Question 23
Which two functions are required for IPsec operation? (Choose two.)
A. using SHA for encryption
B. using PKI for pre-shared key authentication
C. using IKE to negotiate the SA
D. using AH protocols for encryption and authentication
E. using Diffie-Hellman to establish a shared-secret key
Answer: C,E
Explanation:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a0080094203.shtml
Configure ISAKMP IKE exists only to establish SAs for IPsec. Before it can do this, IKE must negotiate an SA(an ISAKMP SA) relationship with the peer. Since IKE negotiates its own policy, it is possible to configure multiple policy statements with different configuration statements, then let the two hosts come to an agreement. ISAKMP negotiates:
Oakley
This is a key exchange protocol that defines how to acquire authenticated keying material.The basic mechanism for Oakley is the Diffie-Hellman key exchange algorithm. You can find the standard in RFC 2412: The OAKLEY Key Determination Protocol leavingcisco.com.
Friday, 2 December 2016
Monday, 28 November 2016
Get Valid & Updated Cisco 640-554 Exam Questions
Question 22
What is the best way to prevent a VLAN hopping attack?
A. Encapsulate trunk ports with IEEE 802.1Q.
B. Physically secure data closets.
C. Disable DTP negotiations.
D. Enable BDPU guard.
Answer: C
Explanation:
802.1Q and ISL Tagging Attack
Tagging attacks are malicious schemes that allow a user on a VLAN to get unauthorized access to another VLAN. For example, if a switch port were configured as DTP auto and were to receive a fake DTP packet, it might become a trunk port and it might start accepting traffic destined for any VLAN. Therefore, a malicious user could start communicating with other VLANs through that compromised port. Sometimes, even when simply receiving regular packets, a switch port may behave like a full-fledged trunk port (for example, accept packets for VLANs different from the native),even if it is not supposed to. This is commonly referred to as "VLAN leaking" (see [5] for are port on a similar issue).
What is the best way to prevent a VLAN hopping attack?
A. Encapsulate trunk ports with IEEE 802.1Q.
B. Physically secure data closets.
C. Disable DTP negotiations.
D. Enable BDPU guard.
Answer: C
Explanation:
802.1Q and ISL Tagging Attack
Tagging attacks are malicious schemes that allow a user on a VLAN to get unauthorized access to another VLAN. For example, if a switch port were configured as DTP auto and were to receive a fake DTP packet, it might become a trunk port and it might start accepting traffic destined for any VLAN. Therefore, a malicious user could start communicating with other VLANs through that compromised port. Sometimes, even when simply receiving regular packets, a switch port may behave like a full-fledged trunk port (for example, accept packets for VLANs different from the native),even if it is not supposed to. This is commonly referred to as "VLAN leaking" (see [5] for are port on a similar issue).
Friday, 18 November 2016
Free 640-554 Cisco Exam Questions Dumps
Question 21
Which router management feature provides for the ability to configure multiple administrative views?
A. role-based CLI
B. virtual routing and forwarding
C. secure config privilege {level}
D. parser view view name
Answer: A
Explanation:
Role-Based CLI Access
The Role-Based CLI Access feature allows the network administrator to define "views,"which are a set of operational commands and configuration capabilities that provide selective or partial access to Cisco IOS EXEC and configuration(Config) mode commands. Views restrict user access to Cisco IOS command-line interface (CLI) and configuration information; that is, a view can define what commands are accepted and what configuration information is visible. Thus, network administrators can exercise better control over access to Cisco networking devices.
Which router management feature provides for the ability to configure multiple administrative views?
A. role-based CLI
B. virtual routing and forwarding
C. secure config privilege {level}
D. parser view view name
Answer: A
Explanation:
Role-Based CLI Access
The Role-Based CLI Access feature allows the network administrator to define "views,"which are a set of operational commands and configuration capabilities that provide selective or partial access to Cisco IOS EXEC and configuration(Config) mode commands. Views restrict user access to Cisco IOS command-line interface (CLI) and configuration information; that is, a view can define what commands are accepted and what configuration information is visible. Thus, network administrators can exercise better control over access to Cisco networking devices.
Saturday, 23 July 2016
Cisco 640-554 Exam Study Material
Question 20
Which command enables Cisco IOS image resilience?
A. secure boot-<IOS image filename>
B. secure boot-running-config
C. secure boot-start
D. secure boot-image
Answer: D
Explanation:
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_book.html
secure boot-config
To take a snapshot of the router running configuration and securely archive it in persistent
storage, use the secure boot-config command in global configuration mode. To remove the secure configuration archive and disable configuration resilience, use the no form of this command.
