CCNA Security 640-554 Practice Test (66-70)

EnsurepassQUESTION NO: 66 In which type of Layer 2 attack does an attacker broadcast BDPUs with a lower switch priority? A. MAC spoofing attack B. CAM overflow attack C. VLAN hopping attack D. STP attack Answer: D   QUESTION NO: 67 Which security measure must you take for native VLANs on a trunk port? A. Native VLANs for trunk ports should never be used anywhere else on the switch. B. The native VLAN for trunk ports should be VLAN 1. C. Native VLANs for trunk ports should match Read more […]

CCNA Security 640-554 Practice Test (56-60)

EnsurepassQUESTION NO: 61 Which option represents a step that should be taken when a security policy is developed? A. Perform penetration testing. B. Determine device risk scores. C. Implement a security monitoring system. D. Perform quantitative risk analysis. Answer: D   QUESTION NO: 62 Which type of network masking is used when Cisco IOS access control lists are configured? A. extended subnet masking B. standard subnet masking C. priority masking D. wildcard masking Answer: Read more […]

CCNA Security 640-554 Practice Test (51-55)

EnsurepassQUESTION NO: 51  Which statement about asymmetric encryption algorithms is true?  A. They use the same key for encryption and decryption of data.  B. They use the same key for decryption but different keys for encryption of data.  C. They use different keys for encryption and decryption of data.  D. They use different keys for decryption but the same key for encryption of data.  Answer: C   QUESTION NO: 52  Which option can be used to authenticate the IPsec peers Read more […]

CCNA Security 640-554 Practice Test (46-50)

EnsurepassQUESTION NO: 46 Which two options are characteristics of the Cisco Configuration Professional Security Audit wizard? (Choose two.) A. displays a screen with fix-it check boxes to let you choose which potential security-related configuration changes to implement B. has two modes of operation: interactive and non-interactive C. automatically enables Cisco IOS firewall and Cisco IOS IPS to secure the router D. uses interactive dialogs and prompts to implement role-based CLI E. requires Read more […]

CCNA Security 640-554 Practice Test (41-45)

EnsurepassQUESTION NO: 41  Which IPS technique commonly is used to improve accuracy and context awareness, aiming to detect and respond to relevant incidents only and therefore, reduce noise?  A. attack relevancy  B. target asset value  C. signature accuracy  D. risk rating  Answer: D   QUESTION NO: 42  Which two statements about SSL-based VPNs are true? (Choose two.)  A. Asymmetric algorithms are used for authentication and key exchange.  B. SSL VPNs and IPsec VPNs cannot Read more […]

CCNA Security 640-554 Practice Test (36-40)

EnsurepassQUESTION NO: 36  Which two functions are required for IPsec operation? (Choose two.)  A. using SHA for encryption  B. using PKI for pre-shared key authentication  C. using IKE to negotiate the SA  D. using AH protocols for encryption and authentication  E. using Diffie-Hellman to establish a shared-secret key  Answer: C,E   QUESTION NO: 37  On Cisco ISR routers, for what purpose is the realm-cisco.pub public encryption key used?  A. used for SSH server/client Read more […]

CCNA Security 640-554 Practice Test (31-35)

EnsurepassQUESTION NO: 31  Which two options are advantages of an application layer firewall? (Choose two.)  A. provides high-performance filtering  B. makes DoS attacks difficult  C. supports a large number of applications  D. authenticates devices  E. authenticates individuals  Answer: B,E   QUESTION NO: 32  Refer to the exhibit.  Using a stateful packet firewall and given an inside ACL entry of permit ip 192.16.1.0 0.0.0.255 any, what would be the resulting dynamically Read more […]

CCNA Security 640-554 Practice Test (26-30)

EnsurepassQUESTION NO: 26  Which statement about PVLAN Edge is true?  A. PVLAN Edge can be configured to restrict the number of MAC addresses that appear on a single port.  B. The switch does not forward any traffic from one protected port to any other protected port.  C. By default, when a port policy error occurs, the switchport shuts down.  D. The switch only forwards traffic to ports within the same VLAN Edge.  Answer: B   QUESTION NO: 27  If you are implementing VLAN Read more […]

