Home > Cisco > CCNA > 640-553

640-553 Exam

IINS Implementing Cisco IOS Network Security

Exam Number/Code : 640-553
Exam Name : IINS Implementing Cisco IOS Network Security
Questions and Answers : 165 Q&As
Update Time: 2013-04-05
Price: ~~$ 119.00~~ $ 89.00
640-553 Hard Copy (PDF)
640-553 Test Engine

640-553

Free 640-553 Demo Download

Test4pass offers free demo for CCNA 640-553 exam (IINS Implementing Cisco IOS Network Security). You can check out the interface, question quality and usability of our practice exams before you decide to buy it. We are the only one site can offer demo for almost all products.

Exam Description

It is well known that 640-553 exam test is the hot exam of Cisco certification. Test4pass offer you all the Q&A of the 640-553 real test . It is the examination of the perfect combination and it will help you pass 640-553 exam at the first time!

Why choose Test4pass 640-553 braindumps

Quality and Value for the 640-553 Exam
100% Guarantee to Pass Your 640-553 Exam
Downloadable, Interactive 640-553 Testing engines
Verified Answers Researched by Industry Experts
Drag and Drop questions as experienced in the Actual Exams
Practice Test Questions accompanied by exhibits
Our Practice Test Questions are backed by our 100% MONEY BACK GUARANTEE.

Test4pass 640-553 Exam Features

Quality and Value for the 640-553 Exam

Test4pass Practice Exams for Cisco 640-553 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.

100% Guarantee to Pass Your 640-553 Exam

If you prepare for the exam using our Test4pass testing engine, we guarantee your success in the first attempt. If you do not pass the CCNA 640-553 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.

Cisco 640-553 Downloadable, Printable Exams (in PDF format)

Our Exam 640-553 Preparation Material provides you everything you will need to take your 640-553 Exam. The 640-553 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.

640-553 Downloadable, Interactive Testing engines

We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our Cisco 640-553 Exam will provide you with free 640-553 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 640-553 Exam:100% Guarantee to Pass Your CCNA exam and get your CCNA Certification.

Hot KeyWords On 640-553 test

How to pass your 640-553 exam

You can search on Search Engine and Find Best IT Certification site: Test4pass.com - Find the Method to succeed 640-553 test,The safer.easier way to get CCNA Certification .

Cisco 640-553 Exam Offical Information

This exam will be retired,Last day to test September 30, 2012

You can view Cisco 640-554 exam

��
��
Exam : Cisco 640-553
Title : IINS Implementing Cisco IOS Network Security

1. What does level 5 in the following enable secret global configuration mode command indicate?
router#enable secret level 5 password
A. The enable secret password is hashed using MD5.
B. The enable secret password is hashed using SHA.
C. The enable secret password is encrypted using Cisco proprietary level 5 encryption.
D. Set the enable secret command to privilege level 5.
E. The enable secret password is for accessing exec privilege level 5.
Answer: E

2. Which of these correctly matches the CLI command(s) to the equivalent SDM wizard that performs similar configuration functions?
A. Cisco Common Classification Policy Language configuration commands and the SDM Site-to-Site VPN wizard
B. auto secure exec command and the SDM One-Step Lockdown wizard
C. setup exec command and the SDM Security Audit wizard
D. class-maps, policy-maps, and service-policy configuration commands and the SDM IPS wizard
E. aaa configuration commands and the SDM Basic Firewall wizard
Answer: B

3. Refer to the exhibit. Which statement is correct based on the show login command output shown?
A. When the router goes into quiet mode, any host is permitted to access the router via Telnet, SSH, and HTTP, since the quiet-mode access list has not been configured.
B. The login block-for command is configured to block login hosts for 93 seconds.
C. All logins from any sources are blocked for another 193 seconds.
D. Three or more login requests have failed within the last 100 seconds.
Answer: D

