Cisco 640-553 Certification, High Success Rate Cisco 640-553 PDF Download With The Knowledge And Skills

Flydumps provides the guaranteed preparation material to boost up your confidence in Cisco 640-553 exam.Successful candidates have provided their reviews about our guaranteed Cisco 640-553 preparation material, you can come to realize the real worth of our featured products through overviewing the reviews and testimonials.

QUESTION 36
Which VoIP components can permit or deny a call attempt on the basis of a network’s available bandwidth?
A. MCU
B. Gatekeeper
C. Application server
D. Gateway

Correct Answer: B QUESTION 37
Which statement is true about vishing?
A. Influencing users to forward a call to a toll number (for example, a long distance or international number)
B. Influencing users to provide personal information over the phone
C. Using an inside facilitator to intentionally forward a call to a toll number (for example, a long distance or international number)
D. Influencing users to provide personal information over a web page

Correct Answer: B QUESTION 38
You work as a network engineer, do you know an IPsec tunnel is negotiated within the protection of which type of tunnel?
A. GRE tunnel
B. L2TP tunnel
C. L2F tunnel
D. ISAKMP tunnel Correct Answer: D
QUESTION 39
Which two statements are correct regarding a Cisco IP phone’s web access feature? (Choose two.)
A. It is enabled by default.
B. It uses HTTPS.
C. It can provide IP address information about other servers in the network.
D. It requires login credentials, based on the UCM user database.

Correct Answer: AC QUESTION 40
Which option ensures that data is not modified in transit?
A. Authentication
B. Integrity
C. Authorization
D. Confidentiality

Correct Answer: B QUESTION 41
What is a static packet-filtering firewall used for?
A. It analyzes network traffic at the network and transport protocol layers.
B. It validates the fact that a packet is either a connection request or a data packet belonging to a connection.
C. It keeps track of the actual communication process through the use of a state table.
D. It evaluates network packets for valid data at the application layer before allowing connections.

Correct Answer: A QUESTION 42
When using a stateful firewall, which information is stored in the stateful session flow table?
A. the outbound and inbound access rules (ACL entries)
B. the source and destination IP addresses, port numbers, TCP sequencing information, and additional flags for each TCP or UDP connection associated with a particular session
C. all TCP and UDP header information only
D. all TCP SYN packets and the associated return ACK packets only
E. the inside private IP address and the translated inside global IP address

Correct Answer: B QUESTION 43
With Cisco IOS Zone-Based Policy Firewall, where is the inspection policy applied?
A. to the zone
B. to the zone-pair
C. to the interface
D. to the global service policy

Correct Answer: B QUESTION 44
Which statement best describes the Turbo ACL feature? (Choose all that apply.)
A. The Turbo ACL feature processes ACLs into lookup tables for greater efficiency.
B. The Turbo ACL feature leads to increased latency, because the time it takes to match the packet is variable.
C. The Turbo ACL feature leads to reduced latency, because the time it takes to match the packet is fixed and consistent.
D. Turbo ACLs increase the CPU load by matching the packet to a predetermined list.

Correct Answer: AC
QUESTION 45
Which two actions can be configured to allow traffic to traverse an interface when zone-based security is being employed? (Choose two.)
A. Flow
B. Inspect
C. Pass
D. Allow

Correct Answer: BC
QUESTION 46
When configuring role-based CLI on a Cisco router, which step is performed first?
A. Log in to the router as the root user.
B. Create a parser view called “root view.”
C. Enable role-based CLI globally on the router using the privileged EXEC mode Cisco IOS command.
D. Enable the root view on the router.
E. Enable AAA authentication and authorization using the local database.
F. Create a root local user in the local database.

Correct Answer: D
QUESTION 47
Which key method is used to detect and prevent attacks by use of IDS and/or IPS technologies?
A. Signature-based detection
B. Anomaly-based detection
C. Honey pot detection
D. Policy-based detection

Correct Answer: A
QUESTION 48
Based on the following items, which two types of interfaces are found on all network-based IPS sensors? (Choose two.)
A. Loopback interface
B. Monitoring interface
C. Command and control interface
D. Management interface
Correct Answer: BC
QUESTION 49
Drag and Drop A.

B.
C.
D.

Correct Answer:
QUESTION 50
What is the purpose of Diffie-Hellman?
A. used between the initiator and the responder to establish a basic security policy
B. used to verify the identity of the peer
C. used for asymmetric public key encryption
D. used to establish a symmetric shared key via a public key exchange process

Correct Answer: D
QUESTION 51
Which statement is true about asymmetric encryption algorithms?
A. They use the same key for encryption and decryption of data.
B. They use the same key for decryption but different keys for encryption of data.
C. They use different keys for encryption and decryption of data.
D. They use different keys for decryption but the same key for encryption of data.
Correct Answer: C
QUESTION 52
Which aaa accounting command is used to enable logging of both the start and stop records for user terminal sessions on the router?
A. aaa accounting network start-stop tacacs+
B. aaa accounting system start-stop tacacs+
C. aaa accounting exec start-stop tacacs+
D. aaa accounting connection start-stop tacacs+
E. aaa accounting commands 15 start-stop tacacs+

Correct Answer: C
QUESTION 53
Stream ciphers run on which of the following?
A. Individual blocks, one at a time, with the transformations varying during the encryption
B. Individual digits, one at a time, with the transformations varying during the encryption
C. Fixed-length groups of digits called blocks
D. Fixed-length groups of bits called blocks

Correct Answer: B
QUESTION 54
Which of these can be used to authenticate the IPsec peers during IKE Phase 1?
A. Diffie-Hellman Nonce
B. pre-shared key
C. XAUTH
D. integrity check value
E. ACS
F. AH

Correct Answer: B
QUESTION 55
In a brute-force attack, what percentage of the keyspace must an attacker generally search through until he or she finds the key that decrypts the data?
A. Roughly 66 percent
B. Roughly 10 percent
C. Roughly 75 percent
D. Roughly 50 percent
Correct Answer: D
QUESTION 56
Which example is of a function intended for cryptographic hashing?
A. SHA-135
B. MD65
C. XR12
D. MD5
Correct Answer: D
QUESTION 57
What does the MD5 algorithm do?
A. takes a message less than 2^64 bits as input and produces a 160-bit message digest
B. takes a variable-length message and produces a 168-bit message digest
C. takes a variable-length message and produces a 128-bit message digest
D. takes a fixed-length message and produces a 128-bit message digest

Correct Answer: C
QUESTION 58
Which access list will permit HTTP traffic sourced from host 10.1.129.100 port 3030 destined to host 192.168.1.10?
A. access-list 101 permit tcp any eq 3030
B. access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 3030 192.168.1.0 0.0.0.15 eq www
C. access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.1.10 0.0.0.0 eq www
D. access-list 101 permit tcp host 192.168.1.10 eq 80 10.1.0.0 0.0.255.255 eq 3030
E. access-list 101 permit tcp 192.168.1.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255
F. access-list 101 permit ip host 10.1.129.100 eq 3030 host 192.168.1.100 eq 80

Correct Answer: B
QUESTION 59
Observe the following options carefully, which two attacks focus on RSA? (Choose all that apply.)
A. DDoS attack
B. BPA attack
C. Adaptive chosen ciphertext attack
D. Man-in-the-middle attack

Correct Answer: BC
QUESTION 60
Before a Diffie-Hellman exchange may begin, the two parties involved must agree on what?
A. Two nonsecret keys
B. Two secret numbers
C. Two secret keys
D. Two nonsecret numbers
Correct Answer: D
QUESTION 61
Which three are distinctions between asymmetric and symmetric algorithms? (Choose all that apply.)
A. Asymmetric algorithms are based on more complex mathematical computations.
B. Only symmetric algorithms have a key exchange technology built in.
C. Only asymmetric algorithms have a key exchange technology built in.
D. Asymmetric algorithms are used quite often as key exchange protocols for symmetric algorithms.
Correct Answer: ACD
QUESTION 62
Which statement is true about a certificate authority (CA)?
A. A trusted third party responsible for signing the private keys of entities in a PKIbased system
B. A trusted third party responsible for signing the public keys of entities in a PKIbased system
C. An entity responsible for registering the private key encryption used in a PKI
D. An agency responsible for granting and revoking public-private key pairs

