640-553 IINS Implementing Cisco IOS Network Security

Page 1   
Question 1

Information about a managed device??s resources and activity is defined by a series of
objects. What defines the structure of these management objects?

  • A. MIB
  • B. FIB
  • C. LDAP
  • D. CEF

Answer : A

Explanation: Explanation Management Information Base (MIB) is the database of confguration variables that resides on the networking device.

Question 2

Examine the following options ,when editing global IPS settings, which one determines if
the IOS-based IPS feature will drop or permit traffic for a particular IPS signature engine
while a new signature for that engine is being compiled?

  • A. Enable Signature Default
  • B. Enable Engine Fail Closed
  • C. Enable Default IOS Signature
  • D. Enable Fail Opened

Answer : B

Question 3

Which statement best describes the relationships between AAA function and TACACS+,
RADIUS based on the exhibit shown?

  • A. TACACS+ – 1 and 3 RADIUS – 2 and 4
  • B. TACACS+ – 2 and 4 RADIUS – 1 and 3
  • C. TACACS+ – 1 and 4 RADIUS – 2 and 3
  • D. TACACS+ – 2 and 3 RADIUS – 1 and 4

Answer : B

Question 4

On the basis of the Cisco IOS Zone-Based Policy Firewall, by default, which three types

Drag three proper characterizations on the above to the list on the below.

Answer :

Question 5

Which kind of table will be used by most firewalls today to keep track of the connections
through the firewall?

  • A. dynamic ACL
  • B. reflexive ACL
  • C. netflow
  • D. queuing
  • E. state
  • F. express forwarding

Answer : E

Explanation: Explanation There are four generations of rewall technologies developed between 1983 and 1995: static packet-ltering rewalls, circuit-level rewalls, application layer rewalls and dynamic packet-ltering rewalls. The dynamic packet-ltering rewalls, sometimes called stateful rewalls, keeps track of the actual communication process through the use of a state table. The state table is part of the internal structure of the firewall and tracks all sessions and inspects all packets passing through the firewall. These rewalls operate at Layers 3, 4 and 5.

Question 6


Answer :

Question 7


Answer :

Question 8

Which one of the following items may be added to a password stored in MD5 to make it
more secure?

  • A. Ciphertext
  • B. Salt
  • C. Cryptotext
  • D. Rainbow table

Answer : B

Question 9

When configuring Cisco IOS login enhancements for virtual connections, what is the "quiet

  • A. The period of time in which virtual login attempts are blocked, following repeated failed login attempts
  • B. The period of time in which virtual logins are blocked as security services fully initialize
  • C. A period of time when no one is attempting to log in
  • D. The period of time between successive login attempts

Answer : A

Explanation: Explanation If the configured number of connection attempts fails within a specified time period, the Cisco IOS device does not accept any additional connections for a period of time that is called the quiet period. This feature is not enabled by default, we can enable its default settings, issue the login block-for command in global configuration mode. Administrators can use this feature to protect from DoS and/or dictionary attacks.

Question 10

How does CLI view differ from a privilege level?

  • A. A CLI view supports only commands configured for that specific view, whereas a privilege level supports commands available to that level and all the lower levels.
  • B. A CLI view can function without a AAA configuration, whereas a privilege level requires AAA to be configured.
  • C. A CLI view supports only monitoring commands, whereas a privilege level allows a user to make changes to an IOS configuration.
  • D. A CLI view and a privilege level perform the same function. However, a CLI view is used on a Catalyst switch, whereas a privilege level is used on an IOS router.

Answer : A

Question 11

Refer to the exhibit. What does the option secret 5 in the username global configuration
mode command indicate about the enable secret password?

  • A. It is hashed using SHA.
  • B. It is encrypted using DH group 5.
  • C. It is hashed using MD5.
  • D. It is encrypted via the service password-encryption command.
  • E. It is hashed using a proprietary Cisco hashing algorithm.
  • F. It is encrypted using a proprietary Cisco encryption algorithm.

Answer : C

Question 12

Based on the following items, which two types of interfaces are found on all network-based
IPS sensors? (Choose two.)

  • A. Loopback interface
  • B. Command and control interface
  • C. Monitoring interface
  • D. Management interface

Answer : B,C

Question 13

Which algorithm was the first to be found suitable for both digital signing and encryption?

  • A. HMAC
  • B. RSA
  • C. MD5
  • D. SHA-1

Answer : B

Question 14

What will be enabled by the scanning technology-The Dynamic Vector Streaming (DVS)?

  • A. Firmware-level virus detection
  • B. Signature-based virus filtering
  • C. Layer 4 virus detection
  • D. Signature-based spyware filtering

Answer : D

Explanation: Explanation The DVS engine is a new scanning technology that enables signature-based spyware ltering. This solution is complemented by a comprehensive set of management and reporting tools that provide ease of administration and complete visibility into threat-related activities.

Question 15

input answer here:

Answer :

Page 1