Pass4sure 640-553 IINS 2.93
Question: 1
Which consideration is important when implementing Syslogging in your network?
A. Use SSH to access your Syslog information.
B. Enable the highest level of Syslogging available to ensure you log all possible event messages.
C. Log all messages to the system buffer so that they can be displayed when accessing the router.
D. Syncronize clocks on the network with a protocol such as Network Time Protocol.
Answer: D Question: 2
Which statement is true when you have generated RSA keys on your Cisco router to prepare for secure device management?
A. You must then zeroize the keys to reset secure shell before configuring other parameters.
B. The SSH protocol is automatically enabled.
C. You must then specify the general-purpose key size used for authentication with the crypto key generate rsa general-keys modulus command.
D. All vty ports are automatically enabled for SSH to provide secure management.
Answer: B
Question: 3
What does level 5 in the following enable secret global configuration mode command indicate?
router# enable secret level 5 password
A. The enable secret password is hashed using MD5. B. The enable secret password is hashed using SHA.
C. The enable secret password is encrypted using Cisco proprietary level 5 encryption. D. Set the enable secret command to privilege level 5.
E. The enable secret password is for accessing exec privilege level 5.
Answer: E Question: 4 Drop
Answer:
Exam Name: IINS Implementing Cisco IOS Network Security
Exam Type: Cisco Case Studies: 2
Exam Code: 640-553 Total Questions: 68
Question: 5 Drop
Answer:
Question: 6
Which of these correctly matches the CLI command(s) to the equivalent SDM wizard that performs similar configuration functions?
A. Cisco Common Classification Policy Language configuration commands and the SDM Site-
to-Site VPNn wizard
B. Auto secure exec command and the SDM One-Step Lockdown wizard
C. Setup exec command and the SDM Security Audit wizard
Exam Name: IINS Implementing Cisco IOS Network Security
Exam Type: Cisco Case Studies: 2
Exam Code: 640-553 Total Questions: 68
D. Class-maps, policy-maps, and service-policy configuration commands and the SDM IPS
wizard
E. Aaa configuration commands and the SDM Basic Firewall wizard
Answer: B Question: 7
What is the key difference between host-based and network-based intrusion prevention?
A. Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows.
B. Network-based IPS provides better protection against OS kernel-level attacks against hosts and servers.
C. Network-based IPS can provide protection to desktops and servers without the need of installing specialized software on the end hosts and servers.
D. Host-based IPS can work in promiscuous mode or inline mode.
E. Host-based IPS is more scalable then network-based IPS.
F. Host-based IPS deployment requires less planning than network-based IPS.
Answer: C Question: 8
Refer to the exhibit.
You are a network manager for your organization. You are looking at your Syslog server reports. Based on the Syslog message shown, which two statements are true? (Choose two.)
A. Service timestamps have been globally enabled.
B. This is a normal system-generated information message and does not require further investigation.
C. This message is unimportant and can be ignored. D. This message is a level 5 notification message.
Answer: A, D Question: 9
You suspect an attacker in your network has configured a rogue layer 2 device to intercept traffic
from multiple VLANS, thereby allowing the attacker to capture potentially sensitive data. Which two methods will help to mitigate this type of activity? (Choose two.)
A. Turn off all trunk ports and manually configure each VLAN as required on each port
B. Disable DTP on ports that require trunking
C. Secure the native VLAN, VLAN 1 with encryption
D. Set the native VLAN on the trunk ports to an unused VLAN E. Place unused active ports in an unused VLAN
Answer: B, D Question: 10
Which three statements about SSL-based VPNs are true? (Choose three.)
A. Asymmetric algorithms are used for authentication and key exchange.
B. SSL VPNs and IPsec VPNs cannot be configured concurrently on the same router. C. Symmetric algorithms are used for bulk encryption.
Free 640-553 Exams’s PDF Download
Free Testking offers free demo for 640-553 PDF(IINS Implementing Cisco IOS Network Security). You can check out the interface, question quality and usability of our practice exams . We are the only one site can offer demo for almost all IINS Implementing Cisco IOS Network Security.
