cisco.actualtests.640-554.v2015-10-20.by.daniele · pdf filemitigate spoofing attacks acls...

640-554

Number: 000-004Passing Score: 895Time Limit: 30 minFile Version: 4.0

http://www.gratisexam.com/

640-554

Implementing Cisco IOS Network Security

Exam A

QUESTION 1What features can protect the data plane? (Choose three.)

A. policingB. ACLsC. IPSD. antispoofingE. QoSF. DHCP-snooping

Correct Answer: BDFSection: (none)Explanation

Explanation/Reference:Data Plane SecurityData plane security can be implemented using the following features:Access control listsAccess control lists (ACLs) perform packet filtering to control which packets move through the network and where.AntispoofingACLs can be used as an antispoofing mechanism that discards traffic that has an invalid source address.Layer 2 security featuresCisco Catalyst switches have integrated features to help secure the Layer 2 infrastructure.ACLsACLs are used to secure the data plane in a variety of ways, including the following:Block unwanted traffic or usersACLs can filter incoming or outgoing packets on an interface, controlling access based on source addresses, destination addresses, or user authentication.Reduce the chance of DoS attacksACLs can be used to specify whether traffic from hosts, networks, or users can access the network. The TCP intercept feature can also be configured to preventservers from being flooded with requests for a connection.Mitigate spoofing attacksACLs enable security practitioners to implement recommended practices to mitigate spoofing attacks.Provide bandwidth controlACLs on a slow link can prevent excess traffic.Classify traffic to protect other planes

ACLs can be applied on vty lines (management plane).ACLs can control routing updates being sent, received, or redistributed (control plane).AntispoofingImplementing the IETF best current practice 38 (BCP38) and RFC 2827 ingress traffic filtering renders the use of invalid source IP addresses ineffective, forcingattacks to be initiated from valid, reachable IP addresses which could be traced to the originator of an attack.Features such as Unicast Reverse Path Forwarding (uRPF) can be used to complement the antispoofing strategy.Layer 2 Data Plane ProtectionThe following are Layer 2 security tools integrated into the Cisco Catalyst switches:Port securityPrevents MAC address spoofing and MAC address flooding attacksDHCP snoopingPrevents client attacks on the Dynamic Host Configuration Protocol (DHCP) server and switchDynamic ARP inspection (DAI)Adds security to ARP by using the DHCP snooping table to minimize the impact of ARP poisoning and spoofing attacksIP source guardPrevents IP spoofing addresses by using the DHCP snooping table

QUESTION 2How many crypto map sets can you apply to a router interface

A. 3B. 2C. 4D. 1

Correct Answer: DSection: (none)Explanation

Explanation/Reference:

QUESTION 3What is the transition order of STP states on a Layer 2 switch interface?

A. listening, learning, blocking, forwarding, disabledB. listening, blocking, learning, forwarding, disabledC. blocking, listening, learning, forwarding, disabled

D. forwarding, listening, learning, blocking, disabled

Correct Answer: CSection: (none)Explanation

Explanation/Reference:The ports on a switch with enabled Spanning Tree Protocol (STP) are in one of the following five port states.• Blocking• Listening• Learning• Forwarding• DisabledA switch does not enter any of these port states immediately except the blocking state. When the Spanning Tree Protocol (STP) is enabled, every switch in thenetwork starts in the blocking state and later changes to the listening and learning states.Blocking StateThe Switch Ports will go into a blocking state at the time of election process, when a switch receives a BPDU on a port that indicates a better path to the RootSwitch (Root Bridge), and if a port is not a Root Port or a Designated Port. A port in the blocking state does not participate in frame forwarding and also discards frames received from the attached network segment. During blocking state,the port is only listening to and processing BPDUs on its interfaces. After 20 seconds, the switch port changes from the blocking state to the listening state.Listening StateAfter blocking state, a Root Port or a Designated Port will move to a listening state. All other ports will remain in a blocked state. During the listening state the portdiscards frames received from the attached network segment and it also discards frames switched from another port for forwarding. At this state, the port receives BPDUs from the network segment and directs them to the switch system module for processing. After 15 seconds, the switch port moves from the listening state tothe learning state.Learning StateA port changes to learning state after listening state. During the learning state, the port is listening for and processing BPDUs . In the listening state, the port beginsto process user frames and start updating the MAC address table. But the user frames are not forwarded to the destination. After 15 seconds, the switch portmoves from the learning state to the forwarding state.Forwarding StateA port in the forwarding state forwards frames across the attached network segment. In a forwarding state, the port will process BPDUs , update its MAC Addresstable with frames that it receives, and forward user traffic through the port. Forwarding State is the normal state. Data and configuration messages are passedthrough the port, when it is in forwarding state.

