Nowdays,Flydumps has published the newest Cisco 640-553 exam dumps with free vce test software and pdf dumps,and the latest Cisco 640-553 question answers ensure you 100% pass and money bcak guarantee.
QUESTION 61
Which type of firewall is needed to open appropriate UDP ports required for RTP streams?
A. Proxy firewall
B. Packet filtering firewall
C. Stateful firewall
D. Stateless firewall
Correct Answer: C QUESTION 62
Which statement best describes the relationships between AAA function and TACACS+, RADIUS based on the exhibit shown?
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
A. TACACS+ – PG1 and PG3 RADIUS – PG2 and PG4
B. TACACS+ – PG2 and PG4 RADIUS – PG1 and PG3
C. TACACS+ – PG1 and PG4 RADIUS – PG2 and PG3
D. TACACS+ – PG2 and PG3 RADIUS – PG1 and PG4
Correct Answer: B
QUESTION 63
Which two statements are correct regarding a Cisco IP phone??s web access feature? (Choose two.)
A. It is enabled by default.
B. It uses HTTPS.
C. It can provide IP address information about other servers in the network.
D. It requires login credentials, based on the UCM user database.
Correct Answer: AC QUESTION 64
Which option ensures that data is not modified in transit?
A. Authentication
B. Integrity
C. Authorization
D. Confidentiality
Correct Answer: B QUESTION 65
What is a static packet-filtering firewall used for ?
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
A. It analyzes network traffic at the network and transport protocol layers.
B. It validates the fact that a packet is either a connection request or a data packet belonging to a connection.
C. It keeps track of the actual communication process through the use of a state table.
D. It evaluates network packets for valid data at the application layer before allowing connections.
Correct Answer: A QUESTION 66
Which information is stored in the stateful session flow table while using a stateful firewall?
A. all TCP and UDP header information only
B. the source and destination IP addresses, port numbers, TCP sequencing information, and additional flags for each TCP or UDP connection associated with a particular session
C. the outbound and inbound access rules (ACL entries)
D. the inside private IP address and the translated inside global IP address
Correct Answer: B QUESTION 67
Which firewall best practices can help mitigate worm and other automated attacks?
A. Restrict access to firewalls
B. Segment security zones
C. Use logs and alerts
D. Set connection limits
Correct Answer: D QUESTION 68
Refer to Cisco IOS Zone-Based Policy Firewall, where will the inspection policy be applied?
A. to the interface
B. to the zone-pair
C. to the global service policy
D. to the zone
Correct Answer: B
QUESTION 69
Which statement best describes the Turbo ACL feature? (Choose all that apply.)
A. The Turbo ACL feature processes ACLs into lookup tables for greater efficiency.
B. The Turbo ACL feature leads to increased latency, because the time it takes to match the packet is variable.
C. The Turbo ACL feature leads to reduced latency, because the time it takes to match the packet is fixed and consistent. PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
D. Turbo ACLs increase the CPU load by matching the packet to a predetermined list.
Correct Answer: AC
QUESTION 70
Which statement best describes configuring access control lists to control Telnet traffic destined to the router itself?
A. The ACL must be applied to each vty line individually.
B. The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting to an unsecured port.
C. The ACL is applied to the Telnet port with the ip access-group command.
D. The ACL applied to the vty lines has no in or out option like ACL being applied to an interface.
Correct Answer: B
QUESTION 71
Which two actions can be configured to allow traffic to traverse an interface when zone-based security is being employed? (Choose two.)
A. Flow
B. Inspect
C. Pass
D. Allow
Correct Answer: BC
QUESTION 72
When configuring role-based CLI on a Cisco router, which action will be taken first ?
A. Create a parser view called “root view.”
B. Log in to the router as the root user.
C. Enable role-based CLI globally on the router using the privileged EXEC mode Cisco IOS command.
D. Enable the root view on the router.
Correct Answer: D
QUESTION 73
Which key method is used to detect and prevent attacks by use of IDS and/or IPS technologies?
A. Signature-based detection
B. Anomaly-based detection
C. Honey pot detection
D. Policy-based detection PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
Correct Answer: A
QUESTION 74
Which statement is correct regarding the aaa configurations based on the exhibit provided?
A. The authentication method list used by the console port is named test.
B. The authentication method list used by the vty port is named test.
C. If the TACACS+ AAA server is not available, console access to the router can be authenticated using the local database.
D. If the TACACS+ AAA server is not available, no users will be able to establish a Telnet session with the router.
Correct Answer: B
QUESTION 75
Based on the following items, which two types of interfaces are found on all network-based IPS sensors? (Choose two.)
A. Loopback interface
B. Monitoring interface
C. Command and control interface
D. Management interface
Correct Answer: BC
QUESTION 76
Which feature is a potential security weakness of a traditional stateful firewall?
A. It cannot ensure each TCP connection follows a legitimate TCP three-way handshake.
B. It cannot detect application-layer attacks.
C. It cannot support UDP flows.
D. The status of TCP sessions is retained in the state table after the sessions terminate.
Correct Answer: B
QUESTION 77
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
With which three tasks does the IPS Policies Wizard help you? (Choose three.)
A. Selecting the interface to which the IPS rule will be applied
B. Selecting the direction of traffic that will be inspected
C. Selecting the inspection policy that will be applied to the interface
D. Selecting the Signature Definition File (SDF) that the router will use
Correct Answer: ABD QUESTION 78
What is the objective of Diffie-Hellman?
A. used for asymmetric public key encryption
B. used between the initiator and the responder to establish a basic security policy
C. used to verify the identity of the peer
D. used to establish a symmetric shared key via a public key exchange process
Correct Answer: D QUESTION 79
Examine the following options ,when editing global IPS settings, which one determines if the IOS-based IPS feature will drop or permit traffic for a particular IPS signature engine while a new signature for that engine is being compiled?
A. Enable Engine Fail Closed
B. Enable Fail Opened
C. Enable Signature Default
D. Enable Default IOS Signature
Correct Answer: A QUESTION 80
Which description about asymmetric encryption algorithms is correct?
A. They use different keys for decryption but the same key for encryption of data.
B. They use the same key for encryption and decryption of data.
C. They use different keys for encryption and decryption of data.
D. They use the same key for decryption but different keys for encryption of data.
Correct Answer: C
Cisco 640-553 Certified Network Associate (CCNA) is the composite exam associated with the Cisco Certified Network Associate certification.Candidates can prepare for this exam.This exam tests a candidate’s knowledge and skills required to install, operate, and troubleshoot a small to medium size enterprise branch network.