Which command enables Cisco IOS image resilience?
A. secure boot-<IOS image filename>
B. secure boot-running-config
C. secure boot-start
D. secure boot-image
Answer: D
Explanation:
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_book.html
secure boot-config
To take a snapshot of the router running configuration and securely archive it in persistent
storage, use the secure boot-config command in global configuration mode. To remove the secure configuration archive and disable configuration resilience, use the no form of this command.
Saturday, 25 June 2016
Get Actual 640-554 Cisco Exam Dumps
640-554 Question 19
Which two considerations about secure network management are important? (Choose two.)
A. log tampering
B. encryption algorithm strength
C. accurate time stamping
D. off-site storage
E. Use RADIUS for router commands authorization.
F. Do not use a loopback interface for device management access.
Answer: A,C
Explanation: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/best/practices/recommendations.html
Enable Timestamped Messages
Enable timestamps on log messages:
Router(config)# service timestamps log datetime localtime show-timezone msec
Enable timestamps on system debug messages:
Router(config)# service timestamps debug datetime localtime show-timezone msec
Which two considerations about secure network management are important? (Choose two.)
A. log tampering
B. encryption algorithm strength
C. accurate time stamping
D. off-site storage
E. Use RADIUS for router commands authorization.
F. Do not use a loopback interface for device management access.
Answer: A,C
Explanation: http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/best/practices/recommendations.html
Enable Timestamped Messages
Enable timestamps on log messages:
Router(config)# service timestamps log datetime localtime show-timezone msec
Enable timestamps on system debug messages:
Router(config)# service timestamps debug datetime localtime show-timezone msec
Saturday, 14 May 2016
Cisco's CTO Charts A New Direction
We are on the verge of two huge progress that will define the next generation data center. One is a new architecture for Internet applications , where operating microservices in containers on infrastructure cloud dramatically improve hardware utilization and accelerate the implementation and deployment dev . The other is the proliferation of analyzes grand memory and learning of the machine , allowing self- optimizing infrastructure , increased security and better business decisions.
Internet giants like Google HyperScale , Twitter and Facebook already have these technologies in production by building their own solutions and reap the benefits. But micro services containerized and ubiquitous analyzes to flow and transform ordinary businesses , a new range of solutions must be developed.
[Data and applications of your business will grow , but you can manage the convergence of infrastructures without losing your grip. | Keep up with the latest methods of managing information overload and compliance in the explosion InfoWorld Enterprise Data Spotlight and digital storage form.]
At first glance, networking and server giant Cisco as a company seems unlikely to take this cause. But in an exclusive interview with InfoWorld last week Zorawar Biri Singh , who joined Cisco as CTO in July 2015, said his company plans to play a key role in the conduct of these two important trends.
Formerly a senior executive for cloud HP and IBM , most recently a partner at Khosla Ventures, Singh 's vision represents a new direction for the company, with product details to emerge later this year in a series of announcements.
Orchestrating the future
A fundamental principle of the vision of Singh is orchestration. Microservices must be orchestrated to coordinate the application , portability and management, with partial solutions such as Mesos Kubernetes and open source projects already available. Singh said Cisco will build on these existing projects but ACI (Application Centric Infrastructure) , sophisticated twist on Cisco SDN , will play an essential role orchestration . Cisco UCS ( Unified Computing System ) , the popular convergence server introduced in 2009 , will also be part of the solution:
Our vision of the future, and it happens fast enough, is a tight coupling of the UCS and ACI with an orchestration layer , largely focusing the ACI port was architected . I would say it is almost the same. This is our basic knit orchestration . We feel like a battery . You computing, networking and storage together.
The way we frame it is : How do you get on to all the requirements for everything from managing clusters and that these Web technologies - scale as Mesos and Kubernetes and Docker Swarm focus on - which is very specific, the well defined cluster infrastructure ? How do you handle all the way up to very sharp orchestration lifecycle orchestration level in terms of configuration management tools like head , puppet, Salt , all this? We have an integrated life cycle in this area and we play with it. We get some pretty significant traction.
Although breaking monolithic applications running in this container microservices significant benefits, the networking of the scale container swarms using the tools of today gives a migraine operations. Singh cites an open source project launched last year , for example, Cisco's work in this area : The container network Contiv plugin , which allows administrators to implement infrastructure and security policies for microservices deployments. In addition, Singh said , Cisco has actually built his own , PaaS light high containers called Mantl . Singh explains how it will all come together :
The broad vision would be a very tightly coupled new generation of battery ; computing , storage, network , network centric ACI- and orchestration with some of the things we talked about Contiv Mantl or fully cooked in, certified by Cisco , driven by our direct team , driven by our partners as the data center new generation to build on . We believe we will be well placed for this.
Clearly, Cisco is the higher cap than the simple growth of its server activities or consolidate its dominant position in the networks. To my knowledge, this is the first time that Cisco has publicly discussed such, all-encompassing prospective vision of the data center .
Analytics everywhere
That vision extends to analytics . For years , companies -have used solutions Such As Splunk gold ELK the stack to pool and analyze log files em to get a deeper view of infrastructure , Mainly for the Purposes of optimization and to Identify patterns indicate indication indication That security threats . More Recently , machine learning has-been Applied to All That parse log data area and significant trends and events .
Cisco has already taken a step in this direction with its Connected Analytics software portfolio, which targets not only data center infrastructure but also streaming data from the Internet of things. Singh wants to take this to the next level:
We do a huge amount in deep learning , machine learning , and analysis. We will flood all the Cisco portfolio analysis capabilities , L2 , L3 and above . I think there will be many significant things we can do, but I 'm very excited about the part of the data center. That's what I'm working on the last few months.
Singh notes that MapReduce/Hadoop has not taken off like the industry thought it would, but that with the advent of streaming analytics it’s a whole new ball game, and Cisco intends to play:
We see a world where you streaming real-time analytics across petabyte , sub- second analysis . This is a world that has something like, from the standpoint of technology, a streaming Kafka pipe as in hundreds of billions of events , first in a JSON streaming engine like Spark or Samza in a series of database Druid time as you could then hold Cassandra and persist it . Then you can throw analytical tools on top of it and actually interact with real-time data flow and begin to build new generation of applications running on a stack of containers ... and redefine the way which applications are made - much more real- time and interactive.
If you think about it and you think about our role in the networking and the data center and some of the things we do in terms of security, for us, we will take our analytics platform ... and basically streamline the entire company to Cisco.
Regarding learning machine , Singh said that Cisco plans to invest massively , including hiring " a group of doctors " to start adding machine learning and analytical capacity to almost all Cisco products. " My thesis is that the analysis based on machine learning is the secret sauce with which every future , the next generation software offer will be built ," he said . "We think that will play to our network based data center offerings "as well as for security and Cisco Internet efforts - things.
According to Singh, this vision extends to cognitive computing in a collaborative work space environment:
Regarding the learning machine , Singh said that Cisco plans to invest heavily , including hiring "a group of physicians" to begin adding machine learning and analytical capacity to almost all Cisco products . "My thesis is that the analysis based on machine learning is the secret sauce with which each future the software offer next generation will be built , " he said. "We think that will play to our offers network data centers based" as well as for security and Cisco Internet efforts - things.
So when will such solutions arrive from Cisco? Singh says to “stay tuned,” because the company will showcase some of these capabilities in a matter of months.
Building the next generation
In all, it seems a lot of technological development for a company to bite, even a Cisco size. At the strategic level, Singh and Cisco have clearly identified where enterprise computing is headed. Enforcement can be difficult, in part because the prevailing opinion of the new generation of data center physical infrastructure implies a commodity - not exactly what Cisco is known for.
Secondly, what other industry giants can lead companies to the promised land? Nobody thought Cisco might dominate the business networking as it has . Its highly scalable fabric of the network data center, AIT, which Singh said will be crucial for the company's orchestration of efforts, recently won an InfoWorld Technology of the Year . Moreover, thanks to UCS, the company is tied for fourth place in the server market ( according to the latest IDC figures ) and seems likely to go higher.
This strong position could be a base for Cisco opens the way to allow for future container gazillions Micro service orchestrated in the production and analysis machine learning infused that invade every corner of the data center. At least, Singh made a convincing argument that Cisco is looking forward, not backward, and a heel on the most important trends of the business. We look forward to seeing real solutions that emerge in the coming months.
Internet giants like Google HyperScale , Twitter and Facebook already have these technologies in production by building their own solutions and reap the benefits. But micro services containerized and ubiquitous analyzes to flow and transform ordinary businesses , a new range of solutions must be developed.