Disabled StateA port in the disabled state does not participate in frame forwarding or the operation of STP because a port in the disabled state is considered non-operational.

QUESTION 4Which sensor mode can deny attackers inline?

A. IPSB. fail-closeC. IDSD. fail-open

Correct Answer: ASection: (none)Explanation



QUESTION 5Which options are filtering options used to display SDEE message types?

A. stopB. noneC. errorD. all

Correct Answer: CDSection: (none)Explanation

Explanation/Reference:Options are All, Error, Status, and Alerts

QUESTION 6When a company puts a security policy in place, what is the effect on the company’s business?

A. Minimizing riskB. Minimizing total cost of ownershipC. Minimizing liabilityD. Maximizing compliance



QUESTION 7Which wildcard mask is associated with a subnet mask of /27?

A. 0.0.0.31B. 0.0.0.27C. 0.0.0.224D. 0.0.0.255



QUESTION 8Which statements about reflexive access lists are true?

A. Reflexive access lists create a permanent ACEB. Reflexive access lists approximate session filtering using the established keywordC. Reflexive access lists can be attached to standard named IP ACLsD. Reflexive access lists support UDP sessionsE. Reflexive access lists can be attached to extended named IP ACLsF. Reflexive access lists support TCP sessions

Correct Answer: DEFSection: (none)Explanation


QUESTION 9Which actions can a promiscuous IPS take to mitigate an attack?

A. modifying packetsB. requesting connection blockingC. denying packetsD. resetting the TCP connectionE. requesting host blockingF. denying frames

Correct Answer: BDESection: (none)Explanation

Explanation/Reference:Promiscuous Mode Event Actions

The following event actions can be deployed in Promiscuous mode. These actions are in affect for a user-configurable default time of 30 minutes. Because the IPSsensor must send the request to another device or craft a packet, latency is associated with these actions and could allow some attacks to be successful. Blockingthrough usage of the Attack Response Controller (ARC) has the potential benefit of being able to perform to the network edge or at multiple places within thenetwork. Request block host : This event action will send an ARC request to block the host for a specified time frame, preventing any further communication. This is asevere action that is most appropriate when there is minimal chance of a false alarm or spoofing. Request block connection : This action will send an ARC response to block the specific connection. This action is appropriate when there is potential for falsealarms or spoofing. Reset TCP connection: This action is TCP specific, and in instances where the attack requires several TCP packets, this can be a successful action. However, insome cases where the attack only needs one packet it may not work as well. Additionally, TCP resets are not very effective with protocols such as SMTP thatconsistently try to establish new connections, nor are they effective if the reset cannot reach the destination host in time. Event actions can be specified on a per signature basis, or as an event action override (based on risk rating values – event action override only). In the case ofevent action override, specific event actions are performed when specific risk rating value conditions are met. Event action overrides offer consistent and simplifiedmanagement. IPS version 6.0 contains a default event action override with a deny-packet-inline action for events with a risk rating between 90 and 100. For thisaction to occur, the device must be deployed in Inline mode. Protection from unintended automated action responses

Automated event actions can have unintended consequences when not carefully deployed. The most severe consequence can be a self denial of service (DoS) ofa host or network. The majority of these unintended consequences can be avoided through the use of Event Action Filters, Never Block Addresses, Networkspoofing protections, and device tuning. The following provides an overview of methods used to prevent unintended consequences from occurring.Using Event Action Filters and Never BlockBy using these capabilities, administrators may prevent a miscreant from spoofing critical IP addresses, causing a self inflicted DoS condition on these critical IPaddresses. Note that Never Block capabilities only apply to ARC actions. Actions that are performed inline will still be performed as well as rate limiting if they areconfigured. Minimize spoofingAdministrators can minimize spoofed packets that enter the network through the use of Unicast Reverse Path Forwarding. Administrators can minimize spoofingwithin their network through the use of IP Source Guard. The white paper titled Understanding Unicast Reverse Path Forwarding provides details on configurationof this feature. More information on IP Source Guard is available in the document titled Configuring DHCP Features and IP Source Guard. Careful Use of Event ActionsBy judicious use of event actions that block unwanted traffic, such as using the high signature fidelity rating, and not using automated actions on signatures that areeasily spoofed, administrators can reduce the probability of an unintended result. For an event to have a high risk rating, it must have a high signature fidelity ratingunless the risk rating is artificially increased through the use of Target Value Rating or Watch List Rating, which are IP specific increases. TuningBy tuning the signature set to minimize false positive events, administrators can reduce the chance of an event action that has an unintended consequence. High Base Risk Rating EventsIn most cases, events with a high base risk rating or a high signature fidelity rating are strong candidates for automated event actions. Care should be taken withprotocols that are easily spoofed in order to prevent self DoS conditions.

