Cisco 640-553 Demos, Download Cisco 640-553 Certification Exam On Sale

No doubt, Cisco 640-553 exam is worth challenging task but you should not feel hesitant against the confronting difficulties. Get a complete hold on Cisco 640-553 exam syllabus through Flydumps training and boost up your skills.What’s more,all the brain dumps are the latest.

QUESTION 1
Network containment is provided by which of the following Cisco Self-Defending Network elements? (Choose all that apply.)
A. IPS
B. NAC
C. SDN
D. CSA
E. HNS
Correct Answer: ABD
QUESTION 2
Which of the following is not a phase in a worm attack?
A. Paralyze
B. Propagate
C. Eradicate
D. Persist
Correct Answer: C
QUESTION 3
During the probe phase of a worm attack, which of the following might be used?
A. Ping scans
B. File copy
C. Exploit code
D. E-mail
Correct Answer: A
QUESTION 4
The great majority of software vulnerabilities that have been discovered are which of the following?
A. Software overflows
B. Heap overflows
C. Stack vulnerabilities
D. Buffer overflows
Correct Answer: D

QUESTION 5
Hardening your application software involves what? (Choose all that apply.)
A. Applying patches
B. Applying virus software
C. Applying security fixes
D. Upgrading firmware
Correct Answer: AC
QUESTION 6
The Dynamic Vector Streaming (DVS) engine is a scanning technology that enables what?
A. Layer 4 virus detection
B. Signature-based virus filtering
C. Signature-based spyware filtering
D. Firmware-level virus detection
Correct Answer: C
QUESTION 7
Which of the following are features provided by the Cisco NAC device to help secure enterprise and endpoint systems? (Choose all that apply.)
A. Authentication and authorization
B. Posture assignment
C. Remediation of noncompliant systems
D. Quarantining of noncompliant applications
Correct Answer: AC
QUESTION 8
Which Cisco Security Agent Interceptor is responsible for intercepting all read/write requests to the rc files in UNIX?
A. File system interceptor
B. Configuration interceptor
C. Network interceptor
D. Execution space interceptor
Correct Answer: B
QUESTION 9
What does the Cisco Security Agent do when an operating system call to the kernel by an application violates the security policy? (Choose all that apply.)
A. An appropriate error message is passed back to the operating system.
B. An alert is generated and sent to the Management Center for Cisco Security Agent.
C. An appropriate error message is passed back to the application.
D. An alert is generated and sent to the Cisco Security Agent.
Correct Answer: BC
QUESTION 10
What is the name of the e-mail traffic monitoring service that underlies that architecture of IronPort?
A. E-Base
B. TrafMon
C. IronPort M-Series
D. SenderBase
Correct Answer: D Exam H

QUESTION 1
Which of the following is not a reason for an organization to incorporate a SAN in its enterprise infrastructure?
A. To meet changing business priorities, applications, and revenue growth
B. To decrease the threat of viruses and worm attacks against data storage devices
C. To increase the performance of long-distance replication, backup, and recovery
D. To decrease both capital and operating expenses associated with data storage
Correct Answer: B
QUESTION 2
Which of the following is the basis of all the major SAN transport technologies?
A. ATA
B. IDE
C. EIDE
D. SCSI
Correct Answer: D
QUESTION 3
Which of the following represent SAN transport technologies? (Choose all that apply.)
A. Fibre Channel
B. SCSI
C. FCIP
D. iSCSI
E. RAID
Correct Answer: ACD
QUESTION 4
Which of the following are classes of SAN attacks? (Choose all that apply.)
A. Viruses
B. Snooping
C. Worms
D. Spoofing
E. Denial of service (DoS)
Correct Answer: BDE

