Cisco 640-461 Certification Exams, Most Hottest Cisco 640-461 Doc Online Shop

Free Sharing –How to pass the Cisco 640-461 exam quickly? How to prepare for the changed exam? Free download Cisco 640-461   Exam practice test with all new exam questions.You can also get more new version on Flydumps.com

QUESTION 75
Which type of Cisco ASA access list entry can be configured to match multiple entries in a single statement?
A. nested object-class
B. class-map
C. extended wildcard matching
D. object groups

Correct Answer: D
QUESTION 76
Which statement about an access control list that is applied to a router interface is true?
“First Test, First Pass” – www.lead2pass.com 30 Cisco 640-554 Exam
A. It only filters traffic that passes through the router.
B. It filters pass-through and router-generated traffic.
C. An empty ACL blocks all traffic.
D. It filters traffic in the inbound and outbound directions.

Correct Answer: A
QUESTION 77
You have been tasked by your manager to implement syslog in your network. Which option is an important factor to consider in your implementation?
A. Use SSH to access your syslog information.
B. Enable the highest level of syslog function available to ensure that all possible event messages are logged.
C. Log all messages to the system buffer so that they can be displayed when accessing the router.
D. Synchronize clocks on the network with a protocol such as Network Time Protocol.
Correct Answer: D
QUESTION 78
Which protocol secures router management session traffic?
A. SSTP
B. POP
C. Telnet
D. SSH

Correct Answer: D
QUESTION 79
Which two considerations about secure network management are important? (Choose two.)
A. log tampering
B. encryption algorithm strength
C. accurate time stamping
D. off-site storage
E. Use RADIUS for router commands authorization.
F. Do not use a loopback interface for device management access.

Correct Answer: AC
QUESTION 80
Which command enables Cisco IOS image resilience?
A. secure boot-<IOS image filename>
B. secure boot-running-config
C. secure boot-start
D. secure boot-image “First Test, First Pass” – www.lead2pass.com 31 Cisco 640-554 Exam

Correct Answer: D
QUESTION 81
Which router management feature provides for the ability to configure multiple administrative views?
A. role-based CLI
B. virtual routing and forwarding
C. secure config privilege {level}
D. parser view view name

Correct Answer: A
QUESTION 82
You suspect that an attacker in your network has configured a rogue Layer 2 device to intercept traffic from multiple VLANs, which allows the attacker to capture potentially sensitive data. Which two methods will help to mitigate this type of activity? (Choose two.)
A. Turn off all trunk ports and manually configure each VLAN as required on each port
B. Disable DTP on ports that require trunking
C. Secure the native VLAN, VLAN 1 with encryption
D. Set the native VLAN on the trunk ports to an unused VLAN
E. Place unused active ports in an unused VLAN
Correct Answer: BD
QUESTION 83
You are the security administrator for a large enterprise network with many remote locations. You have been given the assignment to deploy a Cisco IPS solution. Where in the network would be the best place to deploy Cisco IOS IPS?
A. inside the firewall of the corporate headquarters Internet connection
B. at the entry point into the data center
C. outside the firewall of the corporate headquarters Internet connection
D. at remote branch offices

Correct Answer: D
QUESTION 84
Which IPS technique commonly is used to improve accuracy and context awareness, aiming to detect and respond to relevant incidents only and therefore, reduce noise?
A. attack relevancy
B. target asset value
C. signature accuracy
D. risk rating

Correct Answer: D
QUESTION 85
Which two statements about SSL-based VPNs are true? (Choose two.)
A. Asymmetric algorithms are used for authentication and key exchange.
B. SSL VPNs and IPsec VPNs cannot be configured concurrently on the same router.
C. The application programming interface can be used to modify extensively the SSL client software for use in special applications.
D. The authentication process uses hashing technologies.
E. Both client and clientless SSL VPNs require special-purpose client software to be installed on the client machine.

Correct Answer: AD
QUESTION 86
Which option describes the purpose of Diffie-Hellman?
A. used between the initiator and the responder to establish a basic security policy
B. used to verify the identity of the peer
C. used for asymmetric public key encryption
D. used to establish a symmetric shared key via a public key exchange process
Correct Answer: D
QUESTION 87
Which three statements about the IPsec ESP modes of operation are true? (Choose three.)
A. Tunnel mode is used between a host and a security gateway.
B. Tunnel mode is used between two security gateways.
C. Tunnel mode only encrypts and authenticates the data.
D. Transport mode authenticates the IP header.
E. Transport mode leaves the original IP header in the clear.

Correct Answer: ABE
QUESTION 88
When configuring SSL VPN on the Cisco ASA appliance, which configuration step is required only for Cisco AnyConnect full tunnel SSL VPN access and not required for clientless SSL VPN?
A. user authentication
B. group policy
C. IP address pool
D. SSL VPN interface
E. connection profile

Correct Answer: C
QUESTION 89
“First Test, First Pass” – www.lead2pass.com 33 Cisco 640-554 Exam
For what purpose is the Cisco ASA appliance web launch SSL VPN feature used?
A. to enable split tunneling when using clientless SSL VPN access
B. to enable users to login to a web portal to download and launch the AnyConnect client
C. to enable smart tunnel access for applications that are not web-based
D. to optimize the SSL VPN connections using DTLS
E. to enable single-sign-on so the SSL VPN users need only log in once

Correct Answer: B
QUESTION 90
Which statement describes how VPN traffic is encrypted to provide confidentiality when using asymmetric encryption?
A. The sender encrypts the data using the sender’s private key, and the receiver decrypts the data using the sender’s public key.
B. The sender encrypts the data using the sender’s public key, and the receiver decrypts the data using the sender’s private key.
C. The sender encrypts the data using the sender’s public key, and the receiver decrypts the data using the receiver’s public key.
D. The sender encrypts the data using the receiver’s private key, and the receiver decrypts the data using the receiver’s public key.
E. The sender encrypts the data using the receiver’s public key, and the receiver decrypts the data using the receiver’s private key.
F. The sender encrypts the data using the receiver’s private key, and the receiver decrypts the data using the sender’s public key.
Correct Answer: E
QUESTION 91
Which four types of VPN are supported using Cisco ISRs and Cisco ASA appliances? (Choose four.)
A. SSL clientless remote-access VPNs
B. SSL full-tunnel client remote-access VPNs
C. SSL site-to-site VPNs
D. IPsec site-to-site VPNs
E. IPsec client remote-access VPNs
F. IPsec clientless remote-access VPNs
Correct Answer: ABDE
QUESTION 92
Refer to the exhibit. Using a stateful packet firewall and given an inside ACL entry of permit ip 192.16.1.0
0.0.0.255 any, what would be the resulting dynamically configured ACL for the return traffic on the outside ACL?
“First Test, First Pass” – www.lead2pass.com 34 Cisco 640-554 Exam

A. permit tcp host 172.16.16.10 eq 80 host 192.168.1.11 eq 2300
B. permit ip 172.16.16.10 eq 80 192.168.1.0 0.0.0.255 eq 2300
C. permit tcp any eq 80 host 192.168.1.11 eq 2300
D. permit ip host 172.16.16.10 eq 80 host 192.168.1.0 0.0.0.255 eq 2300

Correct Answer: A
QUESTION 93
Which option is the resulting action in a zone-based policy firewall configuration with these conditions?
Source: Zone 1 Destination: Zone 2 Zone pair exists?: YesPolicy exists?: No
A. no impact to zoning or policy
B. no policy lookup (pass)
C. drop
D. apply default policy

Correct Answer: C
QUESTION 94
A Cisco ASA appliance has three interfaces configured. The first interface is the inside interface with a security level of 100. The second interface is the DMZ interface with a security level of 50. The third interface is the outside interface with a security level of 0. By default, without any access list configured, which five types of traffic are permitted? (Choose five.)
A. outbound traffic initiated from the inside to the DMZ
B. outbound traffic initiated from the DMZ to the outside
C. outbound traffic initiated from the inside to the outside
D. inbound traffic initiated from the outside to the DMZ
E. inbound traffic initiated from the outside to the inside
F. inbound traffic initiated from the DMZ to the inside
G. HTTP return traffic originating from the inside network and returning via the outside interface
H. HTTP return traffic originating from the inside network and returning via the DMZ interface
I. HTTP return traffic originating from the DMZ network and returning via the inside interface
J. HTTP return traffic originating from the outside network and returning via the inside interface “First Test, First Pass” – www.lead2pass.com 35 Cisco 640-554 Exam
Correct Answer: ABCGH QUESTION 95

With the complete collection of Cisco 640-461 Questions and Answers, Flydumps.com has assembled to take you through Questions and Answers to your Cisco 640-461 Exam preparation. In the Cisco 640-461 exam resources, you will cover every field of Cisco 640-461 exam helping to ready you for your successful Microsoft Certification.