Recommended Training about 640-553 exam PDF
The following courses are the recommended training for 640-553 exam PDF.
640-553 Q & A with Explanations
640-553 Audio Exam
640-553 Study Guide
640-553 Preparation Lab
Exam Number/Code: 640-553
Exam Name: IINS Implementing Cisco IOS Network Security
“IINS Implementing Cisco IOS Network Security”, also known as 640-553 exam, is a Cisco certification.
Preparing for the 640-553 exam? Searching 640-553 Test Questions, 640-553 Practice Exam, 640-553 Dumps?
With the complete collection of questions and answers, Pass4sure has assembled to take you through 128 Q&As to your 640-553 Exam preparation. In the 640-553 exam resources, you will cover every field and category in CCNA helping to ready you for your successful Cisco Certification.
Questions and Answers : 128 Q&As
Updated: 2008-09-18
Market Price: $125.99
Member Price: $99.99
Pass4sure 640-553 IINS
Interactive Testing Engine Included!
65 Questions
Updated : 09/26/2008
Price : $87.99 $79.99
Free download?pass4sure 640-553 IINS
Free download?testking 640-553 IINS
Download Free Latest Pass4sure P4S PassForsure Braindumps
- Free pass4sure ccna 640-802 3.22
- Free Pass4sure 642-511 CSVPN 2.93
- Free Pass4sure Cisco Dumps 2.73
- Free Pass4sure 642-964 CDCNIS 2.83
- Free Pass4sure 642-812 BCMSN 2.93
- Free Pass4sure 350-027 CCIE 2.73
- Free Pass4sure 350-001 CCIE 2.73
- Free Pass4sure 642-533 IPS 2.83
- Free Pass4sure 642-425 IPTT 2.73
- Free Pass4sure 642-973 DCNI-1 2.95
640-553 IINS
Implementing Cisco IOS Network Security
Exam Number: 640-553
Associated Certifications: CCNA Security
Duration: 90 minutes (55-65 questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
Exam Description
The 640-553 IINS Implementing Cisco IOS Network Security exam is associated with the CCNA Security certification. This exam tests a candidate’s knowledge of securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure.
Candidates can prepare for this exam by taking the Implementing Cisco IOS Network Security (IINS)course.
Exam Topics
The following topics are general guidelines for the content likely to be included on the Implementing Cisco IOS Network Security exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Describe the security threats facing modern network infrastructures
* Describe and list mitigation methods for common network attacks
* Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
* Describe the Cisco Self Defending Network architecture
Secure Cisco routers
* Secure Cisco routers using the SDM Security Audit feature
* Use the One-Step Lockdown feature in SDM to secure a Cisco router
* Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
* Secure administrative access to Cisco routers by configuring multiple privilege levels
* Secure administrative access to Cisco routers by configuring role based CLI
* Secure the Cisco IOS image and configuration file
Implement AAA on Cisco routers using local router database and external ACS
* Explain the functions and importance of AAA
* Describe the features of TACACS+ and RADIUS AAA protocols
* Configure AAA authentication
* Configure AAA authorization
* Configure AAA accounting
Mitigate threats to Cisco routers and networks using ACLs
* Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets
* Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI
* Configure IP ACLs to prevent IP address spoofing using CLI
* Discuss the caveats to be considered when building ACLs
Implement secure network management and reporting
* Use CLI and SDM to configure SSH on Cisco routers to enable secured management access
* Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server
Mitigate common Layer 2 attacks
* Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features
Implement the Cisco IOS firewall feature set using SDM
* Describe the operational strengths and weaknesses of the different firewall technologies
* Explain stateful firewall operations and the function of the state table
* Implement Zone Based Firewall using SDM
Implement the Cisco IOS IPS feature set using SDM
* Define network based vs. host based intrusion detection and prevention
* Explain IPS technologies, attack responses, and monitoring options
* Enable and verify Cisco IOS IPS operations using SDM
Implement site-to-site VPNs on Cisco Routers using SDM
* Explain the different methods used in cryptography
* Explain IKE protocol functionality and phases
* Describe the building blocks of IPSec and the security functions it provides
* Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM
Comment by ccna security — September 28, 2008 @ 8:11 pm
[...] Communications AM Pass4sure Cisco 642-873 Designing Cisco Network Service Architectures Exam Pass4sure Cisco 640-553 IINS Implementing Cisco IOS Network Security Pass4sure Cisco 640-460 IIUC Implementing Cisco IOS [...]
Pingback by pass4sure cisco « Free latest pass4sure p4s dumps — September 30, 2008 @ 7:20 pm
[...] Communications AM Pass4sure Cisco 642-873 Designing Cisco Network Service Architectures Exam Pass4sure Cisco 640-553 IINS Implementing Cisco IOS Network Security Pass4sure Cisco 640-460 IIUC Implementing Cisco IOS [...]
Pingback by Pass4sure Cisco | Free Latest Cisco CCNA 640-802 Certification Exam Dumps — October 9, 2008 @ 7:14 am
[...] Communications AM Pass4sure Cisco 642-873 Designing Cisco Network Service Architectures Exam Pass4sure Cisco 640-553 IINS Implementing Cisco IOS Network Security Pass4sure Cisco 640-460 IIUC Implementing Cisco IOS [...]
Pingback by Pass4sure Cisco Dumps 2.73 | Free Latest P4s Passforsure Cisco Certification Exams Rapidshare Dumps — October 14, 2008 @ 5:20 am
[...] download: pass4sure CCNA 640-553 Free download: testking CCNA [...]
Pingback by Pass4sure CCNA 640-553 | Free Latest Topcerts Pass4sure Dumps — October 24, 2008 @ 8:52 am
CCNA Security Boot Camp
CCBOOTCAMP® is pleased to offer the official authorized Cisco CCNA® Security course. Our CCNA Security Boot Camp contains five days of intense training from our Cisco® certified industry experts. This course is designed to assist students in obtaining their CCNA Security certification for an unbelievably low price.
Pre-Requisites
Valid CCNA
Course Summary
This official authorized Cisco course is offered by CCBOOTCAMP, sponsored by a Cisco Learning Solutions Partner®, and is designed specifically to prepare students for the CCNA Security Exam. CCNA Security Certification meets the needs of IT professionals who are responsible for network security. It confirms an individual’s skills for job roles such as Network Security Specialists, Security Administrators, and Network Security Support Engineers. This certification validates skills including installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security structure.
Students completing the recommended Cisco training will gain an introduction to core security technologies as well as how to develop security policies and mitigate risks. IT organizations that employ CCNA Security-holders will have IT staff that can develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats.
Course Description
This course is designed specifically to prepare students to pass the CCNA Security Exam.
CCBOOTCAMP offers its students on-site instructor-led training at any of our locations throughout North America.
Class length is five consecutive days, and runs Monday through Friday, typically from 9:00 AM to 5:00 PM. In addition to classroom time, there will be daily homework assignments to be completed at night. These are very full days, so students should arrive at our facility rested and prepared to work.
CCNA Security class will have a maximum of twelve students.
Each student receives dedicated instructor mentoring to ensure all concepts are completely understood.
We offer the most advanced equipment in the industry. You get your own equipment to work with. No gear sharing!
Access is provided to the classroom racks 24 hours a day.
Free practice questions and one test attempt is included (a $125 value)!
Price for this class is $2495
Financing is available.
Cisco Exams Covered
640-553 Implementing Cisco IOS Network Security (IINS)
Recertification requirements
The CCNA Security is valid for three years. To recertify, Pass any current CCNA concentration exam (wireless, security, voice) OR pass a current 642 professional exam, OR pass the current CCIE written exam or the current CCDE written exam.
Comment by testking — November 18, 2008 @ 9:27 pm
[...] Pass4sure 640-553 Testking 640-553 Actualtest 640-553 [...]
Pingback by offer New Testking 640-553 PDF Version | Download cisco 640-553 certification Test training courses dumps — March 24, 2009 @ 10:29 pm
[...] Pass4sure 640-553 Testking 640-553 Actualtest 640-553 [...]
Pingback by offer New Testking 640-553 PDF Version | Download cisco 640-553 certification Test training courses dumps — March 25, 2009 @ 6:12 am