most matching packets can go through the "fast" path in both directions. The fast path is responsible for the following tasks: –IP checksum verification –Session lookup –TCP sequence number check –NAT translations basedon existing sessions –Layer 3 and Layer 4 header adjustments Data packets for protocols that require Layer 7 inspection can also go through the fast path. Some established session packets must continue to go through the session management path or the control plane path. Packets that go through the session management path include HTTP packets that require inspection or content filtering. Packets that go through the control plane path include the control packets for protocols that require Layer 7 inspection. 


Q168. - (Topic 3) 

Which three options are common examples of AAA implementation on Cisco routers? (Choose three.) 

A. authenticating remote users who are accessing the corporate LAN through IPsec VPN connections 

B. authenticating administrator access to the router console port, auxiliary port, and vty ports 

C. implementing PKI to authenticate and authorize IPsec VPN peers using digital certificates 

D. tracking Cisco NetFlow accounting statistics 

E. securing the router by locking down all unused services 

F. performing router commands authorization using TACACS+ 

Answer: A,B,F 

Explanation: 

http://www.cisco.com/en/US/products/ps6638/products_data_sheet09186a00804fe332.htm 

Need for AAA Services Security for user access to the network and the ability to dynamically define a user's profile to gain access to network resources has a legacy dating backto asynchronous dial access. AAA network security services provide the primary framework through which a network administrator can set up access control on network points of entry or network access servers, which is usually the function of a router or access server. 

Authentication identifies a user; authorization determines what that user can do; and accounting monitors the network usage time for billing purposes. AAA information is typically stored in an external database or remote server such as RADIUSor TACACS+. The information can also be stored locally on the access server or router. Remote security servers, such as RADIUS and TACACS+, assign users specific privileges by associating attribute-value (AV) pairs, which define the access rights with theappropriate user. All authorization methods must be defined through AAA. 


Q169. DRAG DROP - (Topic 2) 

Answer: 


Q170. - (Topic 10) 

In what type of attack does an attacker virtually change a device's burned-in address in an attempt to circumvent access lists and mask the device's true identity? 

A. gratuitous ARP 

B. ARP poisoning 

C. IP spoofing 

D. MAC spoofing 

Answer: