CCNA安全640-553 IINS考试介绍

testinexamorg

实施思科IOS网络安全

考试编号: 640-553

相关认证: CCNA 安全认证

时间: 90 分钟 (55-65 问题)

可选择语言: 英语, 日语, 中文, 俄语, 葡萄牙语, 韩语, 法文, 西班牙语

考试说明

640-553 实施思科IOS网络安全（IINS）考试是与CCNA安全认证相关的考试。它主要测验考生在保护思科路由器、交换机以及相关网络安全方面的知识。将要验证的技能包括：在保持数据和设备的完整性、保密性和可用性的条件下安装、故障排除和监控网络设备，以及使用思科在安全架构中所采用的技术进行开发的能力。准备参加该考试的考生需要学习“实施思科IOS网络安全（IINS）”课程。

最新640-553题库下载

1. What are two characteristics of the SDM Security Audit wizard? (Choose two.)

A. displays a screen with Fix-it check boxes to let you choose which potential security-related configuration changes

to implement

B. has two modes of operationinteractive and non-interactive

C. automatically enables Cisco IOS firewall and Cisco IOS IPS to secure the router

D. uses interactive dialogs and prompts to implement role-based CLI

E. requires users to first identify which router interfaces connect to the inside network and which connect to the

outside network

Answer: AE

2. Refer to the exhibit. Which statement is correct based on the show login command output shown?

A. When the router goes into quiet mode, any host is permitted to access the router via Telnet, SSH, and HTTP,

since the quiet-mode access list has not been configured.

B. The login block-for command is configured to block login hosts for 93 seconds.

C. All logins from any sources are blocked for another 193 seconds.

D. Three or more login requests have failed within the last 100 seconds.

Answer: D

3. During role-based CLI configuration, what must be enabled before any user views can be created?

A. multiple privilege levels

B. usernames and passwords

C. aaa new-model command

D. secret password for the root user

E. HTTP and/or HTTPS server

Answer: C

4. Which location is recommended for extended or extended named ACLs?

A. an intermediate location to filter as much traffic as possible

B. a location as close to the destination traffic as possible

C. when using the established keyword, a location close to the destination point to ensure that return traffic is allowed

D. a location as close to the source traffic as possible

Answer: D

5. Refer to the exhibit. Which statement about the aaa configurations is true?

A. The authentication method list used by the console port is named test.

B. The authentication method list used by the vty port is named test.

C. If the TACACS+ AAA server is not available, no users will be able to establish a Telnet session with the router.

D. If the TACACS+ AAA server is not available, console access to the router can be authenticated using the local

database.

E. The local database is checked first when authenticating console and vty access to the router.

Answer: B

6. Which characteristic is the foundation of Cisco Self-Defending Network technology?

A. secure connectivity

B. threat control and containment

C. policy management

D. secure network platform

Answer: D

7. What is a result of securing the Cisco IOS image using the Cisco IOS image resilience feature?

A. The show version command will not show the Cisco IOS image file location.

B. The Cisco IOS image file will not be visible in the output from the show flash command.

C. When the router boots up, the Cisco IOS image will be loaded from a secured FTP location.

D. The running Cisco IOS image will be encrypted and then automatically backed up to the NVRAM.

E. The running Cisco IOS image will be encrypted and then automatically backed up to a TFTP server.

Answer: B

8. Which aaa accounting command is used to enable logging of both the start and stop records for user terminal

sessions on the router?

A. aaa accounting network start-stop tacacs+

B. aaa accounting system start-stop tacacs+

C. aaa accounting exec start-stop tacacs+

D. aaa accounting connection start-stop tacacs+

E. aaa accounting commands 15 start-stop tacacs+

Answer: C

9. Which of these correctly matches the CLI command(s) to the equivalent SDM wizard that performs similar

configuration functions?

A. Cisco Common Classification Policy Language configuration commands and the SDM Site-to-Site VPN wizard

B. auto secure exec command and the SDM One-Step Lockdown wizard

C. setup exec command and the SDM Security Audit wizard

D. class-maps, policy-maps, and service-policy configuration commands and the SDM IPS wizard

E. aaa configuration commands and the SDM Basic Firewall wizard

Answer: B

10. Refer to the exhibit. What does the option secret 5 in the username global configuration mode command indicate

about the enable secret password?

A. It is hashed using SHA.

B. It is encrypted using DH group 5.

C. It is hashed using MD5.

D. It is encrypted via the service password-encryption command.

E. It is hashed using a proprietary Cisco hashing algorithm.

F. It is encrypted using a proprietary Cisco encryption algorithm.

Answer: C

1135252046

faint320

看看，提供的信息还是有较大用处的，谢谢楼主喽

mujian881117

想问一下 咱们论坛里有资料吗？或者视频之类的？求呀！

hanyem

楼主请问有题库么 能不能呢个传我一份？

27481716

没钱下载

sun-andy

c4919654

谢谢楼主贡献

︶ㄣoо笨乄

我擦！！

西安宋永林

在那下载

kingyzd

好帖子啊，顶啊