210-260模擬対策、640-554日本語版
Implementing Cisco IOS Network Security
試験番号640-554
関連資格CCNA Security
概要
640-554 「Implementing Cisco IOS Network Security」 (IINS) は、CCNA Security 認定資格に関連する試験です。この試験は、制限時間 90 分、出題数 55 ~ 65 問で実施され、シスコのルータとスイッチ、およびそれらに関連するネットワークの保護に関する知識が問われます。この試験により、データおよびデバイスの整合性、機密性、可用性を維持するためのネットワーク デバイスの導入、トラブルシューティング、およびモニタリングのスキルを備えていることが証明され、シスコがセキュリティ インフラストラクチャで使用するテクノロジーに関する能力を有することが認定されます。
NO.1 What are three features of IPsec tunnel mode? (Choose three.)
A. IPsec tunnel mode supports multicast.
B. IPsec tunnel mode supports unicast traffic.
C. IPsec tunnel mode encrypts the entire packet.
D. IPsec tunnel mode is used between end stations.
E. IPsec tunnel mode encrypts only the payload.
F. IPsec tunnel mode is used between gateways.
Answer: B,C,F
640-554試験情報 640-554認定
NO.2 Refer to the exhibit.
You are a network manager for your organization. You are looking at your Syslog server reports.
Based on the Syslog message shown, which two statements are true? (Choose two.)
A. This is a normal system-generated information message and does not require further investigation.
B. This message is a level 5 notification message.
C. This message is unimportant and can be ignored.
D. Service timestamps have been globally enabled.
Answer: B,D
640-554認証試験 640-554試験問題集
Explanation:
http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configu
ration/guide/swlog.html
System Log Message Format
System log messages can contain up to 80 characters and a percent sign (%), which follows the
optional sequence number or time-stamp information, if configured. Messages appear in this
format:
seq no:timestamp: %facility-severity-MNEMONIC:description (hostname-n)
The part of the message preceding the percent sign depends on the setting of the service
sequence-numbers, service timestamps log datetime, service timestamps log datetime [localtime]
[msec] [show-timezone], or service timestamps log uptime global configuration command.
seq no:
Stamps log messages with a sequence number only if the service sequence-numbers global
configuration command is configured.
For more information, see the "Enabling and Disabling Sequence Numbers in Log Messages"
section.
timestamp formats:
mm/dd hh:mm:ss
or
hh:mm:ss (short uptime)
or
d h (long uptime)
Date and time of the message or event. This information appears only if the service timestamps
log [datetime | log] global configuration command is configured.
For more information, see the "Enabling and Disabling Time Stamps on Log Messages"
section.facility
The facility to which the message refers (for example, SNMP, SYS, and so forth). For a list of
supported facilities, see Table 29-4.severity
Single-digit code from 0 to 7 that is the severity of the message. For a description of the severity
levels, see Table 29-3.
MNEMONIC
Text string that uniquely describes the message.
description
Text string containing detailed information about the event being reported.
http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_55_se/configu
r
ation/guide/swlog.html
This example shows part of a logging display with the service timestamps log datetime global
configuration command enabled:
*Mar 1 18:46:11: %SYS-5-CONFIG_I: Configured from console by vty2 (10.34.195.36) (Switch-2)
NO.3 Which Cisco IOS command is used to verify that either the Cisco IOS image, the configuration
files, or both have been properly backed up and secured?
A. show archive
B. show secure bootset
C. dir archive
D. show file systems
E. dir
F. show flash
Answer: B
Explanation:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_resil_config_ps6
922_TSD_Products_Configuration_Guide_Chapter.html
Restrictions for Cisco IOS Resilient Configuration
This feature is available only on platforms that support a Personal Computer Memory Card
International Association (PCMCIA) Advanced Technology Attachment (ATA) disk. There must be
enough space on the storage device to accommodate at least one Cisco IOS image (two for upgrades)
and a copy of the running configuration. IOS Files System (IFS) support for secure file systems is also
needed by the software.
It may be possible to force removal of secured files using an older version of Cisco IOS software that
does not contain file system support for hidden files.
This feature can be disabled only by using a console connection to the router. With the exception of
the upgrade scenario, feature activation does not require console access.
