Download New Updated (Spring 2015) Cisco 500-254 Actual Tests 21-30

Ensurepass

 

QUESTION 21

Which two dictionary groups does Cisco ISE provide? (Choose two.)

 

A.

system-defined

B.

RADIUS vendor

C.

RADIUS IETF

D.

user-defined

E.

LDAP

F.

Active Directory

 

Correct Answer: AD

 

 

QUESTION 22

What is the limit of groups that Cisco ISE can retrieve from an Active Directory?

 

A.

10

B.

50

C.

100

D.

150

E
.

200

 

Correct Answer: C

 

QUESTION 23

Which global command is used to activate 802.1X on a switch?

 

A.

dot1x enable

B.

dot1x system-auth-control

C.

dot1x service start

D.

dot1x switchport enable

 

Correct Answer: B

 

 

QUESTION 24

Which two commands are needed to configure 802.1X open mode? (Choose two.)

 

A.

authentication event

B.

authentication host-mode multi-auth

C.

authentication host-mode single domain

D.

authentication open

 

Correct Answer: BD

 

 

QUESTION 25

Which statement is true about 802.1X closed mode?

 

A.

It is the default configuration of an 802.1X-enabled switch port.

B.

Only EAPOL traffic is allowed until the authentication process is finished.

C.

DNS and DHCP are allowed before authentication.

D.

Cisco Discovery Protocol is allowed before authentication.

E.

Only EAPOL and Cisco Discovery Protocol are allowed until the authentication process completes.

 

Correct Answer: D

 

 

QUESTION 26

The 802.1X protocol supports which two port types? (Choose two.)

 

A.

Layer 2 access port

B.

trunk port

C.

dynamic port

D.

Layer 3 access port

E.

EtherChannel port

 

Correct Answer: AD

 

 

QUESTION 27

What is the default period for Cisco ISE to automatically purge expired guest accounts?

 

A.

immediately after expiration

B.

1 day

C.

7 days

D.

15 days

E.

30 days

 

Correct Answer: D

 

 

QUESTION 28

What is the recommended time zone for Cisco ISE installations?

 

A.

customer local time zone

B.

customer headquarters time zone

C.

Pacific time

D.

Coordinated Universal Time

 

Correct Answer: D

 

 

QUESTION 29

Which two EAP authentication methods require only a server certificate? (Choose two.)

 

A.

EAP-TLS

B.

EAP-FAST

C.

EAP-GTC

D.

EAP-MD5

E.

PEAP-MS-CHAPv2

 

Correct Answer: CE

 

 

QUESTION 30

Which three encryption policies does MACsec support? (Choose three.)

 

A.

always-secure

B.

must-secure

C.

should-secure

D.

never-secure

E.

must-not-secure

 

Correct Answer: BCE

 

Free VCE & PDF File for Cisco 500-254 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …