New Pass4itsure 640-554 PDF Dumps From Google Drive:
https://drive.google.com/open?id=1lrtuWMdG3Xq59abd_eoDZCA3oHnUYtNo
Cisco 640-554 Dumps (All 308 Q&As) From Pass4itsure
QUESTION 1
How are Cisco IOS access control lists processed?
A. Standard ACLs are processed first.
B. The best match ACL is matched first.
C. Permit ACL entries are matched first before the deny ACL entries.
D. ACLs are matched from top down.
E. The global ACL is matched first before the interface ACL.
Correct Answer: D
Process ACLs Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in
the router. New statements are added to the end of the list. The router continues to look until it has a match. If no
matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the
frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted. A single-entry ACL
with only one deny entry has the effect of denying all traffic. You must have at least one permit statement in an ACL or
all traffic is blocked. These two ACLs (101 and 102) have the same effect.
QUESTION 2
If you are implementing VLAN trunking, which additional configuration parameter should be added to the trunking
configuration?
A. no switchport mode access
B. no switchport trunk native VLAN 1
C. switchport mode DTP
D. switchport nonnegotiate
Correct Answer: D
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/layer2.html
Layer 2 LAN Port Modes
Table 17-2 lists the Layer 2 LAN port modes and describes how they function on LAN ports. switchport mode access
Puts the LAN port into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. The LAN
port
becomes a nontrunk port even if the neighboring LAN port does not agree to the change.
switchport mode dynamic desirable
Makes the LAN port actively attempt to convert the link to a trunk link. The LAN port becomes a trunk port if the neighboring LAN port is set to trunk, desirable, or auto mode. This is the default mode for all LAN ports.
switchport mode dynamic auto
Makes the LAN port willing to convert the link to a trunk link. The LAN port becomes a trunk port if the neighboring LAN
port is set to trunk or desirable mode. switchport mode trunk Puts the LAN port into permanent trunking mode and
negotiates to convert the link into a trunk link. The LAN port becomes a trunk port even if the neighboring port does not
agree to the change.
switchport nonegotiate
Puts the LAN port into permanent trunking mode but prevents the port from generating DTP frames. You must configure
the neighboring port manually as a trunk port to establish a trunk link.
QUESTION 3
In which stage of an attack does the attacker discover devices on a target network?
A. reconnaissance
B. gaining access
C. maintaining access
D. covering tracks
Correct Answer: A
QUESTION 4
Which options are filtering options used to display SDEE message types? (Choose two.)
A. stop
B. none
C. error
D. all
Correct Answer: CD
SDEE Messages
Choose the SDEE message type to display:
All — SDEE error, status, and alert messages are shown.
Error — Only SDEE error messages are shown.
Status — Only SDEE status messages are shown.
Alerts — Only SDEE alert messages are shown.
QUESTION 5
Which IPsec transform set provides the strongest protection?
A. crypto ipsec transform-set 1 esp-3des esp-sha-hmac
B. crypto ipsec transform-set 2 esp-3des esp-md5-hmac
C. crypto ipsec transform-set 3 esp-aes 256 esp-sha-hmac
D. crypto ipsec transform-set 4 esp-aes esp-md5-hmac
E. crypto ipsec transform-set 5 esp-des esp-sha-hmac
F. crypto ipsec transform-set 6 esp-des esp-md5-hmac
Correct Answer: C
Table 22-2 IKEv2 Proposal Dialog Box
Name The name of the policy object. A maximum of 128 characters is allowed.
Description A description of the policy object. A maximum of 1024 characters is allowed. Priority The priority value of the
IKE proposal. The priority value determines the order of the IKE proposals compared by the two negotiating peers
when
attempting to find a common security association (SA). If the remote IPsec peer does not support the parameters
selected in your first priority policy, the device tries to use the parameters defined in the policy with the next lowest
priority
number. Valid values range from 1 to 65535. The lower the number, the higher the priority. If you leave this field blank,
Security Manager assigns the lowest unassigned value starting with 1, then 5, then continuing in increments of 5.
Encryption Algorithm
The encryption algorithm used to establish the Phase 1 SA for protecting Phase 2 negotiations. Click Select and select
all of the algorithms that you want to allow in the VPN:
?AE
Our Customers Are Saying:
Latest Release Pass4itsure Cisco 640-554 Dumps Youtube Free Online Test Here:
Summarize
https://www.pass4itsure.com/640-554.html provides latest & high quality actual Cisco 640-554 exam questions, practice tests.
No comments:
Post a Comment