QUESTION 5
Spoofing represents an attack against data ____________.
A. Confidentiality
B. Availability
C. Accuracy
D. Integration
Correct Answer: A
QUESTION 6
A LUN is used by which of the following protocols as a way to differentiate the individual disk drives that comprise a target device?
A. HBA
B. iSCSI
C. SCSI
D. ATA
Correct Answer: C
QUESTION 7
At what level is LUN masking implemented?
A. Drive
B. Disk
C. Controller
D. Host Bus Adapter
Correct Answer: D
QUESTION 8
Which of the following statements correctly describes Fibre Channel zoning?
A. Combining a Fibre Channel fabric into larger subsets
B. Partitioning a Fibre Channel fabric into smaller subsets
C. Segmenting a Fibre Channel fabric through the use of a LUN mask into smaller subsets
D. Combining the Fibre Channel fabric, through the use of LUN masks, into larger sections
Correct Answer: B
QUESTION 9
Which of the following is perceived as a drawback of implementing Fibre Channel Authentication Protocol (FCAP)?
A. It requires the use of netBT as the network protocol.
B. It is restricted in size to only three segments.
C. It relies on an underlying Public Key Infrastructure (PKI).
D. It requires the implementation of IKE.
Correct Answer: C
QUESTION 10
Which of the following are the two primary port authentication protocols used with VSANs? (Choose two.)
A. SPAP
B. CHAP
C. DHCHAP
D. ESP
E. MSCHAP v2
Correct Answer: BC Exam I

QUESTION 1
You administer a network that contains analog telephony devices connected to voice gateways. These voice gateways connect to the Public Switched Telephone Network (PSTN). Which of the following best describes this type of network?
A. VoIP
B. IP telephony
C. Converged communications
D. Unified communications
Correct Answer: B
QUESTION 2
Which of the following are justifications for migrating from a traditional telephony network to a VoIP network? (Choose all that apply.)
A. Reduced recurring expenses
B. Reduced end-to-end delay
C. Advanced functionality
D. Adaptability
Correct Answer: ACD
QUESTION 3
Which of the following VoIP components can permit or deny a call attempt based on a network’s available bandwidth?
A. Gateway
B. Gatekeeper
C. MCU
D. Application server
Correct Answer: B
QUESTION 4
Which two protocols can be used to carry voice media packets? (Choose two.)
A. RTCP
B. RTP
C. SRTP
D. SIP
E. SRTCP
Correct Answer: BC
QUESTION 5
Which of the following attacks against a VoIP network attempts to deplete the resources available on a server (for example, processing resources)?
A. Accessing VoIP resources without appropriate credentials
B. Gleaning information from unsecured VoIP network resources
C. Launching a denial-of-service (DoS) attack
D. Capturing telephone conversations
Correct Answer: C QUESTION 6

VoIP spam is also known by which of the following acronyms?
A. CAPF
B. cRTP
C. GARP
D. SPIT
Correct Answer: D QUESTION 7
Which of the following best describes vishing?
A. Influencing users to provide personal information over a web page
B. Influencing users to provide personal information over the phone
C. Influencing users to forward a call to a toll number (for example, a long distance or international number)
D. Using an inside facilitator to intentionally forward a call to a toll number (for example, a long distance or international number)

Correct Answer: B QUESTION 8
Which of the following Cisco Catalyst switch mechanisms can be used to prevent a man-in-the-middle attack launched against a SIP network?
A. RSTP
B. DAI
C. PAgP
D. DTP
Correct Answer: B QUESTION 9
A Cisco IP phone can send traffic from an attached PC in a data VLAN while sending voice packets in a separate VLAN. What is the name given to this separate voice VLAN?
A. PVID
B. Auxiliary VLAN
C. Native VLAN
D. Access VLAN

Correct Answer: B QUESTION 10
What type of firewall is required to open appropriate UDP ports required for RTP streams?
A. Stateless firewall
B. Proxy firewall
C. Stateful firewall
D. Packet filtering firewall

Correct Answer: C QUESTION 11
Which two of the following statements are true about a Cisco IP phone’s web access feature? (Choose two.)
A. It is enabled by default.
B. It requires login credentials, based on the UCM user database.
C. It can provide IP address information about other servers in the network.
D. It uses HTTPS.
Correct Answer: AC Exam J
QUESTION 1
A static packet-filtering firewall does which of the following?
A. It analyzes network traffic at the network and transport protocol layers.
B. It evaluates network packets for valid data at the application layer before allowing connections.
C. It validates the fact that a packet is either a connection request or a data packet belonging to a connection.
D. It keeps track of the actual communication process through the use of a state table.
Correct Answer: A
QUESTION 2
Which of the following are advantages of an application layer firewall? (Choose all that apply.)
A. It authenticates individuals, not devices.
B. It makes it more difficult to spoof and implement DoS attacks.
C. It allows monitoring and filtering transport data.
D. It provides verbose auditing.
Correct Answer: AB
QUESTION 3
Application inspection firewalls are aware of the state of which layers? (Choose all that apply.)
A. Layer 2 connections
B. Layer 3 connections
C. Layer 4 connections
D. Layer 5 connections
Correct Answer: AB
QUESTION 4
Which of the following is not a limitation of a stateful firewall?
A. It does not work well with applications that open multiple connections.
B. It cannot defend against spoofing and DoS attacks.
C. User authentication is not supported.
D. It does not prevent application layer attacks.
Correct Answer: B
QUESTION 5
Which of the following firewall best practices can help mitigate worm and other automated attacks?
A. Segment security zones
B. Use logs and alerts
C. Restrict access to firewalls
D. Set connection limits
Correct Answer: D QUESTION 6

When creating an extended ACL, which of the following number ranges may be used? (Choose all that apply.)
A. 1 to 99
B. 100 to 199
C. 1300 to 1999
D. 2000 to 2699
Correct Answer: BC
QUESTION 7
Each Cisco ACL ends with which of the following?
A. An explicit allow all
B. An implicit deny all
C. An implicit allow all
D. An explicit deny all
Correct Answer: B
QUESTION 8
To view the status of your Turbo ACLs, which command would you use?
A. show access-list status
B. show access-list turbo compiled
C. show access-list compiled
D. show access-list complete
Correct Answer: C
QUESTION 9
Which of the following are true of the Turbo ACL feature? (Choose all that apply.)
A. The Turbo ACL feature processes ACLs into lookup tables for greater efficiency.
B. Turbo ACLs increase the CPU load by matching the packet to a predetermined list.
C. The Turbo ACL feature leads to reduced latency, because the time it takes to match the packet is fixed and consistent.
D. The Turbo ACL feature leads to increased latency, because the time it takes to match the packet is variable.
Correct Answer: AC
QUESTION 10
You examine your IDS Event Viewer and find that the IP address 192.168.15.10 keeps appearing. You determine that your web server is under attack from this IP and would like to resolve this permanently. What happens if you place this address at the bottom of the ACL?
A. Attacks from this IP address will be blocked because of the line you have added.
B. Attacks will continue. This line will never be reached, because above this line is a permit any statement.
C. ACLs may not be used to block traffic originating outside your network address range.
D. ACLs may not be modified after they are created.
Correct Answer: B QUESTION 11

Cisco IOS classic firewall can provide network protection on multiple levels using all of the following except which item?
A. Traffic zoning
B. Traffic filtering
C. Traffic inspection
D. Intrusion prevention
Correct Answer: A
QUESTION 12
Cisco IOS Release 12.4(6)T added which of the following capabilities to the Cisco IOS Firewall? (Choose all that apply.)
A. Application inspection
B. A default deny-all policy
C. URL filtering
D. Subnet and host inspection policies
Correct Answer: BD
QUESTION 13
Interfaces may be assigned to how many security zones?
A. Four
B. One
C. Two
D. Subnets are assigned to zones, not interfaces.
Correct Answer: B
QUESTION 14
Which two actions can be configured to permit traffic to traverse an interface when zone-based security is being employed? (Choose two.)
A. Allow
B. Inspect
C. Pass
D. Flow
Correct Answer: BC
QUESTION 15
Creating Cisco IOS zone-based firewall policies involve which of the following constructs? (Choose all that apply.)
A. Class map
B. Class policy
C. Policy map
D. Parameter map
E. Policy action
Correct Answer: ACD Exam K