CCNA Security 640-554 Practice Test (21-25)

EnsurepassQUESTION NO: 21  Which router management feature provides for the ability to configure multiple administrative views?  A. role-based CLI  B. virtual routing and forwarding  C. secure config privilege {level}  D. parser view view name  Answer: A   QUESTION NO: 22  You suspect that an attacker in your network has configured a rogue Layer 2 device to intercept traffic from multiple VLANs, which allows the attacker to capture potentially sensitive data.  Which two Read more […]

CCNA Security 640-554 Practice Test (16-20)

EnsurepassQUESTION NO: 16  Which statement about an access control list that is applied to a router interface is true?  A. It only filters traffic that passes through the router.  B. It filters pass-through and router-generated traffic.  C. An empty ACL blocks all traffic.  D. It filters traffic in the inbound and outbound directions.  Answer: A   QUESTION NO: 17  You have been tasked by your manager to implement syslog in your network. Which option is an important factor Read more […]

CCNA Security 640-554 Practice Test (11-15)

EnsurepassQUESTION NO: 11  Which two characteristics of the TACACS+ protocol are true? (Choose two.)  A. uses UDP ports 1645 or 1812  B. separates AAA functions  C. encrypts the body of every packet  D. offers extensive accounting capabilities  E. is an open RFC standard protocol  Answer: B,C   QUESTION NO: 12  Refer to the exhibit.  Which statement about this output is true?  A. The user logged into the router with the incorrect username and password.  B. The login Read more […]

CCNA Security 640-554 Practice Test (6-10)

EnsurepassQUESTION NO: 6  What does level 5 in this enable secret global configuration mode command indicate?  A. router#enable secret level 5 password  B. The enable secret password is hashed using MD5.  C. The enable secret password is hashed using SHA.  D. The enable secret password is encrypted using Cisco proprietary level 5 encryption.  E. Set the enable secret command to privilege level 5.  F. The enable secret password is for accessing exec privilege level 5.  Answer: E   QUESTION Read more […]

CCNA Security 640-554 Practice Test (1-5)

EnsurepassQUESTION NO: 1 Which two features are supported by Cisco IronPort Security Gateway? (Choose two.) A. spam protection B. outbreak intelligence C. HTTP and HTTPS scanning D. email encryption E. DDoS protection Answer: A,D   QUESTION NO: 2 Which option is a feature of Cisco ScanSafe technology? A. spam protection B. consistent cloud-based policy C. DDoS protection D. RSA Email DLP Answer: B QUESTION NO: 3 Which two characteristics represent a blended threat? (Choose Read more […]

CCNA Security » Cisco IOS Zone based Firewall Tutorial

Ensurepass In this tutorial we will learn about Zone Based Firewall, but before digging into details let’s start with basic concepts. Security zone is a group of interfaces to which a policy can be applied. By default, traffic can flow freely within that zone but all traffic to and from that zone is dropped by default. To allow traffic pass between zones, administrators must explicitly declare by creating a zone-pair and a policy for that zone. Another notice is that traffic originated Read more […]

CCNA Security » Zone-based Firewall SDM Simlet

Ensurepass Instructions To access the Cisco Router and Security Device Manager(SDM) utility click on the console host icon that is connected to a ISR router.You can click on the grey buttons below to view the different windows. Each of the windows can be minimized by clicking on the [-].You can also reposition a window by dragging it by the title bar. The “Tab” key and most commands that use the “Control”or “Escape” keys are not supported and are not necessary Read more […]

CCNA Security » Port Security Lab Sim

Ensurepass Question You are the network security administrator for Big Money Bank Co. You are informed that an attacker has performed a CAM table overflow attack by sending spoofed MAC addresses on one of the switch ports. The attacker has since been identified and escorted out of the campus. You now need to take action to configure the switch port to protect against this kind of attack in the future. For purposes of this test, the attacker was connected via a hub to the Fa0/12 interface of the Read more […]