QUESTION 10Which command will configure a Cisco ASA firewall to authenticate users when they enter the enable syntax using the local database with no fallback method?

A. aaa authentication enable console LOCAL SERVER_GROUPB. aaa authentication enable console SERVER_GROUP LOCALC. aaa authentication enable console localD. aaa authentication enable console LOCAL



QUESTION 11Which Cisco Security Manager application collects information about device status and uses it to generate notifications and alerts?

A. FlexConfig

B. Device ManagerC. Report ManagerD. Health and Performance Monitor


Explanation/Reference:“Report Manager – Collects, displays and exports network usage and security information for ASA and IPS devices, and for remote-access IPsec and SSL VPNs.These reports aggregate security data such as top sources, destinations, attackers, victims, as well as security information such as top bandwidth, duration, andthroughput users. Data is also aggregated for hourly, daily, and monthly periods.”and “Health and Performance Monitor (HPM) – Monitors and displays key health, performance and VPN data for ASA and IPS devices in your network. This informationincludes critical and non-critical issues, such as memory usage, interface status, dropped packets, tunnel status, and so on. You also can categorize devices fornormal or priority monitoring, and set different alert rules for the priority devices.”

QUESTION 12Which accounting notices are used to send a failed authentication attempt record to a AAA server? (Choose two.)

A. start-stopB. stop-recordC. stop-onlyD. stop

Correct Answer: ACSection: (none)Explanation


QUESTION 13Which command is needed to enable SSH support on a Cisco Router?

A. crypto key lock rsaB. crypto key generate rsaC. crypto key zeroize rsaD. crypto key unlock rsa

Correct Answer: BSection: (none)Explanation


QUESTION 14Which protocol provides security to Secure Copy?

A. IPsecB. SSHC. HTTPSD. ESP



QUESTION 15A clientless SSL VPN user who is connecting on a Windows Vista computer is missing the menu option for Remote Desktop Protocol on the portal web page.Which action should you take to begin troubleshooting?

A. Ensure that the RDP2 plug-in is installed on the VPN gatewayB. Reboot the VPN gatewayC. Instruct the user to reconnect to the VPN gatewayD. Ensure that the RDP plug-in is installed on the VPN gateway



QUESTION 16Which security zone is automatically defined by the system?

A. The source zoneB. The self zoneC. The destination zoneD. The inside zone



QUESTION 17What are purposes of the Internet Key Exchange in an IPsec VPN? (Choose two.)

A. The Internet Key Exchange protocol establishes security associationsB. The Internet Key Exchange protocol provides data confidentialityC. The Internet Key Exchange protocol provides replay detectionD. The Internet Key Exchange protocol is responsible for mutual authentication

Correct Answer: ADSection: (none)Explanation


QUESTION 18Which address block is reserved for locally assigned unique local addresses?

A. 2002::/16B. FD00::/8C. 2001::/32D. FB00::/8


Explanation/Reference:The address block fc00::/7 is divided into two /8 groups:The block fc00::/8 has not been defined yet. It has been proposed to be managed by an allocation authority, butthis has not gained acceptance in the IETF.[1][2][3] This block is also used by the cjdns mesh network. Theblock fd00::/8 is defined for /48 prefixes, formed by setting the 40 least-significant bits of the prefixto a randomly generated bit string. This results in the format fdxx:xxxx:xxxx:: for a prefix in thisrange. RFC 4193 offers a suggestion for generating the random identifier to obtain a minimum-qualityresult if the user does not have access to a good source of random numbers

Example[ edit]As an example, a routing prefix in the fd00::/8 range would be constructed by generating a random 40-bit hexadecimal string, taken to be e48dba82e1 in this example. This 40-bit string is appended to the fd00::/8 prefix. This forms the 48-bit routing prefix fde4:8dba:82e1::/48. With this prefix, 65536 subnets of size /64 are available for the privatenetwork: fde4:8dba:82e1::/64 to fde4:8dba:82e1:ffff::/64.