QUESTION 1
Which two statements are true about the differences between IDS and IPS? (Choose two.)
A. IPS operates in promiscuous mode.
B. IPS receives a copy of the traffic to be analyzed.
C. IPS operates in inline mode.
D. IDS receives a copy of the traffic to be analyzed.
Correct Answer: CD QUESTION 2
What is the primary method used to detect and prevent attacks using IDS and/or IPS technologies?
A. Signature-based detection
B. Policy-based detection
C. Anomaly-based detection
D. Honey pot detection

Correct Answer: A QUESTION 3
What two types of interfaces are found on all network-based IPS sensors? (Choose two.)
A. Management interface
B. Monitoring interface
C. Command and control interface
D. Loopback interface

Correct Answer: BC QUESTION 4
Which type of signatures use a set of rules that state how certain protocols should behave on the network?
A. String signatures
B. DoS signatures
C. Exploit signatures
D. Connection signatures

Correct Answer: D QUESTION 5
Which protocol used by IPS is preferred over syslog, because it provides a secure communications channel, and it can be used to communicate between IPS clients and servers (for example, a management workstation that collects and correlates events from multiple IPS sensors in the network)?
A. CTIQBE
B. SDEE
C. TLS
D. SRTP

Correct Answer: B QUESTION 6
Which four of the following are configurable responses to an IPS alarm being triggered? (Choose four.)
A. Create a log entry
B. Drop the offending packet
C. Reset the TCP connection
D. Send an ICMP Source Quench to the attacker’s IP address
E. Block the attacker’s IP address

Correct Answer: ABCE
QUESTION 7
The Intrusion Prevention Wizard is launched from within which administrative utility?
A. SMS
B. QPM
C. SDM
D. IPM
Correct Answer: C
QUESTION 8
The IPS Policies Wizard helps you with which three of the following tasks? (Choose three.)
A. Selecting the interface to which the IPS rule will be applied
B. Selecting the direction of traffic that will be inspected
C. Selecting the inspection policy that will be applied to the interface
D. Selecting the Signature Definition File (SDF) that the router will use
Correct Answer: ABD
QUESTION 9
Which of the following is an implicit command that is the last rule in a list of IPS rules?
A. permit ip any any
B. deny ip any any
C. permit tcp 127.0.0.1 any
D. deny tcp any 255.255.255.255
Correct Answer: B
QUESTION 10
When editing global IPS settings, which option determines if the IOS-based IPS feature will drop or permit traffic for a particular IPS signature engine while a new signature for that engine is being compiled?
A. Enable Engine Fail Closed
B. Enable Default IOS Signature
C. Enable Fail Opened
D. Enable Signature Default
Correct Answer: A
QUESTION 11
In SDM’s Edit Signature window, you click a green square next to the parameter you want to configure to make it editable. What color and symbol does the green square change into after you click it?
A. Blue circle
B. Yellow triangle
C. Red diamond
D. Orange oval
Correct Answer: C
Exam L

QUESTION 1
What form of attack are all algorithms susceptible to?
A. Meet-in-the-middle
B. Spoofing
C. Stream cipher
D. Brute-force
Correct Answer: D
QUESTION 2
Which type of cipher achieves security by rearranging the letters in a string of text?
A. Vigenère cipher
B. Stream cipher
C. Transposition cipher
D. Block cipher
Correct Answer: C
QUESTION 3
In terms of constructing a good encryption algorithm, what does it mean to create an avalanche effect?
A. Changing only a few bits of a plain-text message causes the ciphertext to be completely different.
B. Altering the key length causes the ciphertext to be completely different.
C. Changing only a few bits of a ciphertext message causes the plain text to be completely different.
D. Altering the key length causes the plain text to be completely different.
Correct Answer: A
QUESTION 4
Which of the following are techniques used by symmetric encryption cryptography? (Choose all that apply.)
A. Block ciphers
B. Message Authentication Codes (MAC)
C. One-time pad
D. Stream ciphers
E. Vigenère ciphers
Correct Answer: ABD