[Data and applications of your business will grow , but you can manage the convergence of infrastructures without losing your grip. | Keep up with the latest methods of managing information overload and compliance in the explosion InfoWorld Enterprise Data Spotlight and digital storage form.]
At first glance, networking and server giant Cisco as a company seems unlikely to take this cause. But in an exclusive interview with InfoWorld last week Zorawar Biri Singh , who joined Cisco as CTO in July 2015, said his company plans to play a key role in the conduct of these two important trends.
Formerly a senior executive for cloud HP and IBM , most recently a partner at Khosla Ventures, Singh 's vision represents a new direction for the company, with product details to emerge later this year in a series of announcements.
Orchestrating the future
A fundamental principle of the vision of Singh is orchestration. Microservices must be orchestrated to coordinate the application , portability and management, with partial solutions such as Mesos Kubernetes and open source projects already available. Singh said Cisco will build on these existing projects but ACI (Application Centric Infrastructure) , sophisticated twist on Cisco SDN , will play an essential role orchestration . Cisco UCS ( Unified Computing System ) , the popular convergence server introduced in 2009 , will also be part of the solution:
Our vision of the future, and it happens fast enough, is a tight coupling of the UCS and ACI with an orchestration layer , largely focusing the ACI port was architected . I would say it is almost the same. This is our basic knit orchestration . We feel like a battery . You computing, networking and storage together.
The way we frame it is : How do you get on to all the requirements for everything from managing clusters and that these Web technologies - scale as Mesos and Kubernetes and Docker Swarm focus on - which is very specific, the well defined cluster infrastructure ? How do you handle all the way up to very sharp orchestration lifecycle orchestration level in terms of configuration management tools like head , puppet, Salt , all this? We have an integrated life cycle in this area and we play with it. We get some pretty significant traction.
Although breaking monolithic applications running in this container microservices significant benefits, the networking of the scale container swarms using the tools of today gives a migraine operations. Singh cites an open source project launched last year , for example, Cisco's work in this area : The container network Contiv plugin , which allows administrators to implement infrastructure and security policies for microservices deployments. In addition, Singh said , Cisco has actually built his own , PaaS light high containers called Mantl . Singh explains how it will all come together :
The broad vision would be a very tightly coupled new generation of battery ; computing , storage, network , network centric ACI- and orchestration with some of the things we talked about Contiv Mantl or fully cooked in, certified by Cisco , driven by our direct team , driven by our partners as the data center new generation to build on . We believe we will be well placed for this.
Clearly, Cisco is the higher cap than the simple growth of its server activities or consolidate its dominant position in the networks. To my knowledge, this is the first time that Cisco has publicly discussed such, all-encompassing prospective vision of the data center .
Analytics everywhere
That vision extends to analytics . For years , companies -have used solutions Such As Splunk gold ELK the stack to pool and analyze log files em to get a deeper view of infrastructure , Mainly for the Purposes of optimization and to Identify patterns indicate indication indication That security threats . More Recently , machine learning has-been Applied to All That parse log data area and significant trends and events .
Cisco has already taken a step in this direction with its Connected Analytics software portfolio, which targets not only data center infrastructure but also streaming data from the Internet of things. Singh wants to take this to the next level:
We do a huge amount in deep learning , machine learning , and analysis. We will flood all the Cisco portfolio analysis capabilities , L2 , L3 and above . I think there will be many significant things we can do, but I 'm very excited about the part of the data center. That's what I'm working on the last few months.
Singh notes that MapReduce/Hadoop has not taken off like the industry thought it would, but that with the advent of streaming analytics it’s a whole new ball game, and Cisco intends to play:
We see a world where you streaming real-time analytics across petabyte , sub- second analysis . This is a world that has something like, from the standpoint of technology, a streaming Kafka pipe as in hundreds of billions of events , first in a JSON streaming engine like Spark or Samza in a series of database Druid time as you could then hold Cassandra and persist it . Then you can throw analytical tools on top of it and actually interact with real-time data flow and begin to build new generation of applications running on a stack of containers ... and redefine the way which applications are made - much more real- time and interactive.
If you think about it and you think about our role in the networking and the data center and some of the things we do in terms of security, for us, we will take our analytics platform ... and basically streamline the entire company to Cisco.
Regarding learning machine , Singh said that Cisco plans to invest massively , including hiring " a group of doctors " to start adding machine learning and analytical capacity to almost all Cisco products. " My thesis is that the analysis based on machine learning is the secret sauce with which every future , the next generation software offer will be built ," he said . "We think that will play to our network based data center offerings "as well as for security and Cisco Internet efforts - things.
