Page 1

Exam 640-553 study material Made available by CertsKing.com

Free 640-553 Exam Preparation Questions Exam 640-553: IINS Implementing Cisco IOS Network Security

For Latest 640-553 Exam Questions and study guides- visit- http://www.certsking.com/640-553.html


Case Study # 1 Scenario: To access the Cisco Router and Security Device Manager(SDM) utility click on the console host icon that is connected to a ISR router. You can click on the grey buttons below to view the different windows. Each of the windows can be minimized by clicking on the [-].You can also reposition a window by dragging it by the title bar. The "Tab" key and most commands that use the "Control"or "Escape" keys are not supported and are not necessary to complete this simulation. Topology:

Case Study # 1 (Questions) Question 1 For Latest 640-553 Exam Questions and study guides- visit- http://www.certsking.com/640-553.html


Which two options correctly identify the associated interface with the correct security zone? (Choose two.) A. FastEthernet0/1 is associated to the "out-zone" zone. B. FastEthernet0/0 is associated to the "in-zone" zone. C. FastEthernet0/0 and 0/1 are associated to the "self" zone. D. FastEthernet0/0 and 0/1 are associated to the "in-zone" zone. E. FastEthernet0/0 and 0/1 are associated to the "out-zone" zone. F. FastEthernet0/0 and 0/1 are not associated to any zone. Answer: A, B Question 2 Which statements is correct regarding the "sdm-permit" policy map? A. Traffic not matched by any of the class maps within that policy map will be inspected B. Traffic matching the "sdm-access" traffic class will be inspected. C. Traffic matching the "SDM_CA_SERVER" traffic class will be dropped. D. That policy map is applied to traffic sourced from the "self" zone and destined to the "out-zone" zone. E. That policy map is applied to traffic sourced from the "out-zone" zone and destined to the "in-zone" zone. Answer: C Question 3 Within the "sdm-inspect" policy map, what is the action assigned to the traffic class "sdm-invalid-src", and which traffic is matched by the traffic class "sdm-invlid-src" ? (Choose two.) A. drop/log B. Inspect C. inspect/log D. traffic matched by ACL 104 E. traffic matched by ACL 105 F. traffic matched by the nested "sdm-cls-insp-traffic" class map G. any traffic Answer: E, F Question 4 Which three protocols are matched by the "sdm-cls-insp-traffic" class map? (Choose three) A. Sql-net B. Pop3 C. 12tp D. Ftp E. Citrix F. SNMP Answer: A, B, D Question 5 Within the "sdm-permit" policy map, what is the action assigned to the traffic class "class default"? A. Inspect B. Pass C. Drop D. Police E. Log Answer: C Question 6 Which ploicy map is associated to the "adm-zp-in-out" security zone pair? A. sdm-permit-icmpreply B. adm-permit C. sdm-inspect D. sdm-insp-traffic E. sdm-access Answer: B Case Study # 2 Scenario: Next Gen University main campus is located in Santa Cruz. The University has recently establisheci various remote For Latest 640-553 Exam Questions and study guides- visit- http://www.certsking.com/640-553.html


campuses offening -lerning services. The UnverIty is using IPec VPN connectivity between its main and remote campus Phoenix (PHX), Newadla (ND). Sacremento (SAC). As a recent addition to The IT/Networking team. You have beeni tasked to document the IPsec VPN configurations to the remote campuses using the Cisco Ruler and SDM utility. Using the SDM output from VPN Tasks under the Configure tab, annwer these quetions Cisco SDM 5.0:

Topology:

Case Study # 2 (Questions)

For Latest 640-553 Exam Questions and study guides- visit- http://www.certsking.com/640-553.html


Question:1 Which one of these statements is correct in regards to Next Gen University Psec tunnel between its Santa Cruz main campus and its PHX remote campus? A. It is using IPsec tunnel mode A&S encryption and SHA HMAC Integrity Check. B. It is using IPsec tunnel mode. 3DES encryption and SHA HMAC Integrity Check. C. It Ia using IPsec tunnel mode to protect the traffic between the 10.10. 10.0/24 and the 10.253.0/24 sbnet, D. It is using digital certificate authenticate between the IPsec peers and DH group 2 E. It Is using pre-shared key to ahentlcate beteen the IPsec pens and OH group 5 F. The Santa Cruz main campus is the Easy VPN server and the PHX remote campus is easy VPN remote. Answer: C Question:2 Which of these is used to define which traffic will be protected by IPsec between the Next Gen University Santa Cruz main campus and its SAC remote campus? A. ACL 174 B. ACL 168 C. ACL 151 D. ESP-3DES.SHAI transform set E. ESP-3DES-SHA2 transform set F. IKE Phase Answer: A Question:3 The IPsec tunnel to the SAC remote campus terminates at which IP address, and what is the protected subnet behind the SAC remote campus router? (Choose two.) A. 192,168288 B. 192.168.5.28 C. 192.168.8.97 D. 10.2.53.0/124 E. 10.5.64.0/124 F. 10.8.74.0/124 Answer: C, F Question:4 Which one of these statements is correct in regards to Next Gen University IPsec tunnel between its Santa Cruz main campus and its SAC remote campus? A. The SAC remote campus remote router is using dynamic IP address; therefore, the Santa B. Cruz router is using a dynamic crypto map. C. Dead Peer Detection (DPD) is used to monitor the IPsec tunnel, so if there is no traffic traversing between the two sites, the IPsec tunnel will disconnect. D. Tunnel mode is used: therefore, a GRE tunnel interface will be configured. E. Only the ESP protocol is being used: AH is not being used. Answer: D

For Latest 640-553 Exam Questions and study guides- visit- http://www.certsking.com/640-553.html


For complete Exam 640-553 Training kits and Self-Paced Study Material Visit: http://www.certsking.com/640-553.html

http://www.certsking.com/

For Latest 640-553 Exam Questions and study guides- visit- http://www.certsking.com/640-553.html


Exam 640-553 Preparation Questions  

Certsking the leading source in certification preparation services, all certification guaranteed study material, question and answers, pract...

Advertisement
Read more
Read more
Similar to
Popular now
Just for you