You cannot secure a bootset with an image loaded from the network. The running image must be
loaded from persistent storage to be secured as primary.
Secured files will not appear on the output of a dir command issued from an executive shell because
the IFS prevents secure files in a directory from being listed. ROM monitor (ROMMON) mode does
not have any such restriction and can be used to list and boot secured files. The running image and
running configuration archives will not be visible in the Cisco IOS dir command output. Instead, use
the show secure bootset command to verify archive existence.
NO.4 With Cisco IOS zone-based policy firewall, by default, which three types of traffic are permitted
by the router when some of the router interfaces are assigned to a zone? (Choose three.)
A. traffic flowing among the interfaces that are not assigned to any zone
B. traffic flowing to the zone member interface that is returned traffic
C. traffic flowing between a zone member interface and another interface that belongs in a different
zone
D. traffic flowing among the interfaces that are members of the same zone
E. traffic flowing to and from the router interfaces (the self zone)
F. traffic flowing between a zone member interface and any interface that is not a zone member
Answer: A,D,E
Explanation:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994
.shtml
NO.5 You suspect that an attacker in your network has configured a rogue Layer 2 device to intercept
traffic from multiple VLANs, which allows the attacker to capture potentially sensitive data.
Which two methods will help to mitigate this type of activity? (Choose two.)
A. Secure the native VLAN, VLAN 1, with encryption.
B. Disable DTP on ports that require trunking.
C. Turn off all trunk ports and manually configure each VLAN as required on each port.
D. Place unused active ports in an unused VLAN.
E. Set the native VLAN on the trunk ports to an unused VLAN.
Answer: B,E
640-554受験料過去問 640-554資格問題集
NO.6 Which kind of table do most firewalls use today to keep track of the connections through the
firewall?
A. state
B. netflow
C. express forwarding
D. queuing
E. dynamic ACL
F. reflexive ACL
Answer: A
640-554割引
Explanation:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/intro.html
NO.7 Which statement about the Atomic signature engine is true?
A. It can perform signature matching on a single packet only.
B. It can examine applications independent of the platform.
C. It can perform signature matching on multiple packets.
D. It can flexibly match patterns in a session.
Answer: A
640-554費用
NO.8 Which option describes a function of a virtual VLAN?
A. A virtual VLAN adds every port on a switch to its own collision domain.
B. A virtual VLAN creates a logically partitioned LAN to place switch ports in a separate broadcast
domain.
C. A virtual VLAN creates trunks and links two switches together.
D. A virtual VLAN connects many hubs together.
Answer: B
210-260模擬対策は高品質の製品を提供するだけではなく、完全なアフターサービスも提供します。当社の製品を利用したら、一年間の無料更新サービスを提供します。しかも、速いスピードで受験生の皆様に提供して差し上げます。あなたがいつでも最新の試験資料を持っていることを保証します。
JapanCertが提供した対応性の訓練問題をテストにして初めてCiscoの640-554日本語版に参加する受験者の最もよいな選択でございます。真実試験問題が似てるのを確保することができて一回合格するのは目標にしています。もし試験に失敗したら、弊社が全額で返金いたします。
JapanCertは Ciscoの640-554日本語版の認証に対して特別な教育ツールで、あなたに多くの時間とお金が使わないようにIT技術にも身につけさせるサイトでございます。JapanCertは専門家チームが自分の知識と経験をを利用してCiscoの640-554日本語版の問題集を研究したものでございます。
試験番号:640-554日本語版試験科目:「Implementing Cisco IOS Network Security (IINS v2.0)」
最近更新時間:2015-12-28
問題と解答:289
何でも上昇しているこの時代に、自分の制限を突破したくないのですか。給料を倍増させることも不可能ではないです。Ciscoの640-554日本語版に合格したら、あなたは夢を実現することができます。JapanCertはあなたの最高のトレーニング資料を提供して、100パーセントの合格率を保証します。これは本当のことです。疑いなくすぐJapanCertのCiscoの640-554日本語版トレーニング資料を購入しましょう。
購入前にお試し,私たちの試験の質問と回答のいずれかの無料サンプルをダウンロード:http://www.japancert.com/640-554.html
640-554コンポーネント : http://jp.microsoft-braindump.com/?p=2030
