Pass4Test는  여러분이 원하는 CCNA Security 640-554시험관련자료를 해결해드릴 수 있는 사이트입니다. Pass4Test의 제품들은 모두 우리만의 거대한 IT업계 엘리트들로 이루어진 그룹 즉 관련업계예서 권위가 있는 전문가들이 자기만의 지식과 지금까지의 경험으로 최고의 IT인증 관련자료를 만들어냅니다. Pass4Test의 문제와 답은 정확도 적중률이 아주 높습니다. 우리의 덤프로완벽한 CCNA Security 640-554 시험대비를 하시면 됩니다. 이렇게 어려운 시험은 우리 CCNA Security 640-554덤프로 여러분의 고민을 한방에 해결해 드립니다.우리 Pass4Test의 덤프들은응시자에 따라  시험 ,시험방법에 따라  알 맞춤한 퍼펙트한 자료입니다.여러분은 Pass4Test의알맞춤 덤프들로 아주 간단하고 편하게  인증시험을 패스할 수 있습니다.많은  it인증관연 응시자들은  우리 Pass4Test가 제공하는 문제와 답으로 되어있는 덤프로 자격증을 취득하셨습니다.우리 Pass4Test 또한 업계에서 아주 좋은 이미지를 가지고 있습니다.Pass4Test에서 제공하는 자료들은 모두 it업계 전문가들이 자신의 지식과 끊임없는 경험등으로 만들어낸 퍼펙트한 자료들입니다. 품질과 정확도가  모두 보장되는 문제집입니다.CCNA Security 640-554시험은 여러분이 it지식을 한층 업할수 있는 시험이며 우리 또한 일년무료 업데이트 서비스를 제공합니다.Pass4Test를 선택함으로  여러분은 CCNA Security 640-554시험을 한방에 패스할 수 있습니다.만약 시험에서 실패하시면  Pass4Test에서는 덤프비용 전액환불을 약속합니다.

 

 

NO.1 Which two characteristics of the TACACS+ protocol are true? (Choose two.)
A. uses UDP ports 1645 or 1812
B. separates AAA functions
C. encrypts the body of every packet
D. offers extensive accounting capabilities
E. is an open RFC standard protocol
Answer: B,C

NO.2 Which three options are common examples of AAA implementation on Cisco routers? (Choose three.)
A. authenticating remote users who are accessing the corporate LAN through IPsec VPN connections
B. authenticating administrator access to the router console port, auxiliary port, and vty ports
C. implementing PKI to authenticate and authorize IPsec VPN peers using digital certificates
D. tracking Cisco NetFlow accounting statistics
E. securing the router by locking down all unused services
F. performing router commands authorization using TACACS+
Answer: A,B,F

NO.3 Which two characteristics represent a blended threat? (Choose two.)
A. man-in-the-middle attack
B. trojan horse attack
C. pharming attack
D. denial of service attack
E. day zero attack
Answer: B,E

NO.4 Which option is a feature of Cisco ScanSafe technology.?
A. spam protection
B. consistent cloud-based policy
C. DDoS protection
D. RSA Email DLP
Answer: B

NO.5 Refer to the exhibit.
Which statement about this partial CLI configuration of an access control list is true?
A. The access list accepts all traffic on the 10.0.0.0 subnets.
B. All traffic from the 10.10.0.0 subnets is denied.
C. Only traffic from 10.10.0.10 is allowed.
D. This configuration is invalid. It should be configured as an extended ACL to permit the associated
wildcard mask.
E. From the 10.10.0.0 subnet, only traffic sourced from 10.10.0.10 is allowed; traffic sourced from the
other 10.0.0.0 subnets also is allowed.
F. The access list permits traffic destined to the 10.10.0.10 host on FastEthernet0/0 from any source.
Answer: E

NO.6 Which type of Cisco ASA access list entry can be configured to match multiple entries in a single
statement?
A. nested object-class
B. class-map
C. extended wildcard matching
D. object groups
Answer: D

NO.7 When AAA login authentication is configured on Cisco routers, which two authentication methods
should be used as the final method to ensure that the administrator can still log in to the router in case the
external AAA server fails? (Choose two.)
A. group RADIUS
B. group TACACS+
C. local
D. krb5
E. enable
F. if-authenticated
Answer: C,E

NO.8 Refer to the exhibit.
Which traffic is permitted by this ACL?
A. TCP traffic sourced from any host in the 172.26.26.8/29 subnet on any port to host 192.168.1.2 port 80
or 443
B. TCP traffic sourced from host 172.26.26.21 on port 80 or 443 to host 192.168.1.2 on any port
C. any TCP traffic sourced from host 172.26.26.30 destined to host 192.168.1.1
D. any TCP traffic sourced from host 172.26.26.20 to host 192.168.1.2
Answer: C

NO.9 Refer to the exhibit.
Which statement about this output is true?
A. The user logged into the router with the incorrect username and password.
B. The login failed because there was no default enable password.
C. The login failed because the password entered was incorrect.
D. The user logged in and was given privilege level 15.
Answer: C

NO.10 Which option is the correct representation of the IPv6 address
2001:0000:150C:0000:0000:41B1:45A3:041D?
A. 2001::150c::41b1:45a3:041d
B. 2001:0:150c:0::41b1:45a3:04d1
C. 2001:150c::41b1:45a3::41d
D. 2001:0:150c::41b1:45a3:41d
Answer: D

NO.11 Under which higher-level policy is a VPN security policy categorized?
A. application policy
B. DLP policy
C. remote access policy
D. compliance policy
E. corporate WAN policy
Answer: C

NO.12 What does level 5 in this enable secret global configuration mode command indicate?
A. router#enable secret level 5 password
B. The enable secret password is hashed using MD5.
C. The enable secret password is hashed using SHA.
D. The enable secret password is encrypted using Cisco proprietary level 5 encryption.
E. Set the enable secret command to privilege level 5.
F. The enable secret password is for accessing exec privilege level 5.
Answer: E

NO.13 Refer to the exhibit.
What does the option secret 5 in the username global configuration mode command indicate about the
user password?
A. It is hashed using SHA.
B. It is encrypted using DH group 5.
C. It is hashed using MD5.
D. It is encrypted using the service password-encryption command.
E. It is hashed using a proprietary Cisco hashing algorithm.
F. It is encrypted using a proprietary Cisco encryption algorithm.
Answer: C

NO.14 Which two features are supported by Cisco IronPort Security Gateway? (Choose two.)
A. spam protection
B. outbreak intelligence
C. HTTP and HTTPS scanning
D. email encryption
E. DDoS protection
Answer: A,D

NO.15 Which Cisco management tool provides the ability to centrally provision all aspects of device
configuration across the Cisco family of security products?
A. Cisco Configuration Professional
B. Security Device Manager
C. Cisco Security Manager
D. Cisco Secure Management Server
Answer: C