4. Refer to the exhibit. Which statement about the aaa configurations is true?
A. The authentication method list used by the console port is named test.
B. The authentication method list used by the vty port is named test.
C. If the TACACS+ AAA server is not available, no users will be able to establish a Telnet session with the router.
D. If the TACACS+ AAA server is not available, console access to the router can be authenticated using the local database.
E. The local database is checked first when authenticating console and vty access to the router.
Answer: B

5. Which aaa accounting command is used to enable logging of both the start and stop records for user terminal sessions on the router?
A. aaa accounting network start-stop tacacs+
B. aaa accounting system start-stop tacacs+
C. aaa accounting exec start-stop tacacs+
D. aaa accounting connection start-stop tacacs+
E. aaa accounting commands 15 start-stop tacacs+
Answer: C

6. What are three common examples of AAA implementation on Cisco routers? (Choose three.)
A. authenticating remote users who are accessing the corporate LAN through IPSec VPN connections
B. authenticating administrator access to the router console port, auxiliary port, and vty ports
C. implementing PKI to authenticate and authorize IPsec VPN peers using digital certificates
D. tracking Cisco Netflow accounting statistics
E. securing the router by locking down all unused services
F. performing router commands authorization using TACACS+
Answer: ABF

7. Refer to the exhibit. What does the option secret 5 in the username global configuration mode command indicate about the enable secret password?
A. It is hashed using SHA.
B. It is encrypted using DH group 5.
C. It is hashed using MD5.
D. It is encrypted via the service password-encryption command.
E. It is hashed using a proprietary Cisco hashing algorithm.
F. It is encrypted using a proprietary Cisco encryption algorithm.
Answer: C

8. During role-based CLI configuration, what must be enabled before any user views can be created?
A. multiple privilege levels
B. usernames and passwords
C. aaa new-model command
D. secret password for the root user
E. HTTP and/or HTTPS server
Answer: C

9. Which access list will permit HTTP traffic sourced from host 10.1.129.100 port 3030 destined to host 192.168.1.10?
A. access-list 101 permit tcp any eq 3030
B. access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 3030 192.168.1.0 0.0.0.15 eq www
C. access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.1.10 0.0.0.0 eq www
D. access-list 101 permit tcp host 192.168.1.10 eq 80 10.1.0.0 0.0.255.255 eq 3030
E. access-list 101 permit tcp 192.168.1.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255
F. access-list 101 permit ip host 10.1.129.100 eq 3030 host 192.168.1.100 eq 80
Answer: B

10. Which four methods are used by hackers? (Choose four.)
Select 4 response(s).
A. footprint analysis attack
B. privilege escalation attack
C. buffer Unicode attack
D. front door attacks
E. social engineering attack
F. Trojan horse attack
Answer: ABEF

11. What is a result of securing the Cisco IOS image using the Cisco IOS image resilience feature?
A. The show version command will not show the Cisco IOS image file location.
B. The Cisco IOS image file will not be visible in the output from the show flash command.
C. When the router boots up, the Cisco IOS image will be loaded from a secured FTP location.
D. The running Cisco IOS image will be encrypted and then automatically backed up to the NVRAM.
E. The running Cisco IOS image will be encrypted and then automatically backed up to a TFTP server.
Answer: B

12. What are two characteristics of the SDM Security Audit wizard? (Choose two.)
A. displays a screen with Fix-it check boxes to let you choose which potential security-related configuration changes to implement
B. has two modes of operationinteractive and non-interactive
C. automatically enables Cisco IOS firewall and Cisco IOS IPS to secure the router
D. uses interactive dialogs and prompts to implement role-based CLI
E. requires users to first identify which router interfaces connect to the inside network and which connect to the outside network
Answer: AE

13. What will be disabled as a result of the no service password-recovery command?
A. changes to the config-register setting
B. ROMMON
C. password encryption service
D. aaa new-model global configuration command
E. the xmodem privilege EXEC mode command to recover the Cisco IOS image
Answer: B

14. Which characteristic is the foundation of Cisco Self-Defending Network technology?
A. secure connectivity
B. threat control and containment
C. policy management
D. secure network platform
Answer: D