QUESTION 5
Which of the following is not a common stream cipher?
A. RC4
B. RSA
C. SEAL
D. DES
Correct Answer: B
QUESTION 6
Which of the following characteristics accurately describe symmetric encryption algorithms? (Choose all that apply.)
A. They are faster than asymmetric algorithms.
B. They have longer key lengths than asymmetric encryption algorithms.
C. They are stronger than asymmetric algorithms.
D. They are less complex mathematically than asymmetric algorithms.
E. They are slower than asymmetric algorithms.
F. They are weaker than asymmetric algorithms.
Correct Answer: ACD
QUESTION 7
DES typically operates in block mode, where it encrypts data in what size blocks?
A. 56-bit blocks
B. 40-bit blocks
C. 128-bit blocks
D. 64-bit blocks
Correct Answer: D
QUESTION 8
Stream ciphers operate on which of the following?
A. Fixed-length groups of bits called blocks
B. Individual digits, one at a time, with the transformations varying during the encryption
C. Individual blocks, one at a time, with the transformations varying during the encryption
D. Fixed-length groups of digits called blocks
Correct Answer: B
QUESTION 9
Which statement accurately describes ECB mode?
A. In ECB mode, each 64-bit plain-text block is exclusive ORed (XORed) bitwise with the previous ciphertext block.
B. ECB mode uses the same 64-bit key to serially encrypt each 56-bit plain-text block.
C. ECB mode uses the same 56-bit key to serially encrypt each 64-bit plain-text block.
D. In ECB mode, each 56-bit plain-text block is exclusive ORed (XORed) bitwise with the previous ciphertext block.
Correct Answer: C

QUESTION 10
What method does 3DES use to encrypt plain text?
A. 3DES-EDE
B. EDE-3DES
C. 3DES-AES
D. AES-3DES
Correct Answer: A QUESTION 11
Which of the following is not considered a trustworthy symmetric encryption algorithm?
A. 3DES
B. IDEA
C. EDE
D. AES
Correct Answer: C
QUESTION 12
In a brute-force attack, generally an attacker has to search through what percentage of the keyspace until he or she finds the key that decrypts the data?
A. Roughly 10 percent
B. Roughly 75 percent
C. Roughly 66 percent
D. Roughly 50 percent
Correct Answer: D
QUESTION 13
How many weak keys are a part of the overall DES keyspace?
A. Five
B. One
C. Four
D. None
Correct Answer: C
QUESTION 14
Which of the following is not a component of the key management life cycle?
A. Key verification
B. Key transposition
C. Key generation
D. Key exchange
E. Key storage
Correct Answer: B

QUESTION 15
Hashing is used to provide which of the following?
A. Data consistency
B. Data binding
C. Data checksums
D. Data integrity
Correct Answer: D Exam M

QUESTION 1
Cryptographic hashes can be used to provide which of the following? (Choose all that apply.)
A. Message integrity
B. Functional analysis
C. Security checks
D. Message lists
E. Digital signatures
Correct Answer: AE
QUESTION 2
Which of the following is an example of a function intended for cryptographic hashing?
A. MD65
B. XR12
C. SHA-135
D. MD5
Correct Answer: D
QUESTION 3
An HMAC provides which of the following benefits? (Choose all that apply.)
A. It may be used to verify data integrity.
B. It may be used to calculate a checksum.
C. It may be used to verify a message’s authenticity.
D. It may be used to examine a message header.
Correct Answer: AC
QUESTION 4
What may be added to a password stored in MD5 to make it more secure?
A. Cryptotext
B. Ciphertext
C. Rainbow table
D. Salt
Correct Answer: D

