Download New Updated (Spring 2015) Cisco 650-472 Actual Tests 21-30

Ensurepass

 

QUESTION 21

Which two sets of ports does Cisco ISE listen on for RADIUS authentication and accounting messages? (Choose two.)

 

A.

UDP – Authentication 1535/Accounting 1536

B.

UDP – Authentication 1645/Accounting 1646

C.

TCP – Authentication 1535/Accounting 1536

D.

TCP – Authentication 1645/Accounting 1646

E.

UDP – Authentication 1812/Accounting 1813

F.

TCP – Authentication 1812/Accounting 1813

 

Correct Answer: BE

 

 

QUESTION 22

Which three elements are required fields when adding a Cisco Wireless IAN Controller as a network device in Cisco ISE? (Choose three)

 

A.

Name

B.

Software Version

C.

Device Configuration Deployment

D.

RADIUS Shared Secret

E.

SSID

F.

Model Number

G.

IP Address

 

Correct Answer: ADG

 

QUESTION 23

During initial ISE setup, foe which three of the following required and optional elements does the setup script prompt the administrator to enter a value? (Choose three)

 

A.

Device Gateway

B.

Static Host Routes

C.

IP Address

D.

Active Directory Domain Name

E.

Path to RSA SecuriD Seed File

F.

NTP Server IP Address

G.

Path to RAMUS Seed File

 

Correct Answer: ACD

 

 

QUESTION 24

What action must be performed immediately after initial login to the Cisco ISE GUI?

 

A.

Configure an alternate local administrator account for password recovery.

B.

Configure profiling services to authenticate IP phones for MAB.

C.

Join a Microsoft Active Directory domain for time synchronization.

D.

Change the administrative user account password.

E.

Configure an NTP server for time synchronization.

F.

Configure RSA SecurelD to secure administrative access to Cisco ISE.

 

Correct Answer: E

 

 

QUESTION 25

Which method provides authenticated guest access to nonsupplicant hosts?

 

A.

restricted VIAN

B.

authentication fallback

C.

authentication proxy

D.

web authentication

E.

guest VIAN

F.

flexible authentication

 

Correct Answer: D

 

 

QUESTION 26

Which hardware component of a Cisco TrustSec solution for 802.1X is optional but widely adopted in most networks?

 

A.

external Authentication server

B.

Cisco AnyConnect Secure Mobility Client

C.

authentication server

D.

authenticator

E.

Cisco 4200 Series IPS

 

Correct Answer: B

QUESTION 27

Consider a design where a Cisco Catalyst switch that supports Network Edge Access Topology (NEAT) is connected to an upstream switch that requires 802.1X authentication on the switch-to-switch link. What differentiates a Cisco Catalyst switch configured for NEAT from an unmanaged switch connected to the same upstream switch port?

 

A.

Switches that support NEAT can be configured with a port in supplicant mode.

B.

Switches that support NEAT can perform Layer 2 MAC address translation to allow multiple hosts to be seen by the upstream switch as the same host.

C.

Switches that support NEAT can be configured with a port in authenticator mode that supports authentication multi-host.

D.

Switches that support NEAT can be configured with a port in authenticator mode that supports authentication multi-auth.

 

Correct Answer: A

 

 

QUESTION 28

Which two of these Cisco products can act as 802.1X authenticates? (Choose two.)

 

A.

Cisco 4255 Intrusion Prevention Sensor

B.

Cisco Catalyst 37SO Series Switch

C.

Cisco Wireless LAN Control

D.

Cisco Secure Access Control Server for Widows


E.

Cisco 3640 Rooter

F.

Cisco 5510 Adaptive Security Appliance

G.

Cisco Secure Access Control Solution for Windows

H.

Cisco 4255 Intrusion Prevention System

 

Correct Answer: CD

 

 

QUESTION 29

What is the purpose of the fallback profile command?

 

A.

This command configures the Critical VLAN policy on an interface.

B.

This command configures a WebAuth profile to use in the event that MAB authentication fails.

C.

This command configures a WebAuth profile to use in the event that 802.1X authentication fails.

D.

This command globally enables WebAuth authentication.

E.

This command configures the Guest VLAN policy on an interface.

F.

This command configures the Restricted VLAN policy on an interface.

 

Correct Answer: C

 

 

QUESTION 30

What is the purpose of the restricted VLAN (authentication failed VLAN) on a Cisco Catalyst switch?

 

A.

It provides configurable guest access to nonsupplicant devices that have local credentials.

B.

It provides configurable guest access to devices that have a supplicant when the authenticator is down or unreachable.

C.

It provides configurable guest access to nonsupplicant devices that lack local credentials.

D.

It provides configurable guest access to devices that have a supplicant when the authentication server is down or unreachable.

E.

It provides configurable guest access to devices that have a supplicant but lack local credentials.

 

Correct Answer: E

 

Free VCE & PDF File for Cisco 650-472 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …