2014 Cisco 640-554 Dumps Free Downlaod(1-10)!

Which statement describes a best practice when configuring trunking on a switch port?

A.    Disable double tagging by enabling DTP on the trunk port.
B.    Enable encryption on the trunk port.
C.    Enable authentication and encryption on the trunk port.
D.    Limit the allowed VLAN(s) on the trunk to the native VLAN only.
E.    Configure an unused VLAN as the native VLAN.

Answer: E

Which type of Layer 2 attack causes a switch to flood all incoming traffic to all ports?

A.    MAC spoofing attack
B.    CAM overflow attack
C.    VLAN hopping attack
D.    STP attack

Answer: B

What is the best way to prevent a VLAN hopping attack?

A.    Encapsulate trunk ports with IEEE 802.1Q.
B.    Physically secure data closets.
C.    Disable DTP negotiations.
D.    Enable BDPU guard.

Answer: C

Which statement about PVLAN Edge is true?

A.    PVLAN Edge can be configured to restrict the number of MAC addresses that appear on a single port.
B.    The switch does not forward any traffic from one protected port to any other protected port.
C.    By default, when a port policy error occurs, the switchport shuts down.
D.    The switch only forwards traffic to ports within the same VLAN Edge.

Answer: B

If you are implementing VLAN trunking, which additional configuration parameter should be added to the trunking configuration?

A.    no switchport mode access
B.    no switchport trunk native VLAN 1
C.    switchport mode DTP
D.    switchport nonnegotiate

Answer: D

When Cisco IOS zone-based policy firewall is configured, which three actions can be applied to a traffic class? (Choose three.)

A.    pass
B.    police
C.    inspect
D.    drop
E.    queue
F.    shape

Answer: ACD

With Cisco IOS zone-based policy firewall, by default, which three types of traffic are permitted by the router when some of the router interfaces are assigned to a zone? (Choose three.)

A.    traffic flowing between a zone member interface and any interface that is not a zone member
B.    traffic flowing to and from the router interfaces (the self zone)
C.    traffic flowing among the interfaces that are members of the same zone
D.    traffic flowing among the interfaces that are not assigned to any zone
E.    traffic flowing between a zone member interface and another interface that belongs in a different zone
F.    traffic flowing to the zone member interface that is returned traffic

Answer: BCD

Which option is a key difference between Cisco IOS interface ACL configurations and Cisco ASA appliance interface ACL configurations?

A.    The Cisco IOS interface ACL has an implicit permit-all rule at the end of each interface ACL.
B.    Cisco IOS supports interface ACL and also global ACL. Global ACL is applied to all interfaces.
C.    The Cisco ASA appliance interface ACL configurations use netmasks instead of wildcard masks.
D.    The Cisco ASA appliance interface ACL also applies to traffic directed to the IP addresses of the Cisco
ASA appliance interfaces.
E.    The Cisco ASA appliance does not support standard ACL. The Cisco ASA appliance only support
extended ACL.

Answer: C

Which two options are advantages of an application layer firewall? (Choose two.)

A.    provides high-performance filtering
B.    makes DoS attacks difficult
C.    supports a large number of applications
D.    authenticates devices
E.    authenticates individuals

Answer: BE

On Cisco ISR routers, for what purpose is the realm-cisco.pub public encryption key used?

A.    used for SSH server/client authentication and encryption
B.    used to verify the digital signature of the IPS signature file
C.    used to generate a persistent self-signed identity certificate for the ISR so administrators can authenticate
the ISR when accessing it using Cisco Configuration Professional
D.    used to enable asymmetric encryption on IPsec and SSL VPNs
E.    used during the DH exchanges on IPsec VPNs

Answer: B

If you want to pass the Cisco 640-554 Exam sucessfully, recommend to read latest 640-554 Dumps full version.



Why Choose Lead2pass?

If you want to pass the exam successfully in first attempt you have to choose the best IT study material provider, in my opinion, Lead2pass is one of the best way to prepare for the exam.

Lead2pass Testking Pass4sure Actualtests Others
$99.99 $124.99 $125.99 $189 $29.99-$49.99
Real Questions
Error Correction
Printable PDF
Premium VCE
VCE Simulator
One Time Purchase
Instant Download
Unlimited Install
100% Pass Guarantee
100% Money Back