Cisco 640-553 Exam - CertifySky.com
Free 640-553 Sample Questions:
1. As a network engineer at XXYYinc.com, you are responsible for XXYYinc network. Which will be necessarily taken into consideration when implementing Syslogging in your network?
A. Log all messages to the system buffer so that they can be displayed when accessing the router.
B. Use SSH to access your Syslog information.
C. Enable the highest level of Syslogging available to ensure you log all possible event messages.
D. Syncronize clocks on the network with a protocol such as Network Time Protocol.
2. Which classes does the U.S. government place classified data into? (Choose three.)
Answer: B, C, D
3. You are a network technician at XXYYinc.com. Which description is correct when you have generated RSA keys on your Cisco router to prepare for secure device management?
A. All vty ports are automatically enabled for SSH to provide secure management.
B. The SSH protocol is automatically enabled.
C. You must then zeroize the keys to reset secure shell before configuring other parameters.
D. You must then specify the generalpurpose key size used for authentication with the crypto key generate rsa generalkeys modulus command.
4. Which method is of gaining access to a system that bypasses normal security measures?
A. Creating a back door
B. Starting a Smurf attack
C. Conducting social engineering
D. Launching a DoS attack
5. As a candidate for CCNA examination, when you are familiar with the basic commands, if you input the command "enable secret level 5 password" in the global mode , what does it indicate?
A. Set the enable secret command to privilege level 5.
B. The enable secret password is hashed using SHA.
C. The enable secret password is hashed using MD5.
D. The enable secret password is encrypted using Cisco proprietary level 5 encryption. E.The enable secret password is for accessing exec privilege level 5.
6. Which statement is true about a Smurf attack?
A. It sends ping requests to a subnet, requesting that devices on that subnet send ping replies to a target system.
B. It intercepts the third step in a TCP threeway handshake to hijack a session.
C. It uses Trojan horse applications to create a distributed collection of "zombie" computers, which can be used to launch a coordinated DDoS attack.
D. It sends ping requests in segments of an invalid size.
7. Which three items are Cisco bestpractice recommendations for securing a network? (Choose three.)
A. Deploy HIPS software on all enduser workstations.
B. Routinely apply patches to operating systems and applications.
C. Disable unneeded services and ports on hosts.
D. Require strong passwords, and enable password expiration.
Answer: B, C, D
8. Which one of the following commands can be used to enable AAA authentication to determine if a user can access the privilege command level?
A. aaa authentication enable default local
B. aaa authentication enable level
C. aaa authentication enable method default
D. aaa authentication enable default
9. What is the objective of the aaa authentication login consolein local command?
A. It specifies the login authorization method list named consolein using the local RADIUS usernamepassword database.
B. It specifies the login authorization method list named consolein using the local usernamepassword database on the router.
C. It specifies the login authentication method list named consolein using the local user database on the router.
D. It specifies the login authentication list named consolein using the local username password database on the router.
10. For the following attempts, which one is to ensure that no one employee becomes a pervasive security threat, that data can be recovered from backups, and that information system changes do not compromise a system's security?
A. Disaster recovery
B. Strategic security planning
C. Implementation security
D. Operations security
11. For the following options ,which one accurately matches the CLI command(s) to the equivalent SDM wizard that performs similar configuration functions?
A. setup exec command and the SDM Security Audit wizard
B. auto secure exec command and the SDM OneStep Lockdown wizard
C. aaa configuration commands and the SDM Basic Firewall wizard
D. Cisco Common Classification Policy Language configuration commands and the SDM SitetoSite VPN wizard
12. Which three options are network evaluation techniques? (Choose three.)
A. Scanning a network for active IP addresses and open ports on those IP addresses
B. Using passwordcracking utilities
C. Performing enduser training on the use of antispyware software
D. Performing virus scans
Answer: A, B, D
13. Which is the main difference between hostbased and networkbased intrusion prevention?
A. Networkbased IPS is better suited for inspection of SSL and TLS encrypted data flows.
B. Hostbased IPS can work in promiscuous mode or inline mode.
C. Networkbased IPS can provide protection to desktops and servers without the need of installing specialized software on the end hosts and servers.
D. Hostbased IPS deployment requires less planning than networkbased IPS.
14. Which one is the most important based on the following common elements of a network design?
A. Business needs
B. Best practices
C. Risk analysis
D. Security policy
15. How do you define the authentication method that will be used with AAA?
A. With a method list
B. With the method command
C. With the method aaa command
D. With a method statement
16. Examine the following items, which one offers a variety of security solutions, including firewall, IPS, VPN, antispyware, antivirus, and antiphishing features?
A. Cisco 4200 series IPS appliance
B. Cisco ASA 5500 series security appliance
C. Cisco IOS router
D. Cisco PIX 500 series security appliance
17. The enable secret password appears as an MD5 hash in a router's configuration file, whereas the enable password is not hashed (or encrypted, if the passwordencryption service is not enabled). What is the reason that Cisco still support the use of both enable secret and enable passwords in a router's configuration?
A. The enable password is used for IKE Phase I, whereas the enable secret password is used for IKE Phase II.
B. The enable password is considered to be a router's public key, whereas the enable secret password is considered to be a router's private key.
C. Because the enable secret password is a hash, it cannot be decrypted. Therefore, the enable password is used to match the password that was entered, and the enable secret is used to verify that the enable password has not been modified since the hash was generated.
D. The enable password is present for backward compatibility.
18 .How does CLI view differ from a privilege level?
A. A CLI view supports only commands configured for that specific view, whereas a privilege level supports commands available to that level and all the lower levels.
B. A CLI view supports only monitoring commands, whereas a privilege level allows a user to make changes to an IOS configuration.
C. A CLI view and a privilege level perform the same function. However, a CLI view is used on a Catalyst switch, whereas a privilege level is used on an IOS router.
D. A CLI view can function without a AAA configuration, whereas a privilege level requires AAA to be configured.
19. When configuring Cisco IOS login enhancements for virtual connections, what is the "quiet period"?
A. A period of time when no one is attempting to log in
B. The period of time in which virtual logins are blocked as security services fully initialize
C. The period of time in which virtual login attempts are blocked, following repeated failed login attempts
D. The period of time between successive login attempts
20. Which result is of securing the Cisco IOS image by use of the Cisco IOS image resilience feature?
A. When the router boots up, the Cisco IOS image will be loaded from a secured FTP location.
B. The Cisco IOS image file will not be visible in the output from the show flash command.
C. The show version command will not show the Cisco IOS image file location.
D. The running Cisco IOS image will be encrypted and then automatically backed up to a TFTP server.
21. Which three statements are valid SDM configuration wizards? (Choose three.)
A. Security Audit
Answer: A, B, D