QUESTION 19What is a possible reason for the error message?Router(config)#aaa server?% Unrecognized command

A. The command syntax requires a space after the word “server”B. The command is invalid on the target deviceC. The router is already running the latest operating systemD. The router is a new device on which the aaa new-model command must be applied before continuing



QUESTION 20Which statements about smart tunnels on a Cisco firewall are true? (Choose two.)

A. Smart tunnels can be used by clients that do not have administrator privilegesB. Smart tunnels support all operating systemsC. Smart tunnels offer better performance than port forwardingD. Smart tunnels require the client to have the application installed locally


Explanation/Reference:Smart Tunnel is also used to provide remote access to web applications that are difficult to rewrite, such as proprietary, non-standards-based Java, Java Script, orFlash animations. Smart Tunnel also supports Single Sign-On to web applications that require either form-based POST parameters, http basic, FTP, or NTLMauthentication Smart Tunnel can also co-exist with a Full-Tunnel VPN Client. For example, an employee can connect to the company network by using Full-Tunnel VPN Client,while simultaneously connecting to a vendor network by using Smart Tunnel. Smart Tunnel Advantages over Port-Forwarding, Plug-ins

● Smart Tunnel offers better performance than browser plug-ins. ● Port forwarding is the legacy technology for supporting TCP-based applications over a Clientless SSL VPN connection. Unlike port forwarding, Smart Tunnelsimplifies the user experience by not requiring the user connection of the local application to the local port. ● Smart Tunnel does not require users to have administrator privileges. ● Smart Tunnel does not require the administrator to know application port numbers in advance.

QUESTION 21If the native VLAN on a trunk is different on each end of the link, what is a potential consequence?

A. The interface on both switches may shut downB. STP loops may occurC. The switch with the higher native VLAN may shut downD. The interface with the lower native VLAN may shut down

Correct Answer: BSection: (none)

Explanation


QUESTION 22Which option describes information that must be considered when you apply an access list to a physical interface?

A. Protocol used for filteringB. Direction of the access classC. Direction of the access groupD. Direction of the access list



QUESTION 23Which source port does IKE use when NAT has been detected between two VPN gateways?

A. TCP 4500B. TCP 500C. UDP 4500D. UDP 500



QUESTION 24Which of the following are features of IPsec transport mode? (Choose three.)

A. IPsec transport mode is used between end stations

B. IPsec transport mode is used between gatewaysC. IPsec transport mode supports multicastD. IPsec transport mode supports unicastE. IPsec transport mode encrypts only the payloadF. IPsec transport mode encrypts the entire packet

Correct Answer: ADESection: (none)Explanation

Explanation/Reference:IPSec Transport ModeIPSec Transport mode is used for end-to-end communications, for example, for communication between a client and a server or between a workstation and agateway (if the gateway is being treated as a host). A good example would be an encrypted Telnet or Remote Desktop session from a workstation to a server.

Transport mode provides the protection of our data, also known as IP Payload, and consists of TCP/UDP header + Data, through an AH or ESP header. Thepayload is encapsulated by the IPSec headers and trailers. The original IP headers remain intact, except that the IP protocol field is changed to ESP (50) or AH(51), and the original protocol value is saved in the IPsec trailer to be restored when the packet is decrypted.IPSec transport mode is usually used when another tunneling protocol (like GRE) is used to first encapsulate the IP data packet, then IPSec is used to protect theGRE tunnel packets. IPSec protects the GRE tunnel traffic in transport mode.

QUESTION 25Which command causes a Layer 2 switch interface to operate as a Layer 3 interface?

A. no switchport nonnegotiateB. switchportC. no switchport mode dynamic autoD. no switchport



QUESTION 26Which TACACS+ server-authentication protocols are supported on Cisco ASA firewalls? (Choose three.)

A. EAPB. ASCIIC. PAPD. PEAPE. MS-CHAPv1F. MS-CHAPv2

Correct Answer: BCESection: (none)Explanation



QUESTION 27Which type of IPS can identify worms that are propagating in a network?

