Welcome to download the newest Examwind 1y0-a26 VCE dumps: http://www.examwind.com/1y0-a26.html
Cisco 640-553 exam sample questions help the candidates to find high paying jobs in different TelePresence Video. In preparation for any technician TelePresence Video certification Cisco 640-553 exam, you need to look for the right kind of study materials and Cisco 640-553 exam sample questions to assist you in your review. You can find a variety of them online, though there are some things you need to reconsider in Cisco 640-553 choosing resources online. Only go to FLYDUMPS Cisco 640-553 exam sample questions that can provide you genuine, reliable and updated preparation materials Cisco 640-553. You need more than a basic level that every job candidate has. An established TelePresence Video Sales Engineer for Advanced Exam Cisco 640-553 exam sample questions allows you often.
QUESTION 96
Before a Diffie-Hellman exchange may begin, the two parties involved must agree on what?
A. Two nonsecret keys
B. Two secret numbers
C. Two secret keys
D. Two nonsecret numbers
Correct Answer: D
QUESTION 97
Which item is the correct matching relationships associated with IKE Phase?
A. IKE Phase 1 – PG1 and PG2 IKE Phase 2 – PG3, PG4 and PG5
B. IKE Phase 1 – PG1 and PG4 IKE Phase 2 – PG2, PG3 and PG5
C. IKE Phase 1 – PG2 and PG3 IKE Phase 2 – PG1, PG4 and PG5
D. IKE Phase 1 – PG2 and PG4 IKE Phase 2 – PG1, PG3 and PG5
Correct Answer: B
QUESTION 98
Which three are distinctions between asymmetric and symmetric algorithms? (Choose all that apply.)
A. Asymmetric algorithms are based on more complex mathematical computations.
B. Only symmetric algorithms have a key exchange technology built in.
C. Only asymmetric algorithms have a key exchange technology built in.
D. Asymmetric algorithms are used quite often as key exchange protocols for symmetric algorithms.
Correct Answer: ACD
QUESTION 99
For the following statements, which one is the strongest symmetrical encryption algorithm?
A. 3DES
B. DES
C. AES
D. Diffie-Hellman
Correct Answer: C
QUESTION 100
Which statement is true about a certificate authority (CA)?
A. A trusted third party responsible for signing the private keys of entities in a PKIbased system
B. A trusted third party responsible for signing the public keys of entities in a PKIbased system
C. An entity responsible for registering the private key encryption used in a PKI
D. An agency responsible for granting and revoking public-private key pairs
Correct Answer: B QUESTION 101
Which location will be recommended for extended or extended named ACLs?
A. a location as close to the destination traffic as possible
B. an intermediate location to filter as much traffic as possible
C. when using the established keyword, a location close to the destination point to ensure that return traffic is allowed
D. a location as close to the source traffic as possible
Correct Answer: D QUESTION 102
Which Public Key Cryptographic Standards (PKCS) defines the syntax for encrypted messages and messages with digital signatures?
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
A. PKCS #12
B. PKCS #10
C. PKCS #8
D. PKCS #7
Correct Answer: D QUESTION 103
For the following items, which one acts as a VPN termination device and is located at a primary network location?
A. Headend VPN device
B. Tunnel
C. Broadband service
D. VPN access device
Correct Answer: A QUESTION 104
Refer to the exhibit. You are the network security administrator responsible for router security. Your network uses internal IP addressing according to RFC 1918 specifications. From the default rules shown, which access control list would prevent IP address spoofing of these internal networks?
A. SDM_Default_196
B. SDM_Default_197
C. SDM_Default_198
D. SDM_Default_199 PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
Correct Answer: C
QUESTION 105
Refer to the exhibit. Based on the VPN connection shown, which statement is true?
A. Traffic that matches access list 103 will be protected.
B. This VPN configuration will not work because the tunnel IP and peer IP are the same.
C. The tunnel is down as result of being a static rule. It should be configured as a Dynamic IPsec policy.
D. The tunnel is down because the transform set needs to include the Authentication Header parameter.
Correct Answer: A
QUESTION 106
Instructions To access the Cisco Router and Security Device Manager(SDM) utility click on the console host icon that is connected to a ISR router. You can click on the grey buttons below to view the different windows. Each of the windows can be minimized by clicking on the [-].You can also reposition a window by dragging it by the title bar. The “Tab” key and most commands that use the “Control”or “Escape” keys are not supported and are not necessary to complete this simulation.
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
1. Which two options correctly identify the associated interface with the correct security zone? (Choose two.)
A: FastEthernet0/1 is associated to the “out-zone” zone.
B: FastEthernet0/0 is associated to the “in-zone” zone.
C: FastEthernet0/0 and 0/1 are associated to the “self” zone.
D: FastEthernet0/0 and 0/1 are associated to the “in-zone” zone.
E: FastEthernet0/0 and 0/1 are associated to the “out-zone” zone.
F:
FastEthernet0/0 and 0/1 are not associated to any zone.
A.
B.
C.
D.
Correct Answer:
QUESTION 107
On the basis of the description of SSL-based VPN, place the correct descriptions in the proper locations.
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
Correct Answer: A
QUESTION 108
Which three common examples are of AAA implementation on Cisco routers? Please place the correct descriptions in the proper locations.
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
A. PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
Correct Answer: A QUESTION 109
Drag two characteristics of the SDM Security Audit wizard on the above to the list on the below.
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
Correct Answer: A
QUESTION 110
On the basis of the Cisco IOS Zone-Based Policy Firewall, by default, which three types of traffic are permitted
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
by the router when some interfaces of the routers are assigned to a zone? Drag three proper characterizations on the above to the list on the below.
A. PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
Correct Answer: A QUESTION 111
Drag three proper statements about the IPsec protocol on the above to the list on the below.
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
A. PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
Correct Answer: A
QUESTION 112
LAB You are the passguide network security administrator for Big Money BankCo. You are informed that an attacker has performed a CAM table overflow attack by sending spoofed MAC addresses on one of the switch ports. The attacker has since been identified and escorted out of the campus. You now need to take action to configure the swtich port to protect against this kind of attack in the future. For purposes of this test, the attacker was connected via a hub to the Fa0/12 interface of the switch. The topology is provided for your use. The enable password of the switch is cisco. Your task is to configure the Fa0/12 interface on the switch to limit the maximum number of MAC addresses that are allowed to access the port to two and to shutdown the interface when there is a violation.
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553 PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
A. Switch1>enable Switch1#config t Switch1(config)#interface fa0/12 Switch1(config-if)#switchport mode access Switch1(config-if)#switchport port-security maximum 2
Switch1(config-if)#switchport port-security violation shutdown Switch1(config-if)#no shut
Switch1(config-if)#end
Switch1#copy run start
Correct Answer: A
QUESTION 113
You suspect an attacker in your network has cnfigured a rogue layer 2 device to intercept traffic from multiple VLANS, thereby allowing the attacker to capture potentially sensitive. Which two methods will help to mitigate this type of activity? (Choose two.)
A. Turn off all trunk ports and manually configure each VLAN as required on each port
B. Disable DTP on ports that require trunking
C. Secure the native VLAN, VLAN 1 with encryption
D. Set the native VLAN on the trunk prots to an unused VLAN
E. Place unused active ports in an umused VLAN
Correct Answer: BD
QUESTION 114
When configuring AAA login anthentication on Cisco routers, which two authentication methods should be used as the final method to ensure that the administrator can still log in to the router in case the external AAA server fails?(Choose two.)
A. krb5
B. local
C. enable
D. group RADIUS
E. group TACACS+
Correct Answer: CE
QUESTION 115
Which two protocols enable Cisco SDM to pull IPS alerts from a Cisco ISR router?
A. FTP
B. HTTPS
C. TFTP
D. SSH
E. syslog
F. SDEE
Correct Answer: BF
QUESTION 116
Which two statements about configuring the Cisco ACS server to perform router command authorization are true/ (Choose two.)
A. In the ACS User Group setup screen, use the Shell Command Authorization Set options to configure which commands and command arguments to permit or deny.
B. From the ACS Interface Configuration screen, select RADIUS (Cisco IOS/PIX 6.0), and then enable the Shell (exec) option on the RADIUS Services screen.
C. When adding the router as an AAA client on the Cisco ACS server, choose the TACACS+ (Cisco Ios) protocol.
D. Configure the Cisco ACS server to forward authentication of users to an external user database, like Windows Database
Correct Answer: AC
QUESTION 117
When configuring Cisco IOS Zone-Based Policy Firewall, what are the three actions that can be applied to a traffic class? (Chosse three.)
