Free 640-553 download :cisco CCNA Security IINS Implementing Cisco IOS Network Security exam
Certification Provider: cisco
Exam Name: 640-553 – IINS Implementing Cisco IOS Network Security
Related Certifications: CCNA Security
Language: English
Latest update:2010-05-01
Free 640-553 PDF Demo
Download Demo of cisco 640-553 PDF exam for free (in PDF format ) before you decide to purchase it. Thus,you can know better about the quality of our practice exam and then make your right decision.
Free Download:Free 640-553 PDF
640-553 QUESTIONS ANSWERS WITH EXPLANATIONS
Interactive Testing Engine
PREPARATION LABS:20 labs
Duration: 270 Questions
cheap Price : 69.99
Guaranteed pass of CCNA Security 640-553 exam
What does PassGuide have for you to offer, for cisco 640-553 ?
Practically everything that you will ever need cisco 640-553 is indeed a highly qualified examination, and adequate preparation has to be made too in order to pass the exam. Vigilant exams practice is needed before a professional is qualified to appear in the certification exams. Only with heavy preparation and proper cisco guide certification exams can be attempted and passed.
Choose the CCNA Security 640-553 program that’s right for you.
you can feel safe with our question and answers that will help you in obtaining your successful completion of your 640-553 exam.
Investing in CCNA Security certification will help you to head for success
cisco 640-553 SEARCH HELP
Feel free to use search terms below while searching the Net for 640-553 IINS Implementing Cisco IOS Network Security exam:
cisco 640-553 sample questions
cisco 640-553 test answers
cisco 640-553 practice questions
cisco 640-553 vce download
cisco 640-553 discount code
cisco 640-553 guaranteed pass
PassGuide 640-553 exam like testking 640-553 exam pass4sure 640-553 exam transcender 640-553 exam Testinside 640-553 exam and it downlaods from the test center.If you will take 640-553 exam,I suggest you choose PassGuide 640-553.We guarantee that you can pass 640-553 exam at your first try.
Free Download:PassGuide 640-553
IT Certification and Career Paths
640-553 IINS
Implementing Cisco IOS Network Security
Exam Number: 640-553
Associated Certifications: CCNA Security
Duration: 90 minutes (55-65 questions)
Available Languages: English, Japanese, Chinese and Russian
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The 640-553 IINS Implementing Cisco IOS Network Security exam is associated with the CCNA Security certification. This exam tests a candidate’s knowledge of securing Cisco routers and switches and their associated networks. It leads to validated skills for installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices and develops competency in the technologies that Cisco uses in its security infrastructure.
Candidates can prepare for this exam by taking the Implementing Cisco IOS Network Security (IINS)course.
Exam Topics
The following topics are general guidelines for the content likely to be included on the Implementing Cisco IOS Network Security exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Describe the security threats facing modern network infrastructures
Describe and list mitigation methods for common network attacks
Describe and list mitigation methods for Worm, Virus, and Trojan Horse attacks
Describe the Cisco Self Defending Network architecture
Secure Cisco routers
Secure Cisco routers using the SDM Security Audit feature
Use the One-Step Lockdown feature in SDM to secure a Cisco router
Secure administrative access to Cisco routers by setting strong encrypted passwords, exec timeout, login failure rate and using IOS login enhancements
Secure administrative access to Cisco routers by configuring multiple privilege levels
Secure administrative access to Cisco routers by configuring role based CLI
Secure the Cisco IOS image and configuration file
Implement AAA on Cisco routers using local router database and external ACS
Explain the functions and importance of AAA
Describe the features of TACACS+ and RADIUS AAA protocols
Configure AAA authentication
Configure AAA authorization
Configure AAA accounting
Mitigate threats to Cisco routers and networks using ACLs
Explain the functionality of standard, extended, and named IP ACLs used by routers to filter packets
Configure and verify IP ACLs to mitigate given threats (filter IP traffic destined for Telnet, SNMP, and DDoS attacks) in a network using CLI
Configure IP ACLs to prevent IP address spoofing using CLI
Discuss the caveats to be considered when building ACLs
Implement secure network management and reporting
Use CLI and SDM to configure SSH on Cisco routers to enable secured management access
Use CLI and SDM to configure Cisco routers to send Syslog messages to a Syslog server
Mitigate common Layer 2 attacks
Describe how to prevent layer 2 attacks by configuring basic Catalyst switch security features
Implement the Cisco IOS firewall feature set using SDM
Describe the operational strengths and weaknesses of the different firewall technologies
Explain stateful firewall operations and the function of the state table
Implement Zone Based Firewall using SDM
Implement the Cisco IOS IPS feature set using SDM
Define network based vs. host based intrusion detection and prevention
Explain IPS technologies, attack responses, and monitoring options
Enable and verify Cisco IOS IPS operations using SDM
Implement site-to-site VPNs on Cisco Routers using SDM
Explain the different methods used in cryptography
Explain IKE protocol functionality and phases
Describe the building blocks of IPSec and the security functions it provides
Configure and verify an IPSec site-to-site VPN with pre-shared key authentication using SDM
Cisco 640-553
INS Implementing Cisco IOS Network Security
Q&A Demo
www.PassGuide.com
(C) Copyright 2006-2009 CertBible Tech LTD,All Rights Reserved.
Important Note
Please Read Carefully
Study Tips
This product will provide you questions and answers carefully compiled and written by our experts. Try to understand the concepts behind the questions instead of cramming the questions.
