Download New Updated (Spring 2015) Cisco 650-472 Actual Tests 41-50

Ensurepass

 

QUESTION 41

What is the purpose of local WebAuth on a Cisco Catalyst switch?

 

A.

It provides configurable guest access to nonsupplicant devices that lack local credentials.

B.

It provides configurable guest access to devices that have a supplicant when the authenticator is down or unreachable.

C.

It provides configurable guest access to devices that have a supplicant when the authentication server is down or unreachable.

D.

It provides configurable guest access to nonsupplicant devices that have local credentials.

E.

It provides configurable guest access to devices that have a supplicant but lack local credentials.

Correct Answer: D

 

 

QUESTION 42

Which three implementation modes are valid for phased implementation of Cisco TrustSec? (Choose three.)

 

A.

low-impact

B.

administrative trace

C.

monitor

D.

low-security

E.

high-impact

F.

high-security

 

Correct Answer: ACF

 

 

QUESTION 43

In which OSI layer does EAP operate?

 

A.

Layer 2 (data Link)

B.

Layer 4 (transport)

C.

Layer 7 (application)

D.

Layer 1 (physical)

E.

Layer 3 (network)

 

Correct Answer: A

 

 

QUESTION 44

Which Cisco TrustSec device performs user authenticated?

 

A.

RADIUS

B.

EAP

C.

supplicant

D.

authenticator

E.

authentication server

 

Correct Answer: E

 

 

QUESTION 45

Which three authentication c interface commands are valid for MACsec? (Choose three.)

 

A.

3k-access(config-if)# authentication host-mode multi-domain

B.

3k-access(config-if)# authentication host-mode multi-auth

C.

3k-access(config)# authentication host-mode single-host

D.

3k-access(config)# authentication host-mode multi-auth

E.

3k-access(config)# authentication host-mode multi-host

F.

3k-access(config-if)# authentication host-mode multi-host

G.

3k-access(config)# authentication host-mode multi-domain

H.

3k-access(config-if)# authentication host-mode single-host

Correct Answer: AFH

 

 

QUESTION 46

The information security policy of your organization requires that ports should remain administratively Up. Which selection represents the best practice for an 802.1X-enabled port that is configured to allow only one host to authenticate on the port?

 

A.

The 3k-access(config-if)# authentication violation shutdown command can be used to prevent a second MAC address from authenticating on the port.

B.

The 3k-access(config-if)# authentication violation restrict command can be used to prevent any MAC address from authenticating on the port.

C.

The 3k-access(config-if)# authentication violation ignore command can be used to prevent any MAC address from authenticating on the port.

D.

The 3k-access(config-if)# authentication violation shutdown command can be used to prevent a second MAC address from authenticating on the port.

 

Correct Answer: B

 

 

QUESTION 47

Which three statements about hosts moving from port to port on the same switch that is configured for 802.1X are true? (Choose three.)

 

A.

Cisco IP phones send a RADIUS packet with Cisco-av-pair UCPort= Disco to signal to the Cisco Catalyst switch that the tethered PC has disconnected.

B.

The 3k-access(config-if)# authentication violation replace command can be used to allow a new host to authenticate to an IP phone that is not manufactured by Cisco.

C.

The 3k-access(config-if)# authentication violation replace command can be used to allow a host to disconnect from an IP phone that is not manufactured by Cisco and authenticate on a different port on the same switch.

D.

The 3k-access(config)# authentication mac-move permit command can be used to allow a new host to authenticate to an IP phone that is not manufactured by Cisco Cisco IP phones use Cisco Discovery Protocol to signal to the Cisco Catalyst switch that the tethered PC has disconnected.

E.

The 3k-access(config)# authentication mac-move permit command can be used to allow a host to disconnect from an IP phone that is not manufactured by Cisco and authenticate on a different port on the same switch.

 

Correct Answer: ABE

 

 

QUESTION 48

What must be configured on a Microsoft Windows 7 host to enable the Microsoft 802.1X supplicant for wired networks?

 

 

Correct Answer: D

QUESTION 49

Which three selections are valid model numbers for Cisco ISE hardware appliances? (Choose three)

 

A.

Wired 802.1X support requires installation of Windows 7 Service Pack JL.

B.

The 802.1X supplicant in the Authentication tab of interface Properties must be enabled.

C.

The host must acquire its IP address from DHCP.

D.

The Microsoft Wired AutoConfig service must be started.

E.

802.1X must be enabled in BIOS.

F.

On systems running Intel 82566 Ethernet controllers, Intel driver vl6.1 or higher is required to enable 802.1X support.

A.

Cisco ISE 3355

B.

Cisco ISE 3315

C.

Cisco ISE 3390

D.

Cisco ISE 3350

E.

Cisco ISE 3395

F.

Cisco ISE 3310

 

Correct Answer: ABE

 

 

QUESTION 50

What is the purpose of the ip device-tracking command on a Cisco Catalyst switch?

 

A.

enables DHCP snooping, which creates a trusted binding table of MAC and IP addresses required by WebAuth

B.

enables the local DCHP proxy service required by WebAuth

C.

enables Dynamic ARP Inspection on an interface required by WebAuth

D.

enables ICMP probes to discover new hosts and add them to the tracking table required by WebAuth

E.

globally enables Dynamic ARP Inspection required by WebAuth

F.

enables ARP probes to discover new hosts and add them to the tracking table required by WebAuth

G.

enables port security required by WebAuth

 

Correct Answer: D

Free VCE & PDF File for Cisco 650-472 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …