Cisco CCNA Security 640-553 Training

640-553 exam is an important Cisco Certification which can test your professional skills. Candidates want to pass the exam successfully to prove their competence. Cisco technical experts have collected and certified 154 questions and answers of Implementing Cisco IOS Network Security (IINS) which are designed to cover the knowledge points of the Planning and Designing Cisco Superdome Server Solutions and enhance candidates’ abilities. With 640-553 preparation tests you can pass the Implementing Cisco IOS Network Security (IINS) easily, get the Cisco and go further on Cisco career path.

51: What does the MD5 algorithm do?
A.takes a message less than 2^64 bits as input and produces a 160-bit message digest
B.takes a variable-length message and produces a 168-bit message digest
C.takes a variable-length message and produces a 128-bit message digest
D.takes a fixed-length message and produces a 128-bit message digest
Correct Answers: C

52: Which access list will permit HTTP traffic sourced from host 10.1.129.100 port 3030 destined to host 192.168.1.10?
A.access-list 101 permit tcp any eq 3030
B.access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 3030 192.168.1.0 0.0.0.15 eq www
C.access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.1.10 0.0.0.0 eq www
D.access-list 101 permit tcp host 192.168.1.10 eq 80 10.1.0.0 0.0.255.255 eq 3030
E.access-list 101 permit tcp 192.168.1.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255
F.access-list 101 permit ip host 10.1.129.100 eq 3030 host 192.168.1.100 eq 80
Correct Answers: B

53: You have configured a standard access control list on a router and applied it to interface Serial 0 in an outbound direction. No ACL is applied to Interface Serial 1 on the same router. What happens when traffic being filtered by the access list does not match the configured ACL statements for Serial 0?
A.The resulting action is determined by the destination IP address.
B.The resulting action is determined by the destination IP address and port number.
C.The source IP address is checked, and, if a match is not found, traffic is routed out interface Serial 1.
D.The traffic is dropped.
Correct Answers: D

55: Which of these is the strongest symmetrical encryption algorithm?
A.DES
B.3DES
C.AES
D.RSA
E.SHA
F.Diffie-Hellman
Correct Answers: C

56: Which location is recommended for extended or extended named ACLs?
A.an intermediate location to filter as much traffic as possible
B.a location as close to the destination traffic as possible
C.when using the established keyword, a location close to the destination point to ensure that return traffic is allowed
D.a location as close to the source traffic as possible
Correct Answers: D

57: Which two functions are required for IPsec operation? (Choose two.)
A.using SHA for encryption
B.using PKI for pre-shared-key authentication
C.using IKE to negotiate the SA
D.using AH protocols for encryption and authentication
E.using Diffie-Hellman to establish a shared-secret key
Correct Answers: C E

58: Which three statements about the IPsec protocol are true? (Choose 3.)
A.IPsec is a framework of open standards.
B.IPsec is bound to specific encryption algorithms, such as 3DES and AES.
C.IPsec ensures data integrity by using checksums.
D.IPsec authenticates users and devices that can carry out communication independently.
E.IPsec is implemented at Layer 4 of the OSI model.
F.IPsec uses digital certificates to guarantee confidentiality.
Correct Answers: A C D
59: Instructions

To access the Cisco Router and Security Device Manager (SDM) utility click on the console host icon that is connected to a ISR router.
You can click on the grey buttons below to view the different windows.
Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by dragging it by the title bar.
The “Tab” key and most commands that use the “Control” or “Escape” keys are not supported and are not necessary to complete this simulation.
Scenario
You have been tasked to examine the current Cisco IOS Zone-Based Policy Firewall configurations on the LA-ISR router using the Cisco Router and Security Device Manager (SDM) utility. Using the appropriate Cisco SDM configuration screens, you will need to answer the multiple-choice questions in this simulation.
Question 1
Which two options correctly identify the associated interface with the correct security zone? (Choose two.)
A.FastEthernet0/1 is associated to the “out-zone” zone.
B.FastEthernet0/0 is associated to the “in-zone” zone.
C.FastEthernet0/0 and 0/1 are associated to the “self” zone.
D.FastEthernet0/0 and 0/1 are associated to the “in-zone” zone.
E.FastEthernet0/0 and 0/1 are associated to the “out-zone” zone.
F.FastEthernet0/0 and 0/1 are not associated to any zone.
Correct Answers: A B

60: Instructions
To access the Cisco Router and Security Device Manager (SDM) utility click on the console host icon that is connected to a ISR router.
You can click on the grey buttons below to view the different windows.
Each of the windows can be minimized by clicking on the [-]. You can also reposition a window by dragging it by the title bar.
The “Tab” key and most commands that use the “Control” or “Escape” keys are not supported and are not necessary to complete this simulation.
Scenario
You have been tasked to examine the current Cisco IOS Zone-Based Policy Firewall configurations on the LA-ISR router using the Cisco Router and Security Device Manager (SDM) utility. Using the appropriate Cisco SDM configuration screens, you will need to answer the multiple-choice questions in this simulation.
Question 2
Which statements is correct regarding the “sdm-permit” policy map?
A.Traffic not matched by any of the class maps within that policy map will be inspected
B.Traffic matching the “sdm-access” traffic class will be inspected.
C.Traffic matching the “SDM_CA_SERVER” traffic class will be dropped.
D.That policy map is applied to traffic sourced from the “self” zone and destined to the “out-zone” zone.
E.That policy map is applied to traffic sourced from the “out-zone” zone and destined to the “in-zone” zone.
Correct Answers: C