Go through the entire document at least twice so that you make sure that you are not
missing anything.
Latest Version
We are constantly reviewing our products. New material is added and old material is
revised. Free updates are available for 120 days after the purchase. You should check your
member zone at PassGuide an update 3-4 days before the scheduled exam date.
Feedback
If you spot a possible improvement then please let us know. We always interested in
improving product quality.
Feedback should be send to feedback@passguide.com. You should include the following:
Exam number, version, page number, question number, and your login ID.
Our experts will answer your mail promptly.
Be Prepared. Be Confident. Get Certified.
————————————————————————————————————————-
Sales and Support Manager
Sales Team: sales@passguide.com Support Team: support@passguide.com
———————————————————————————————————————
Copyright
Each pdf file contains a unique serial number associated with your particular name and
contact information for security purposes. So if we find out that a particular pdf file is
being distributed by you, CertBible reserves the right to take legal action against you
according to the International Copyright Laws.
QUESTION NO: 1
As a network engineer at CramBible.com, you are responsible for CramBible network. Which will be necessarily taken into consideration when implementing Syslogging in your network?
A. Log all messages to the system buffer so that they can be displayed when accessing the router.
B. Use SSH to access your Syslog information.
C.Enable the highest level of Syslogging available to ensure you log all possible event messages.
D. Syncronize clocks on the network with a protocol such as Network Time Protocol.
Answer: D
QUESTION NO: 2
Which classes does the U.S. government place classified data into? (Choose three.)
A. SBU
B. Confidential
C. Secret
D. Top-secret
Answer: B, C, D
QUESTION NO: 3
You are a network technician at CramBible.com. Which description is correct when you have generated RSA keys on your Cisco router to prepare for secure device management?
A.All vty ports are automatically enabled for SSH to provide secure management.
B. The SSH protocol is automatically enabled.
C. You must then zeroize the keys to reset secure shell before configuring other parameters.
D. You must then specify the general-purpose key size used for authentication with the crypto key generate rsa general-keys modulus command.
Answer: B
QUESTION NO: 4
Which method is of gaining access to a system that bypasses normal security measures?
A. Creating a back door
B. Starting a Smurf attack
C. Conducting social engineering
D. Launching a DoS attack
Answer: A
QUESTION NO: 5
As a candidate for CCNA examination, when you are familiar with the basic commands, if you input the command “enable secret level 5 password” in the global mode , what does it indicate?
A.Set the enable secret command to privilege level 5.
B. The enable secret password is hashed using SHA.
C. The enable secret password is hashed using MD5.
D. The enable secret password is encrypted using Cisco proprietary level 5 encryption.
E. The enable secret password is for accessing exec privilege level 5.
Answer: E
QUESTION NO: 6
Which statement is true about a Smurf attack?
A. It sends ping requests to a subnet, requesting that devices on that subnet send ping replies to a target system.
B. It intercepts the third step in a TCP three-way handshake to hijack a session.
C. It uses Trojan horse applications to create a distributed collection of “zombie”
computers, which can be used to launch a coordinated DDoS attack.
D. It sends ping requests in segments of an invalid size.
Answer: A
QUESTION NO: 7
Please choose the correct description about Cisco
Self-Defending Network characteristics.
A. INTEGRATED – CB1
COLLABORATIVE – CB2
ADAPTIVE – CB3
B. INTEGRATED – CB2
COLLABORATIVE – CB1
ADAPTIVE – CB3
C. INTEGRATED – CB2
COLLABORATIVE – CB3
ADAPTIVE – CB1
D. INTEGRATED – CB3
COLLABORATIVE – CB2
ADAPTIVE – CB1
Answer: B
QUESTION NO: 8
Which three items are Cisco best-practice recommendations for securing a network? (Choose three.)
A. Deploy HIPS software on all end-user workstations.
B. Routinely apply patches to operating systems and applications.
C. Disable unneeded services and ports on hosts.
D. Require strong passwords, and enable password expiration.
Answer: B, C, D
QUESTION NO: 9
With the increasing development of network, various network attacks appear. Which statement best describes the relationships between the attack method and the result?
A. Ping Sweep – CB1 and CB3
Port Scan – CB2, CB4 and CB5
B. Ping Sweep – CB2 and CB4
Port Scan – CB1, CB3 and CB5
C. Ping Sweep – CB1 and CB5
Port Scan – CB2, CB3 and CB4
D. Ping Sweep – CB2 and CB3
Port Scan – CB1, CB4 and CB5
Answer: B
QUESTION NO: 10
For the following attempts, which one is to ensure that no one employee becomes a pervasive security threat, that data can be recovered from backups, and that information system changes do not compromise a system’s security?
A. Disaster recovery
B. Strategic security planning
C. Implementation security
D. Operations security
Answer: D
QUESTION NO: 11
For the following options ,which one accurately matches the CLI command(s) to the equivalent SDM wizard that performs similar configuration functions?
A. setup exec command and the SDM Security Audit wizard
B. auto secure exec command and the SDM One-Step Lockdown wizard
C. aaa configuration commands and the SDM Basic Firewall wizard
D. Cisco Common Classification Policy Language configuration commands and the
SDM Site-to-Site VPN wizard
Answer: B
QUESTION NO: 12
Which three options are network evaluation techniques?
(Choose three.)
A. Scanning a network for active IP addresses and open ports on those IP addresses
B. Using password-cracking utilities
C. Performing end-user training on the use of antispyware software
D. Performing virus scans
Answer: A, B, D