A. Policy-based IPSB. Anomaly-based IPSC. Reputation-based IPSD. Signature-based IPS



QUESTION 28Which command verifies phase 1 of an IPsec VPN on a Cisco router?

A. show crypto mapB. show crypto ipsec saC. show crypto isakmp saD. show crypto engine connection active


Explanation/Reference:show crypto ipsec sa verifies Phase 2 of the tunnel.

QUESTION 29What is the purpose of a honeypot IPS?

A. To create customized policiesB. To detect unknown attacksC. To normalize streamsD. To collect information about attacks



QUESTION 30Which type of firewall can act on the behalf of the end device?

A. Stateful packetB. ApplicationC. PacketD. Proxy

Correct Answer: DSection: (none)

Explanation


QUESTION 31Which syslog severity level is level number 7?

A. WarningB. InformationalC. NotificationD. Debugging


Explanation/Reference:The list of severity Levels:0 Emergency: system is unusable 1 Alert: action must be taken immediately 2 Critical: critical conditions 3 Error: error conditions 4 Warning: warning conditions 5 Notice: normal but significant condition 6 Informational: informational messages 7 Debug: debug-level messages

QUESTION 32By which kind of threat is the victim tricked into entering username and password information at a disguised website?

A. SpoofingB. MalwareC. SpamD. Phishing



QUESTION 33Which type of mirroring does SPAN technology perform?

A. Remote mirroring over Layer 2B. Remote mirroring over Layer 3C. Local mirroring over Layer 2D. Local mirroring over Layer 3



QUESTION 34Which tasks is the session management path responsible for? (Choose three.)

A. Verifying IP checksumsB. Performing route lookupC. Performing session lookupD. Allocating NAT translationsE. Checking TCP sequence numbersF. Checking packets against the access list

Correct Answer: BDFSection: (none)Explanation


QUESTION 35Which network device does NTP authenticate?

A. Only the time source

B. Only the client deviceC. The firewall and the client deviceD. The client device and the time source



QUESTION 36Which statement correctly describes the function of a private VLAN?

A. A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomainsB. A private VLAN partitions the Layer 3 broadcast domain of a VLAN into subdomainsC. A private VLAN enables the creation of multiple VLANs using one broadcast domainD. A private VLAN combines the Layer 2 broadcast domains of many VLANs into one major broadcast domain



QUESTION 37Which statement correctly describes the function of a private VLAN?

A. A private VLAN partitions the Layer 2 broadcast domain of a VLAN into subdomainsB. A private VLAN partitions the Layer 3 broadcast domain of a VLAN into subdomainsC. A private VLAN enables the creation of multiple VLANs using one broadcast domainD. A private VLAN combines the Layer 2 broadcast domains of many VLANs into one major broadcast domain



QUESTION 38What hash type does Cisco use to validate the integrity of downloaded images?

A. Sha1B. Sha2C. Md5D. Md1



QUESTION 39Which Cisco feature can help mitigate spoofing attacks by verifying symmetry of the traffic path?

A. Unidirectional Link DetectionB. Unicast Reverse Path ForwardingC. TrustSecD. IP Source Guard



QUESTION 40What is the most common Cisco Discovery Protocol version 1 attack?

A. Denial of ServiceB. MAC-address spoofingC. CAM-table overflowD. VLAN hopping



QUESTION 41What is the Cisco preferred countermeasure to mitigate CAM overflows?

A. Port securityB. Dynamic port securityC. IP source guardD. Root guard



QUESTION 42Which option is the most effective placement of an IPS device within the infrastructure?

A. Inline, behind the internet router and firewallB. Inline, before the internet router and firewallC. Promiscuously, after the Internet router and before the firewallD. Promiscuously, before the Internet router and the firewall



QUESTION 43

If a router configuration includes the line aaa authentication login default group tacacs+ enable, which events will occur when the TACACS+ server returns anerror? (Choose two.)

A. The user will be prompted to authenticate using the enable passwordB. Authentication attempts to the router will be deniedC. Authentication will use the router`s local databaseD. Authentication attempts will be sent to the TACACS+ server



QUESTION 44Which alert protocol is used with Cisco IPS Manager Express to support up to 10 sensors?

A. SDEEB. SyslogC. SNMPD. CSM



QUESTION 45When a switch has multiple links connected to a downstream switch, what is the first step that STP takes to prevent loops?

A. STP elects the root bridgeB. STP selects the root portC. STP selects the designated portD. STP blocks one of the ports



QUESTION 46Which type of address translation should be used when a Cisco ASA is in transparent mode?

A. Static NATB. Dynamic NATC. OverloadD. Dynamic PAT



QUESTION 47Which components does HMAC use to determine the authenticity and integrity of a message?

A. The passwordB. The hashC. The keyD. The transform set

Correct Answer: BCSection: (none)Explanation


QUESTION 48What is the default timeout interval during which a router waits for responses from a TACACS server before declaring a timeout failure?

A. 5 secondsB. 10 secondsC. 15 secondsD. 20 seconds


Explanation/Reference:Router(config)#tacacs-server timeout ? <1-1000> Wait time (default 5 seconds)

QUESTION 49Which RADIUS server authentication protocols are supported on Cisco ASA firewalls? (Choose three.)

A. EAPB. ASCIIC. PAPD. PEAPE. MS-CHAPv1F. MS-CHAPv2

Correct Answer: CEFSection: (none)Explanation


QUESTION 50Which command initializes a lawful intercept view?

A. username cisco1 view lawful-intercept password ciscoB. parser view cisco li-view

C. li-view cisco user cisco1 password ciscoD. parser view li-view inclusive


Explanation/Reference:Before you initialize a lawful intercept view, ensure that the privilege level is set to 15 via the privilege command.SUMMARY STEPS1. enable view 2. configure terminal 3. li-view li-password user username password password 4. username lawful-intercept [name] [privilege privilege-level| view view-name] password password5. parser view view-name 6. secret 5 encrypted-password 7. name new-name

QUESTION 51Which countermeasures can mitigate ARP spoofing attacks? (Choose two.)

A. Port securityB. DHCP snoopingC. IP source guardD. Dynamic ARP inspection

Correct Answer: BDSection: (none)Explanation


QUESTION 52Which of the following statements about access lists are true? (Choose three.)

A. Extended access lists should be placed as near as possible to the destinationB. Extended access lists should be placed as near as possible to the source

C. Standard access lists should be placed as near as possible to the destinationD. Standard access lists should be placed as near as possible to the sourceE. Standard access lists filter on the source addressF. Standard access lists filter on the destination address

Correct Answer: BCESection: (none)Explanation


QUESTION 53Which security measures can protect the control plane of a Cisco router? (Choose two.)

A. CCPrB. Parser viewsC. Access control listsD. Port securityE. CoPP

Correct Answer: AESection: (none)Explanation

Explanation/Reference:Table 10-3 Three Ways to Secure the Control PlaneUsing CoPP or CPPr, you can specify which types of management traffic are acceptable at which levels. For example, you could decide and configure the router tobelieve that SSH is acceptable at 100 packets per second, syslog is acceptable at 200 packets per second, and so on. Traffic that exceeds the thresholds can besafely dropped if it is not from one of your specific management stations. You can specify all those details in the policy.You learn more about control plane security in Chapter 13, “Securing Routing Protocols and the Control Plane.”Although not necessarily a security feature, Selective Packet Discard (SPD) provides the ability to prioritize certain types of packets (for example, routingprotocol packets and Layer 2 keepalive messages, which are received by the route processor [RP] ). SPD provides priority of critical control plane traffic overtraffic that is less important or, worse yet, is being sent maliciously to starve the CPU of resources required for the RP.

QUESTION 54Which statement about extended access lists is true?

A. Extended access lists perform filtering that is based on source and destination and are most effective when applied to the destinationB. Extended access lists perform filtering that is based on source and destination and are most effective when applied to the sourceC. Extended access lists perform filtering that is based on destination and are most effective when applied to the sourceD. Extended access lists perform filtering that is based on source and are most effective when applied to the destination


Explanation/Reference:Standard ACL 1) Able Restrict, deny & filter packets by Host Ip or subnet only.2) Best Practice is put Std. ACL restriction near from Source Host/Subnet (Interface-In-bound).3) No Protocol based restriction. (Only HOST IP).

Extended ACL1) More flexible then Standard ACL.2) You can filter packets by Host/Subnet as well as Protocol/TCPPort/UDPPort.3) Best Practice is put restriction near form Destination Host/Subnet. (Interface-Outbound)

QUESTION 55In which stage of an attack does the attacker discover devices on a target network?

A. ReconnaissanceB. Covering tracksC. Gaining accessD. Maintaining access



QUESTION 56Which protocols use encryption to protect the confidentiality of data transmitted between two parties? (Choose two.)

