여러분은 아직도    cisco CCNA 640-553  인증시험의 난이도에 대하여 고민 중입니까? 아직도   cisco CCNA 640-553   시험 때문에 밤잠도 제대로 이루지 못하면서 시험공부를 하고 계십니까? Pass4Test제품을 사용하시면  빠른 시일내에 많은 공을 들이지 않고 여러분의 꿈을 이룰수 있습니다.Pass4Test 사이트에서 제공하는    cisco CCNA 640-553   관련자료의 일부분문제와답등 샘플을 무료로 다운받아 체험해 봄으로  Pass4Test 에 믿음이 생기게 될 것입니다.  cisco CCNA 640-553   인증시험을 응시하려는 분들은  Pass4Test  학습가이드의 문제와 답으로 안심하시고 자신 있게 응시하시면 됩니다. Pass4Test 는 여러분이 100%    cisco CCNA 640-553   인증시험을 패스할 수 있다는 것을 보장합니다.

 

NO.1 Which three statements are valid SDM configuration wizards? (Choose three.)
A. Security Audit
B. VPN
C. STP
D. NAT
Answer: ABD

NO.2 Which method is of gaining access to a system that bypasses normal security measures?
A. Creating a back door
B. Starting a Smurf attack
C. Conducting social engineering
D. Launching a DoS attack
Answer: A

NO.3 Which is the main difference between host-based and network-based intrusion prevention?
A. Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows.
B. Host-based IPS can work in promiscuous mode or inline mode.
C. Network-based IPS can provide protection to desktops and servers without the need of installing
specialized software on the end hosts and servers.
D. Host-based IPS deployment requires less planning than network-based IPS.
Answer: C

NO.4 Examine the following items, which one offers a variety of security solutions, including firewall, IPS,
VPN, antispyware, antivirus, and antiphishing features?
A. Cisco 4200 series IPS appliance
B. Cisco ASA 5500 series security appliance
C. Cisco IOS router
D. Cisco PIX 500 series security appliance
Answer: B

NO.5 When configuring Cisco IOS login enhancements for virtual connections, what is the "quiet period"?
A. A period of time when no one is attempting to log in
B. The period of time in which virtual logins are blocked as security services fully initialize
C. The period of time in which virtual login attempts are blocked, following repeated failed login attempts
D. The period of time between successive login attempts
Answer: C

NO.6 Which one is the most important based on the following common elements of a network design?
A. Business needs
B. Best practices
C. Risk analysis
D. Security policy
Answer: A

NO.7 Which three options are network evaluation techniques? (Choose three.)
A. Scanning a network for active IP addresses and open ports on those IP addresses
B. Using password-cracking utilities
C. Performing end-user training on the use of antispyware software
D. Performing virus scans
Answer: ABD

NO.8 The enable secret password appears as an MD5 hash in a router's configuration file, whereas the
enable password is not hashed (or encrypted, if the password-encryption
service is not enabled). What is the reason that Cisco still support the use of both enable secret and
enable passwords in a router's configuration?
A. The enable password is used for IKE Phase I, whereas the enable secret password is used for IKE
Phase II.
B. The enable password is considered to be a router's public key, whereas the enable secret password is
considered to be a router's private key.
C. Because the enable secret password is a hash, it cannot be decrypted. Therefore, the enable
password is used to match the password that
was entered, and the enable secret is used to verify that the enable password has not been modified
since the hash was generated.
D. The enable password is present for backward compatibility.
Answer: D

NO.9 How does CLI view differ from a privilege level?
A. A CLI view supports only commands configured for that specific view, whereas a privilege level
supports commands available to that level and all the lower levels.
B. A CLI view supports only monitoring commands, whereas a privilege level allows a user to make
changes to an IOS configuration.
C. A CLI view and a privilege level perform the same function. However, a CLI view is used on a Catalyst
switch, whereas a privilege level is used on an IOS router.
D. A CLI view can function without a AAA configuration, whereas a privilege level requires AAA to be
configured.
Answer: A

NO.10 As a network engineer at Cisco.com, you are responsible for Cisco network. Which will be necessarily
taken into consideration when implementing Syslogging in your network?
A. Log all messages to the system buffer so that they can be displayed when accessing the router.
B. Use SSH to access your Syslog information.
C. Enable the highest level of Syslogging available to ensure you log all possible event messages.
D. Syncronize clocks on the network with a protocol such as Network Time Protocol.
Answer: D

NO.11 Given the exhibit below. You are a network manager of your company. You are reading your Syslog
server reports. On the basis of the Syslog message shown, which two descriptions are correct? (Choose
two.)
A. This message is a level 5 notification message.
B. This message is unimportant and can be ignored.
C. This is a normal system-generated information message and does not require further investigation.
D. Service timestamps have been globally enabled
Answer: AD

NO.12 As a candidate for CCNA examination, when you are familiar with the basic commands, if you input the
command "enable secret level 5 password" in the global mode , what does it indicate?
A. Set the enable secret command to privilege level 5.
B. The enable secret password is hashed using SHA.
C. The enable secret password is hashed using MD5.
D. The enable secret password is encrypted using Cisco proprietary level 5 encryption.
E. The enable secret password is for accessing exec privilege level 5.
Answer: E

NO.13 Which three items are Cisco best-practice recommendations for securing a network? (Choose three.)
A. Deploy HIPS software on all end-user workstations.
B. Routinely apply patches to operating systems and applications.
C. Disable unneeded services and ports on hosts.
D. Require strong passwords, and enable password expiration.
Answer: BCD

NO.14 Which statement is true about a Smurf attack?
A. It sends ping requests to a subnet, requesting that devices on that subnet send ping replies to a target
system.
B. It intercepts the third step in a TCP three-way handshake to hijack a session.
C. It uses Trojan horse applications to create a distributed collection of "zombie" computers, which can be
used to launch a coordinated DDoS attack.
D. It sends ping requests in segments of an invalid size.
Answer: A

NO.15 Which result is of securing the Cisco IOS image by use of the Cisco IOS image resilience feature?
A. When the router boots up, the Cisco IOS image will be loaded from a secured FTP location.
B. The Cisco IOS image file will not be visible in the output from the show flash command.
C. The show version command will not show the Cisco IOS image file location.
D. The running Cisco IOS image will be encrypted and then automatically backed up to a TFTP server.
Answer: B
Pass4Test는 많은 분들이 IT인증시험을 응시하여 성공하도록 도와주는 사이트입니다.  Pass4Test 는 많은 IT전문가들로 구성되었습니다. Pass4Test 의 덤프는 모두 엘리트한 전문가들이 만들어낸 만큼 시험문제의 적중률은 아주 높습니다. 거의 100%의 정확도를 자랑하고 있습니다. 아마 많은 유사한 사이트들도 많습니다. 이러한 사이트에서 학습가이드와 온라인서비스도 지원되고 있습니다만  Pass4Test 는 이미 이러한 사이트를 뛰어넘은 실력으로 업계에서는 우리만의 이미지를 지키고 있습니다. Pass4Test 는 정확한 문제와 답만 제공하고 또한 그 어느 사이트보다도 빠른 업데이트로 여러분의 인증시험을 안전하게 패스하도록합니다.