QUESTION 5
Which of the following employ SHA-1? (Choose all that apply.)
A. SMTP
B. SSL
C. TLS
D. IGMP
E. IPsec
Correct Answer: BCE
QUESTION 6
A digital signature provides which of the following?
A. Auditing
B. Authentication
C. Authorization
D. Analysis
Correct Answer: B
QUESTION 7
Digital signatures employ a pair of keys made up of which of the following? (Choose two.)
A. A personal key
B. A public key
C. A private key
D. A universal key
Correct Answer: BC
QUESTION 8
A digital signature scheme is made up of which of the following? (Choose all that apply.)
A. Authentication algorithm
B. Key generation algorithm
C. Encryption algorithm
D. Signing algorithm
E. Signature verification algorithm
Correct Answer: BDE
QUESTION 9
Which of the following algorithms was the first to be found suitable for both digital signing and encryption?
A. MD5
B. HMAC
C. SHA-1
D. RSA
Correct Answer: D

QUESTION 10
Which of the following attacks focus on RSA? (Choose all that apply.)
A. Man-in-the-middle attack
B. BPA attack
C. Adaptive chosen ciphertext attack
D. DDoS attack
Correct Answer: BC
QUESTION 11
The Digital Signature Standard outlines the use of which of the following algorithms in the creation of digital signatures?
A.LSA
B. DSA
C. PGP
D. MD5
Correct Answer: B
Exam N
QUESTION 1
Which of the following is not a popular public-key encryption algorithm?
A. Digital Signature Algorithm (DSA)
B. DAH
C. RSA
D. Diffie-Hellman
Correct Answer: B
QUESTION 2
RSA employs keys that generally have what bit length?
A. 129 to 256 bits
B. 256 to 512 bits
C. 512 to 2048 bits
D. 1024 to 2048 bits
Correct Answer: C
QUESTION 3
Before a Diffie-Hellman exchange may begin, the two parties involved must agree on what?
A. Two secret numbers
B. Two secret keys
C. Two nonsecret keys
D. Two nonsecret numbers
Correct Answer: D
QUESTION 4
Modern digital signatures generally rely on which of the following? (Choose all that apply.)
A. A public-key algorithm
B. A private-key algorithm
C. An encryption function
D. A hash function
Correct Answer: AD
QUESTION 5
Which of the following are distinctions between asymmetric and symmetric algorithms? (Choose all that apply.)
A. Asymmetric algorithms are based on more complex mathematical computations.
B. Only symmetric algorithms have a key exchange technology built in.
C. Symmetric algorithms are based on more complex computations.
D. Only asymmetric algorithms have a key exchange technology built in.
E. Asymmetric algorithms are used quite often as key exchange protocols for symmetric algorithms.
F. Symmetric algorithms are used quite often as key exchange protocols for asymmetric algorithms.
Correct Answer: ADE QUESTION 6

A Public Key Infrastructure serves as a basis for providing which of the following security services? (Choose all that apply.)
A. Encryption
B. Virus protection
C. Intrusion prevention
D. Authentication
E. Nonrepudiation
Correct Answer: ADE
QUESTION 7
Which of the following best describes a certificate authority (CA)?
A. An agency responsible for granting and revoking public-private key pairs
B. A trusted third party responsible for signing the public keys of entities in a PKIbased system
C. A trusted third party responsible for signing the private keys of entities in a PKIbased system
D. An entity responsible for registering the private key encryption used in a PKI
Correct Answer: B
QUESTION 8
Which of the following are valid certificate authority (CA) architectures? (Choose all that apply.)
A. Certified CA
B. Single-root CA
C. Bidirectional CA
D. Cross-certified CA
E. Hierarchical CA
Correct Answer: BDE
QUESTION 9
Which of the following Public Key Cryptographic Standards (PKCS) defines the syntax for encrypted messages and messages with digital signatures?
A. PKCS #10
B. PKCS #8
C. PKCS #12
D. PKCS #7
Correct Answer: D