A. FTPB. SSHC. TelnetD. AAAE. HTTPSF. HTTP

Correct Answer: BESection: (none)Explanation


QUESTION 57What are the primary attack methods of VLAN hopping? (Choose two.)

A. VoIP hoppingB. Switch spoofingC. CAM-table overflowD. Double tagging

Correct Answer: BDSection: (none)Explanation


QUESTION 58How can the administrator enable permanent client installation in a Cisco AnyConnect VPN firewall configuration?

A. Issue the command anyconnect keep-installer under the group policy or username webvpn modeB. Issue the command anyconnect keep-installer installed in the global configurationC. Issue the command anyconnect keep-installer installed under the group policy or username webvpn modeD. Issue the command anyconnect keep-installer installer under the group policy or username webvpn mode

Correct Answer: C

Section: (none)Explanation

Explanation/Reference:Note AnyConnect versions 3.0 and later do no support permanent client installation. The CLI is stillavailable to support older versions of AnyConnect.

To enable permanent client installation for a specific group or user, use the anyconnect keep-installer command from group-policy or username webvpn modes:

anyconnect keep-installer installer

The default is that permanent installation of the client is enabled. The client remains on theremote computer at the end of the session. The following example configures the existing group-policy sales to remove the client on the remote computer at the end of the session:

hostname(config)# group-policy sales attributes

hostname(config-group-policy)# webvpn

hostname(config-group-policy)# anyconnect keep-installer installed none

QUESTION 59Which Cisco product can help mitigate web-based attacks within a network?

A. Adaptive Security ApplianceB. Web Security ApplianceC. Email Security ApplianceD. Identity Services Engine



QUESTION 60Which type of security control is defense in depth?

A. Threat mitigation

B. Risk analysis

C. Botnet mitigationD. Overt and covert channels



QUESTION 61Refer to the exhibit. Scenario: You are the security admin for a small company. This morning your manager has supplied you with a list of Cisco ISR and CCPconfiguration questions. Using CCP, your job is to navigate the pre-configured CCP in order to find answers to your business question. Which properties areincluded in the inspection Cisco Map OUT_SERVICE? (Choose four.)

A. FTPB. HTTPC. HTTPSD. SMTPE. P2PF. ICMP

Correct Answer: ABEFSection: (none)Explanation


QUESTION 62Refer to the exhibit. Scenario: You are the security admin for a small company. This morning your manager has supplied you with a list of Cisco ISR and CCPconfiguration questions. Using CCP, your job is to navigate the pre-configured CCP in order to find answers to your business question. What NAT address will beassigned by ACL 1?

A. 192.168.1.0/25B. GlobalEthernet0/0 interface address.C. 172.25.223.0/24D. 10.0.10.0/24



QUESTION 63Refer to the exhibit. Scenario: You are the security admin for a small company. This morning your manager has supplied you with a list of Cisco ISR and CCPconfiguration questions. Using CCP, your job is to navigate the pre-configured CCP in order to find answers to your business question. Which Class Map is used bythe INBOUND Rule?

A. SERVICE_INB. Class-map-ccp-cls-2C. Ccp-cls-2D. Class-map SERVICE_IN



QUESTION 64Refer to the exhibit. Scenario: You are the security admin for a small company. This morning your manager has supplied you with a list of Cisco ISR and CCPconfiguration questions. Using CCP, your job is to navigate the pre-configured CCP in order to find answers to your business question. Which policy is assigned toZone Pair sdm-zip-OUT-IN?

A. Sdm-cls-httpB. OUT_SERVICEC. Ccp-policy-ccp-cls-1D. Ccp-policy-ccp-cls-2



QUESTION 65Refer to the exhibit. Scenario: You are the security admin for a small company. This morning your manager has supplied you with a list of Cisco ISR and CCPconfiguration questions. Using CCP, your job is to navigate the pre-configured CCP in order to find answers to your business question. What is included in theNetwork Object Group INSIDE? (Choose two.)

A. Network 192.168.1.0/24B. Network 175.25.133.0/24C. Network 10.0.10.0/24D. Network 10.0.0.0/8E. Network 192.168.1.0/8

Correct Answer: BCSection: (none)Explanation



cisco.actualtests.640-554.v2015-10-20.by.daniele · pdf filemitigate spoofing attacks acls...

Documents