★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW 640-554 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/640-554-dumps.html


Are you a great IT hunter with no a Cisco Cisco certification. Exactly why do need this certification. The particular answer is basic. You should make yourself far more competitive in the work market. Hunt any satisfied job is often a hard work in todays fierce competitive world. Hold a Cisco 640-554 certificate will be an advantage more than other candidates. Obtaining the Cisco Cisco certificate can lay a solid foundation in your case career living.

2021 Nov ccna security study guide exam 640-554:

Q121. - (Topic 10) 

What are two default Cisco IOS privilege levels? (Choose two.) 

A. 0 

B. 1 

C. 5 D. 7 

E. 10 

F. 15 

Answer: B,F 


Q122. - (Topic 10) 

Which two services define cloud networks? (Choose two.) 

A. Infrastructure as a Service 

B. Platform as a Service 

C. Security as a Service 

D. Compute as a Service 

E. Tenancy as a Service 

Answer: A,B 


Q123. - (Topic 10) 

Which tool can an attacker use to attempt a DDoS attack? 

A. botnet 

B. Trojan horse 

C. virus 

D. adware 

Answer:


Q124. - (Topic 3) 

Which two characteristics of the TACACS+ protocol are true? (Choose two.) 

A. uses UDP ports 1645 or 1812 

B. separates AAA functions 

C. encrypts the body of every packet 

D. offers extensive accounting capabilities 

E. is an open RFC standard protocol 

Answer: B,C 

Explanation: 

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml 

Packet Encryption 

RADIUS encrypts only the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted. Other information, such as username, authorized services, and accounting, can be captured by a third party. 

TACACS+ encrypts the entire body of the packet but leaves a standard TACACS+ header. 

Within the header is a field that indicates whether the body is encrypted or not. For debugging purposes, it is useful to have the body of the packets unencrypted. However, during normal operation, the body of the packet is fully encrypted for more secure communications. 

Authentication and Authorization RADIUS combines authentication andauthorization. The access-accept packets sent by the RADIUS server to the client contain authorization information. This makes it difficult to decouple authentication and authorization. 

TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS+ for authorization and accounting. For example, with TACACS+, it is possible to use Kerberos authentication and TACACS+ authorization and accounting. After a NAS authenticates on a Kerberos server,it requests authorization information from a TACACS+ server without having to re-authenticate. The NAS informs the TACACS+ server that it has successfully authenticated on a Kerberos server, and the server then provides authorization information. 

Duringa session, if additional authorization checking is needed, the access server checks with a TACACS+ server to determine if the user is granted permission to use a particular command. This provides greater control over the commands that can be executed on the access server while decoupling from the authentication mechanism. 


Q125. - (Topic 6) 

Which Layer 2 protocol provides loop resolution by managing the physical paths to given network segments? 

A. root guard 

B. port fast 

C. HSRP 

D. STP 

Answer:

Explanation: 

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_configuration_example09186a 008009467c.shtml 

Introduction Spanning Tree Protocol (STP) is a Layer 2 protocol that runs on bridges and switches. The specificationfor STP is IEEE 802.1D. The main purpose of STP is to ensure that you do not create loops when you have redundant paths in your network. Loops are deadly to a network. 


Replace ccna security 640-554 video training:

Q126. - (Topic 4) 

Which type of network masking is used when Cisco IOS access control lists are configured? 

A. extended subnet masking 

B. standard subnet masking 

C. priority masking 

D. wildcard masking 

Answer:

Explanation: 

Masks are used with IP addresses in IP ACLs to specify what should be permitted and denied. Masks in order to configure IP addresses on interfaces start with 255 and have the large values on the left side, for example, IP address 209.165.202.129 with a 

255.255.255.224 mask. Masks for IP ACLs are the reverse, for example, mask 0.0.0.255. This is sometimes called an inverse mask or a wildcard mask. When the value of the mask is broken down into binary (0s and 1s), the results determine which address bits are to be consideredin processing the traffic. A 0 indicates that the address bits must be considered (exact match); a 1 in the mask is a "don't care". 

Reference: http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html 


Q127. - (Topic 1) 

Which three items are Cisco best-practice recommendations for securing a network? (Choose three.) 

A. Routinely apply patches to operating systems and applications. 

B. Disable unneeded services and ports on hosts. 

C. Deploy HIPS software on all end-user workstations. 

D. Require strong passwords, and enable password expiration. 

Answer: A,B,D 


Q128. - (Topic 5) 

Which two considerations about secure network management are important? (Choose two.) 

A. log tampering 

B. encryption algorithm strength 

C. accurate time stamping 

D. off-site storage 

E. Use RADIUS for router commands authorization. 

F. Do not use a loopback interface for device management access. 

Answer: A,C 

Explanation: 

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/best/practices/reco 

mmendations.html 

Enable Timestamped Messages 

Enable timestamps on log messages: 

Router(config)# service timestamps log datetime localtime show-timezone msec 

Enable timestamps on system debug messages: 

Router(config)# service timestamps debug datetime localtime show-timezone msec 


Q129. - (Topic 3) 

Which option is a characteristic of the RADIUS protocol? 

A. usesTCP 

B. offers multiprotocol support 

C. combines authentication and authorization in one process 

D. supports bi-directional challenge 

Answer:

Explanation: 

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080094e99.shtml 

Authentication and Authorization RADIUS combines authentication and authorization. The access-accept packets sent by the RADIUS server to the client contain authorization information. This makes it difficult to decouple authentication and authorization. 

TACACS+ uses the AAA architecture, which separates AAA. This allows separate authentication solutions that can still use TACACS+ for authorization and accounting. For example, with TACACS+, it is possible to use Kerberos authentication and TACACS+ authorization and accounting. After a NAS authenticates on a Kerberos server, it requests authorization information from a TACACS+ server without having to re-authenticate. The NAS informs the TACACS+ server that it has successfully authenticated on a Kerberos server, and the server then provides authorization information. 

During a session, if additional authorization checking is needed, the access server checkswith a TACACS+ server to determine if the user is granted permission to use a particular command. This provides greater control over the commands that can be executed on the access server while decoupling from the authentication mechanism. 


Q130. - (Topic 10) 

Which command will block external spoofed addresses? 

A. access-list 128 deny ip 10.0.0.0 0.0.255.255 any 

B. access-list 128 deny ip 192.168.0.0 0.0.0.255 any 

C. access-list 128 deny ip 10.0.0.0 0.255.255.255 any 

D. access-list 128 deny ip 192.168.0.0 0.0.31.255 any 

Answer: