Implementing Cisco IOS Network Security
| Exam Number | 640-554 |
|---|---|
| Associated Certifications | CCNA Security |
| Duration | 90 minutes (55-65 questions) |
| Available Languages | English, Japanese |
| Register | Pearson VUE |
| Exam Policies | Read current policies and requirements |
| Exam Tutorial | Review type of exam questions |
The 640-554 Implementing Cisco IOS Network Security (IINS) exam is associated
with the CCNA Security certification. This exam tests a candidate's knowledge of
securing Cisco routers and switches and their associated networks. It leads to
validated skills for installation, troubleshooting and monitoring of network
devices to maintain integrity, confidentiality and availability of data and
devices and develops competency in the technologies that Cisco uses in its
security infrastructure.
router? (Choose two.)
A. syslog
B. SDEE
C. FTP
D. TFTP
E. SSH
F. HTTPS
Answer: B,F
Cisco fragen beantworten 640-554 640-554 Antworten 640-554 online prüfungen 640-554 prüfungen 640-554
Explanation:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6634/prod_white_paper09
00aecd805c4ea8.html
Step 4: Enabling IOS IPS
The fourth step is to configure IOS IPS using the following sequence of steps:
Step 4.1: Create a rule name (This will be used on an interface to enable IPS)
ip ips name <rule name> < optional ACL>
router#configure terminal router(config)# ip ips name iosips
You can specify an optional extended or standard access control list (ACL) to filter the traffic that
will be scanned by this rule name. All traffic that is permitted by the ACL is subject to inspection by
the IPS. Traffic that is denied by the ACL is not inspected by the IPS.
router(config)#ip ips name ips list ?
<1-199> Numbered access list
WORD Named access list
Step 4.2: Configure IPS signature storage location, this is the directory `ips' created in Step 2
ip ips config location flash:<directory name>
router(config)#ip ips config location flash:ips
Step 4.3: Enable IPS SDEE event notification
ip ips notify sdee router(config)#ip ips notify sdee
To use SDEE, the HTTP server must be enabled (via the `ip http server' command). If the HTTP
server is not enabled, the router cannot respond to the SDEE clients because it cannot see the
requests. SDEE notification is disabled by default and must be explicitly enabled.
NO.2 With Cisco IOS zone-based policy firewall, by default, which three types of traffic are permitted
by the router when some of the router interfaces are assigned to a zone? (Choose three.)
A. traffic flowing between a zone member interface and any interface that is not a zone member
B. traffic flowing to and from the router interfaces (the self zone)
C. traffic flowing among the interfaces that are members of the same zone
D. traffic flowing among the interfaces that are not assigned to any zone
E. traffic flowing between a zone member interface and another interface that belongs in a different
zone
F. traffic flowing to the zone member interface that is returned traffic
Answer: B,C,D
Cisco testantworten 640-554 PDF Testsoftware 640-554 prüfungsvorbereitung 640-554 640-554 dumps 640-554 Prüfungsfrage
Explanation:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994
.shtml
NO.3 Which Cisco IOS command is used to verify that either the Cisco IOS image, the configuration
files, or both have been properly backed up and secured?
A. show archive
B. show secure bootset
C. show flash
D. show file systems
E. dir
F. dir archive
Answer: B
Cisco antworten 640-554 Zertifizierungsprüfung 640-554 640-554 tests
Explanation:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_resil_config_ps6
922_TSD_Products_Configuration_Guide_Chapter.html
Restrictions for Cisco IOS Resilient Configuration
This feature is available only on platforms that support a Personal Computer Memory Card
International Association (PCMCIA) Advanced Technology Attachment (ATA) disk. There must be
enough space on the storage device to accommodate at least one Cisco IOS image (two for upgrades)
and a copy of the running configuration. IOS Files System (IFS) support for secure file systems is also
needed by the software.
It may be possible to force removal of secured files using an older version of Cisco IOS software that
does not contain file system support for hidden files.
This feature can be disabled only by using a console connection to the router. With the exception of
the upgrade scenario, feature activation does not require console access.
You cannot secure a bootset with an image loaded from the network. The running image must be
loaded from persistent storage to be secured as primary.
Secured files will not appear on the output of a dir command issued from an executive shell because
the IFS prevents secure files in a directory from being listed. ROM monitor (ROMMON) mode does
not have any such restriction and can be used to list and boot secured files. The running image and
running configuration archives will not be visible in the Cisco IOS dir command output. Instead, use
the show secure bootset command to verify archive existence.
NO.4 Which two features are supported by Cisco IronPort Security Gateway? (Choose two.)
A. Spam protection
B. Outbreak intelligence
C. HTTP and HTTPS scanning
D. Email encryption
E. DDoS protection
Answer: A,D
Cisco prüfungen 640-554 dumps 640-554 zertifizierung
Explanation:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps10128/ps10154/data-sheetc78-
729751.html
Product Overview Over the past 20 years, email has evolved from a tool used primarily by technical
and research professionals to become the backbone of corporate communications. Each day, more
than 100 billion corporate email messages are exchanged. As the level of use rises, security becomes
a greater priority. Mass spam campaigns are no longer the only concern. Today, spam and malware
are just part of a complex picture that includes inbound threats and outbound risks. Cisco@ Email
Security solutions defend mission-critical email systems with appliance, virtual, cloud, and hybrid
solutions. The industry leader in email security solutions, Cisco delivers:
NO.5 Refer to the exhibit.
Which statement about the aaa configurations is true?
A. The authentication method list used by the console port is named test.
B. The authentication method list used by the vty port is named test.
C. If the TACACS+ AAA server is not available, no users will be able to establish a Telnet session with
the router.