Correct Answer: B
QUESTION 63
Which Public Key Cryptographic Standards (PKCS) defines the syntax for encrypted messages and messages with digital signatures?
A. PKCS #12
B. PKCS #10
C. PKCS #8
D. PKCS #7

Correct Answer: D
QUESTION 64
For the following items, which one acts as a VPN termination device and is located at a primary network location?
A. Headend VPN device
B. Tunnel
C. Broadband service
D. VPN access device

Correct Answer: A
QUESTION 65
You suspect an attacker in your network has configured a rogue layer 2 device to intercept traffic from multiple VLANS, thereby allowing the attacker to capture potentially sensitive data. Which two methods will help to mitigate this type of activity? (Choose two.)
A. Turn off all trunk ports and manually configure each VLAN as required on each port
B. Disable DTP on ports that require trunking
C. Secure the native VLAN, VLAN 1 with encryption
D. Set the native VLAN on the trunk ports to an unused VLAN
E. Place unused active ports in an unused VLAN
Correct Answer: BD
QUESTION 66
Which three statements about applying access control lists to a Cisco router are true? (Choose three.)
A. Place more specific ACL entries at the top of the ACL.
B. Place generic ACL entries at the top of the ACL to filter general traffic and thereby reduce “noise” on the network.
C. Router-generated packets cannot be filtered by ACLs on the router.
D. ACLs always search for the most specific entry before taking any filtering action.
E. If an access list is applied but is not configured, all traffic will pass.
F. You can assign multiple access lists per interface, regardless of direction or protocol.
Correct Answer: ACE
QUESTION 67
Which two functions are required for IPsec operation? (Choose two.)
A. using SHA for encryption
B. using PKI for pre-shared-key authentication
C. using IKE to negotiate the SA
D. using AH protocols for encryption and authentication
E. using Diffie-Hellman to establish a shared-secret key

Correct Answer: CE
QUESTION 68
Which threat are the most serious?
A. inside threats
B. outside threats
C. unknown threats
D. reconnaissance threats

Correct Answer: A
QUESTION 69
Network security aims to provide which three key services? (choose three)
A. data integrity
B. data strategy
C. data & system availability
D. data mining
E. data storage
F. data confidentiality

Correct Answer: ACF
QUESTION 70
Which option is the term for a weakness in a system or its design that can be exploited by a threat
A. a vulnerability
B. a risk
C. an exploit
D. an attack
E. a joke

Correct Answer: A
QUESTION 71
Which option is the term for the likelihood that a particular threat using a specific attack will exploit particular vulnerability of a system that results in an undesirable consequence?
A. a vulnerability
B. a risk
C. an exploit
D. an attack
E. a joke
Correct Answer: B
QUESTION 72
What is the first step you should take when considering securing your network?
A. install a firewall
B. install an intrusion prevention system
C. update servers and user PCs with the latest patches
D. Develop a security policy
E. go drink beer and don?t worry about it

Correct Answer: D
QUESTION 73
Which three option are areas of router security?
A. physical security
B. access control list security
C. zone-base firewall security
D. operating system security
E. router hardening
F. cisco IOS-IPS security

Correct Answer: ADE
QUESTION 74
You have several operating groups in your enterprise that require different access restrictions to the
routers to perform their jobs roles. These groups range from Help Desk personnel to advanced
troubleshooters.
What is one methodology for controlling access rights to the router in these situation?

A. configure ACLs to control access for these different groups
B. configure multiple privilege level access
C. implement syslogging to monitor the activities of these groups
D. configure TACACS+ to perform scalable authentication

Correct Answer: B
QUESTION 75
When implementing network security, what is an important configuration task that you should perform to assist in correlating network and security events?
A. configure network time protocol
B. configure synchronized syslog reporting
C. configure a common repository of all network events for ease of monitoring
D. configure an automated network monitoring system for event correlation

Correct Answer: A

All our Cisco products are up to date! When you buy any Cisco 640-553 ¬†product from Certpaper, as “Cisco 640-553 Questions & Answers with explanations”,you are automatically offered the Cisco 640-553 updates for a total of 90 days from the day you bought it.If you want to renew your Cisco 640-553 purchase during the period of these 90 days,your Cisco 640-553 product is renewed and you are further enabled to enjoy the free Cisco updates.