QUESTION 10
Which of the following is not one of the five main areas that constitute a PKI?
A. Storage and Protocols
B. User Authentication through Local Registration Authorities (LRA)
C. CAs to Provide Management of Passwords
D. Supporting Legal Framework
Correct Answer: C Exam O

QUESTION 1
Which of the following acts as a VPN termination device and is located at a primary network location?
A. Headend VPN device
B. VPN access device
C. Tunnel
D. Broadband service
Correct Answer: A QUESTION 2
Which of the following ensures that data is not modified in transit?
A. Confidentiality
B. Integrity
C. Authentication
D. Authorization

Correct Answer: B QUESTION 3
What two IKE modes can negotiate an IKE Phase 1 (that is, an ISAKMP) tunnel? (Choose two.)
A. Main mode
B. Quick mode
C. Aggressive mode
D. Promiscuous mode

Correct Answer: AC QUESTION 4
What are two modes of operation for both Authentication Header (AH) and Encapsulating Security Payload (ESP)? (Choose two.)
A. Transmission mode
B. Transport mode
C. Transparent mode
D. Tunnel mode

Correct Answer: BD QUESTION 5
Which of the following licenses dictates the number of allowed concurrent connections on an ASA 5500 series appliance?
A. Feature license
B. Encryption license
C. Platform license
D. Expansion license

Correct Answer: C QUESTION 6
Which hashing algorithm does Cisco recommend as a best practice because of its increased security and speed?
A. 3DES
B. SHA
C. AES
D. MD5

Correct Answer: B QUESTION 7
An IPsec tunnel is negotiated within the protection of which type of tunnel?
A. L2TP tunnel
B. L2F tunnel
C. GRE tunnel
D. ISAKMP tunnel

Correct Answer: D QUESTION 8
What component of an IPsec configuration identifies “interesting” traffic—traffic that should be protected within the IPsec tunnel?
A. Transform set
B. ISAKMP policy
C. ACL
D. Diffie-Hellman group

Correct Answer: C QUESTION 9
Which command is used to specify Diffie-Hellman group 2 as part of an IKE Phase 1 configuration?
A. group 2
B. diffie-hellman 2
C. df group 2
D. pre-share group 2

Correct Answer: A QUESTION 10
From what configuration mode would you enter the set peer ip-address command to specify the IP address of an IPsec peer?
A. Transform set configuration mode
B. Crypto map configuration mode
C. ISAKMP configuration mode
D. Interface configuration mode

Correct Answer: B QUESTION 11
To what entity is a crypto map applied to make the crypto map active?
A. Transform set
B. Interface
C. Virtual template
D. ISAKMP proposal

Correct Answer: B QUESTION 12
What two site-to-site VPN wizards are available in the Cisco SDM interface? (Choose two.)
A. Easy VPN Setup
B. Quick Setup
C. Step-by-Step
D. DMVPN Setup

Correct Answer: BC QUESTION 13
What three parameters do you configure when using the Cisco SDM Quick Setup Siteto-Site VPN wizard? (Choose three.)
A. Interface for the VPN connection
B. IP address for the remote peer
C. Transform set for the IPsec tunnel
D. Source interface where encrypted traffic originates

Correct Answer: ABD QUESTION 14
What command displays all existing IPsec security associations (SA)?
A. show crypto isakmp sa
B. show crypto ipsec sa
C. show crypto ike active
D. show crypto sa active Correct Answer: B

Flydumps Cisco 640-553 exam dumps are audited by our certified subject matter experts and published authors for development.Flydumps Cisco 640-553 exam dumps are one of the highest quality Cisco 640-553 Q&As in the world.It covers nearly 96% real questions and answers, including the entire testing scope.Flydumps guarantees you pass Microsoft 70-981 exam at first attempt.