According to Singh, this vision extends to cognitive computing in a collaborative work space environment:
Regarding the learning machine , Singh said that Cisco plans to invest heavily , including hiring "a group of physicians" to begin adding machine learning and analytical capacity to almost all Cisco products . "My thesis is that the analysis based on machine learning is the secret sauce with which each future the software offer next generation will be built , " he said. "We think that will play to our offers network data centers based" as well as for security and Cisco Internet efforts - things.
So when will such solutions arrive from Cisco? Singh says to “stay tuned,” because the company will showcase some of these capabilities in a matter of months.
Building the next generation
In all, it seems a lot of technological development for a company to bite, even a Cisco size. At the strategic level, Singh and Cisco have clearly identified where enterprise computing is headed. Enforcement can be difficult, in part because the prevailing opinion of the new generation of data center physical infrastructure implies a commodity - not exactly what Cisco is known for.
Secondly, what other industry giants can lead companies to the promised land? Nobody thought Cisco might dominate the business networking as it has . Its highly scalable fabric of the network data center, AIT, which Singh said will be crucial for the company's orchestration of efforts, recently won an InfoWorld Technology of the Year . Moreover, thanks to UCS, the company is tied for fourth place in the server market ( according to the latest IDC figures ) and seems likely to go higher.
This strong position could be a base for Cisco opens the way to allow for future container gazillions Micro service orchestrated in the production and analysis machine learning infused that invade every corner of the data center. At least, Singh made a convincing argument that Cisco is looking forward, not backward, and a heel on the most important trends of the business. We look forward to seeing real solutions that emerge in the coming months.
Monday, 2 May 2016
640-554 Cisco Exam Question Answers
640-554 Question 18
Which protocol secures router management session traffic?
A. SSTP
B. POP
C. Telnet
D. SSH
Answer: D
Explanation: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
Encrypting Management Sessions
Because information can be disclosed during an interactive management session, this traffic must be encrypted so that a malicious user cannot gain access to the data being transmitted. Encrypting the traffic allows a secure remote access connection to the device. If the traffic for a management session is sent over the network in cleartext, an attacker can obtain sensitive information about the device and the network. An administrator is able to establish an encrypted and secure remote access management connection to a device by using the SSH or HTTPS (Secure Hypertext Transfer Protocol) features. Cisco IOS software supports SSH version 1.0 (SSHv1), SSH version 2.0 (SSHv2), and HTTPS that uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS) for authentication and data encryption. Note that SSHv1 and SSHv2 are not compatible.
Cisco IOS software also supports the Secure Copy Protocol (SCP), which allows an encrypted and secure connection for copying device configurations or software images. SCP relies on SSH. This example configuration enables SSH on a Cisco IOS device:
!
ip domain-name example.com
!
crypto key generate rsa modulus 2048
!
ip ssh time-out 60
ip ssh authentication-retries 3
ip ssh source-interface GigabitEthernet 0/1
!
line vty 0 4
transport input ssh
!
Which protocol secures router management session traffic?
A. SSTP
B. POP
C. Telnet
D. SSH
Answer: D
Explanation: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
Encrypting Management Sessions
Because information can be disclosed during an interactive management session, this traffic must be encrypted so that a malicious user cannot gain access to the data being transmitted. Encrypting the traffic allows a secure remote access connection to the device. If the traffic for a management session is sent over the network in cleartext, an attacker can obtain sensitive information about the device and the network. An administrator is able to establish an encrypted and secure remote access management connection to a device by using the SSH or HTTPS (Secure Hypertext Transfer Protocol) features. Cisco IOS software supports SSH version 1.0 (SSHv1), SSH version 2.0 (SSHv2), and HTTPS that uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS) for authentication and data encryption. Note that SSHv1 and SSHv2 are not compatible.
Cisco IOS software also supports the Secure Copy Protocol (SCP), which allows an encrypted and secure connection for copying device configurations or software images. SCP relies on SSH. This example configuration enables SSH on a Cisco IOS device:
!
ip domain-name example.com
!
crypto key generate rsa modulus 2048
!
ip ssh time-out 60
ip ssh authentication-retries 3
ip ssh source-interface GigabitEthernet 0/1
!
line vty 0 4
transport input ssh
!
Subscribe to:
Posts (Atom)