D. If the TACACS+ AAA server is not available, console access to the router can be authenticated using
the local database.
E. The local database is checked first when authenticating console and vty access to the router.
Answer: B
Cisco quizfragen und antworten 640-554 640-554 Prüfungsfrage
Explanation:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1818/products_configuration_example09186
a 0080204528.shtml Configure AAA Authentication for Login To enable authentication, authorization,
and accounting (AAA) authentication for logins, use the login authentication command in line
configuration mode. AAA services must also be configured.
Configuration Procedure In this example, the router is configured to retrieve users' passwords from a
TACACS+ server when users attempt to connect to the router.
From the privileged EXEC (or "enable") prompt, enter configuration mode and enter the commands
to configure the router to use AAA services for authentication: router#configure terminal Enter
configuration commands, one per line. End with CNTL/Z. router(config)#aaa new-model
router(config)#aaa authentication login my-auth-list tacacs+ router(config)#tacacs-server host
192.168.1.101 router(config)#tacacs-server key letmein Switch to line configuration mode using the
following commands. Notice that the prompt changes to reflect the current mode.
router(config)#line 1 8 router(config-line)# Configure password checking at login. router(config-
line)#login authentication my-auth-list Exit configuration mode. router(config-line)#end router#
%SYS-5-CONFIG_I: Configured from console by console
NO.6 DRAG DROP
Answer:
Explanation:
NO.7 Which option describes a function of a virtual VLAN?
A. A virtual VLAN creates a logically partitioned LAN to place switch ports in a separate broadcast
domain.
B. A virtual VLAN creates trunks and links two switches together.
C. A virtual VLAN adds every port on a switch to its own collision domain.
D. A virtual VLAN connects many hubs together.
Answer: A
Cisco Prüfungsfrage 640-554 lernhilfe 640-554
NO.8 Which two countermeasures can mitigate STP root bridge attacks? (Choose two.)
A. root guard
B. BPDU filtering
C. Layer 2 PDU rate limiter
D. BPDU guard
Answer: A,D
Cisco Zertifizierungsantworten 640-554 Buch 640-554 echte Fragen
Explanation:
The BPDU guard feature is designed to allow network designers to keep the active network topology
predictable. BPDU guard is used to protect the switched network from the problems that may be
caused by the receipt of BPDUs on ports that should not be receiving them. The receipt of
unexpected BPDUs may be accidental or may be part of an unauthorized attempt to add a switch to
the network. BPDU guard is best deployed toward user-facing ports to prevent rogue switch network
extensions by an attacker. The root guard feature of Cisco switches is designed to provide a way to
enforce the placement of root bridges in the network. Root guard limits the switch ports out of which
the root bridge may be negotiated. If a root-guard-enabled port receives BPDUs that are superior to
those that the current root bridge is sending, then that port is moved to a root-inconsistent state,
which is effectively equal to an STP listening state, and no data traffic is forwarded across that port.
Viele Kandidaten, die sich auf die Cisco 640-554 Zertifizierungsprüfung vorbereiten, haben auf anderen Websites auch die Online-Ressourcen zur Cisco 640-554 Zertifizierungsprüfung gesehen. Aber unser Pass4Test ist eine einzige Website, die von den spitzen IT-Experten nach den Nachschlagen bearbeiteten Prüfungsfragen und Antworten bieten. Wir versprechen, das Sie zum ersten Mal mit unseren Schulungsunterlagen die Cisco 640-554 Zertifizierungsprüfung bestehen können.
Die echten und originalen Prüfungsfragen und Antworten zu 640-554 (Implementing Cisco IOS Network Security (IINS v2.0)) bei Pass4Test.de wurden verfasst von unseren IT-Experten mit den Informationen von 640-554 (Implementing Cisco IOS Network Security (IINS v2.0)) aus dem Testcenter wie PROMETRIC oder VUE.
Mit den Schulungsunterlagen zur Cisco 640-554 Zertifizierungsprüfung von Pass4Test können Sie die Cisco 640-554 Zertifizierungsprüfung ganz einfach bestehen. Die von uns entworfenen Schulungsinstrumente werden Ihnen helfen , die Prüfung nur einmal zu bestehen. Sie können nur Teil der Fragen und Antworten zur Cisco 640-554 Zertifizierungsprüfung in Pass4Test als Probe kostenlos herunterladen und die Prüfung ganz einfach bestehen. Wenn Sie noch zögern, benutzen Sie doch unsere Probeversion. Sie werden sich über ihre gute Wirkung wundern. Schicken Sie doch Pass4Test in den Warenkorb. Wenn Sie es verpassen, würden Sie lebenslang bereuen.
Die Feedbacks von den IT-Fachleuten, die Cisco 640-554 Zertifizierungsprüfung erfolgreich bestanden haben, haben bewiesen, dass ihren Erfolg Pass4Test beizumessen ist. Die Fragen und Antworten zur Cisco 640-554 Zertifizierungsprüfung haben ihnen sehr geholfen. Dabei erspart Pass4Test ihnen auch viele wertvolle Zeit und Energie. Sie haben die Cisco 640-554 Zertifizierungsprüfung ganz einfach nur einmal bestanden. So ist Pass4Test eine zuverlässige Website. Wenn Sie Pass4Test wählen, sind Sie der nächste erfolgreiche IT-Fachmann. Pass4Test würde Ihren Traum erreichen.
Exam Code:
640-554Prüfungsname: Implementing Cisco IOS Network Security (IINS v2.0)
Aktulisiert: 12-07-2015, 640-554 testking
Nummer: 246 Q&As
640-554 echte Fragen : 640-554
testking
Artikel Link: http://www.pass4test.de/640-554.html
没有评论:
发表评论