A. Pass PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
B. Police
C. Inspect
D. Drop
E. Queue
F. Shape
Correct Answer: ACD
QUESTION 118
Which three statements about applying access controll lists to a Cisco router are true? (Choose three.)
A. Place more specific ACL enteries at the top of the ACL.
B. ACLs always search for the most specific entry before taking any filtering action.
C. Router-generated packets cannot be filtered by ACLs on the router.
D. Place-generic ACL entries as the top of the ACLs to filter general traffic and thereby reduce “noise” on thenetwork.
E. If an access list is applied but is not configured, all traffic will pass.
Correct Answer: ACE
QUESTION 119
Which two functions are required for Ipsec operation? (Choose two.)
A. using AH protocols for encryption and authentication
B. using SHA for encryption
C. using Diffie-Hellman to establish a shared-secret key
D. using PKI for pre-shared-key authentication
E. using IKE to negotiate the SA
Correct Answer: CE
QUESTION 120
Scenario: Next Gen University main campus is located in Santa Cruz. The University has recently establisheci various remote campuses offening -lerning services. The UnverIty is using IPec VPN connectivity between its main and remote campus Phoenix (PHX), Newadla (ND). Sacremento (SAC). As a recent addition to The IT/Networking team. You have beeni tasked to document the IPsec VPN configurations to the remote campuses using the Cisco Ruler and SDM utility. Using the SDM output from VPN Tasks under the Configure tab, annwer these quetions
Cisco SDM 5.0:
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553 1. Which one of these statements is correct in regards to Next Gen University Psec tunnel between its Santa Cruz main campus and its PHX remote campus?
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 640-553
A: It is using IPsec tunnel mode A&S encryption and SHA HMAC Integrity Check.
B: It is using IPsec tunnel mode. 3DES encryption and SHA HMAC Integrity Check.
C: It Ia using IPsec tunnel mode to protect the traffic between the 10.10. 10.0/24 and the 10.253.0/24 sbnet,
D: It is using digital certificate authenticate between the IPsec peers and DH group 2
E: It Is using pre-shared key to ahentlcate beteen the IPsec pens and OH group 5
F:
The Santa Cruz main campus is the Easy VPN server and the PHX remote campus is easy VPN remote.
A.
B.
C.
D.
Correct Answer:
QUESTION 121
What is the goal of an overall security challenge when planning a security strategy?
A. to harden all exterior-facing networks components
B. to install firewalls at all critical points in the network
C. to find a balance between the need to open networks to support evolving business requirements and to need to inform
D. to educate employees to be on the lookout for suspicious behaviour
Correct Answer: C
QUESTION 122
Which threat are the most serious?
A. inside threats
B. outside threats
C. unknown threats
D. reconnaissance threats
Correct Answer: A
QUESTION 123
Network security aims to provide which three key services? (choose three)
A. data integrity
B. data strategy
C. data & system availability
D. data mining
E. data storage
F. data confidentiality
Correct Answer: ACF
QUESTION 124
Which option is the term for a weakness in a system or its design that can be exploited by a threat
A. a vulnerability
B. a risk
C. an exploit
D. an attack
E. a joke
Correct Answer: A
QUESTION 125
Which option is the term for the likelihood that a particular threat using a specific attack will exploit particular vulnerability of a system that results in an undesirable consequence?
A. a vulnerability
B. a risk
C. an exploit
D. an attack
E. a joke
Correct Answer: B
No one else except Flydumps.com assures you 100 percent ratio with its value pack.This value pack offers complete Cisco 640-553 forum to get top grades. This value pack is specially designed and includes things like Cisco 640-553 real exam questions as well as Juniper JN0-100 notes to clear certain points that are complicated in the syllabus. Another key feature that makes Flydumps.com’s value pack important is that is has all Cisco 640-553 simulation in it that are very important.These important features in the Flydumps.com value pack has increased its importance for passing Cisco 640-553 test with top ranks.
Welcome to download the newest Examwind 1y0-a26 VCE dumps: http://www.examwind.com/1y0-a26.html
Cisco 640-553 Test Engine, Sale Discount Cisco 640-553 Certification On Sale