Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
650-472 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader Cisco 650-472 Dumps with VCE and PDF 11-20

September 6, 2017

EnsurePass
2017 Sep Cisco Official New Released 650-472
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/650-472.html

Introduction to 802.1X Operations for Cisco Security Professionals Exam

Question No: 11

Which two Cisco Catalyst switch command fragments enable WebAuth support on an interface? (Choose two.)

  1. 3k-access(config-if)# authentication fallback

  2. 3k-access(config-if)# authentication dotlx webauth

  3. 3k-access(config-if)S authentication webauth

  4. 3k-access(config-if)# dotlx priority webauth

  5. 3k-access(config-if)- ip admission

  6. 3k-access(config-if)ff dotlx fallback

  7. 3k-access(config-if)# authentication order dotlx webauth

Answer: A,E

Question No: 12

Which two statements are true with regard to the inner and outer phases of an EAP method? (Choose two.)

  1. PEAP can include an optional phase 0 for PAC provisioning.

  2. All EAP methods include an inner and outer phase.

  3. The outer phase is used for authentication.

  4. The inner phase is used for authentication.

  5. The outer phase is used for securing the communication channel.

  6. The inner phase is used for securing the communication channel.

Answer: D,E

Question No: 13

Which Cisco ISE persona must run on dedicated hardware?

  1. Inline Posture

  2. Administrative

  3. Centralized

  4. Monitoring

  5. Distributed Policy

  6. Policy Services

  7. Standalone

Answer: A

Question No: 14

Which statement accurately describes why it is a best practice to pre-populate the MAC addresses of non-802.1X-capable Cisco IP phones into an endpoint database?

  1. If the MAC address is not found in an endpoint database, any PC tethered to the Cisco IP phone will be allowed to access the network unauthenticated.

  2. If the MAC address is not found in an endpoint database, it will take 3 MAB timeouts (90 seconds) before the MAC address of the Cisco IP phone is automatically entered in the database. No calls can be made in the interim.

  3. If the MAC address is not found in an endpoint database, authentication will fail for the Cisco IP phone and the tethered PC port on the phone will be set to err-disable. The PC will not be able to communicate on the network.

  4. If the MAC address is not found in an endpoint database, authentication will fail for the Cisco IP phone and the Catalyst switch port will be set to err-disable. Neither the PC host nor the phone will be able to communicate on the network.

Answer: B

Question No: 15

Which two Cisco security products act as 802.1X authenticate servers? (Choose two)

  1. Cisco Security Agent

  2. CiscoWorks LAN Management System

  3. Cisco Information Security Engine

  4. Cisco Security Manager

  5. Cisco Secure Access Control System for Windows

  6. CiscoWorks LAN Management Solution

  7. CiscoWorks Open RADIUS Server

  8. Cisco Identity Services Engine

Answer: E,H

Question No: 16

Which two EAP methods require server-side digital certificates? (Choose two)

  1. EAP-FAST

  2. PEAP

  3. LEAP

  4. EAP-MD5

  5. EAP-TLS

Answer: B,E

Question No: 17

Which two statements are true regarding load balancing Cisco ISE Policy Services nodes with a Cisco Application Control Engine? (Choose two.)

  1. Each Cisco ISE Policy Services node must be configured with an identical unicast IP address that is used to receive policy requests from the load balancer.

  2. Each Cisco ISE Policy Services node must be configured with a unique (and non-

    reserved) multicast IP address that is used as a heartbeat channel.

  3. Each Cisco ISE Policy Services node must be configured with an identical (and non- reserved) multicast IP address that is used as a heartbeat channel.

  4. The virtual IP address of the ACE must be on the same IP subnet as the unicast subnet of the Cisco ISE Policy Services node.

  5. The virtual IP address of the ACE must not be on the same IP subnet as the unicast subnet of the Cisco ISE Policy Services node.

  6. Each Cisco ISE Policy Services node must be configured with a unique unicast IP address that is used to receive policy requests from the load balancer.

Answer: D,F

Question No: 18

Which statement is true for certificate auto-enrollment on a Cisco IP phone?

  1. Cisco Unified Communications Manager CA Proxy Function (CAPF) is capable of auto- enrolling certificates.

  2. Cisco Unified Communications Manager Certificate Auto-Enroll Function (CAEF) is capable of auto-enrolling certificates.

  3. Cisco IP phones are capable of using digital certificates, but manual enrollment is required.

  4. Cisco IP phones are not capable of using digital certificates.

  5. Microsoft Windows 2003 Certificate Server Telephony plug-in can be used for auto- enrolling certificates.

  6. Microsoft Windows 2008 Enterprise Certificate Server Telephony plug-in can be used for auto-enrolling certificates.

Answer: A

Question No: 19

What is the purpose of the guest VLAN on a Cisco Catalyst switch?

  1. It provides configurable guest access to devices that have a supplicant but lack local credentials.

  2. It provides configurable guest access to non-supplicant devices that lack local credentials.

  3. It provides configurable guest access to devices that have a supplicant when the authenticator is down or unreachable.

  4. It provides configurable guest access to non-supplicant devices that have local credentials.

  5. It provides configurable guest access to devices that have a supplicant when the authentication server is down or unreachable.

Answer: B

Question No: 20

Which two PEAP requirements must be met to authenticate the TLS session? (Choose two.)

  1. The supplicant requires only an identity certificate.

  2. Cisco ISE requires an identity certificate and a CA certificate.

  3. The authenticator requires only an identity certificate.

  4. The supplicant requires an identity certificate and a CA certificate.

  5. The authenticator requires an identity certificate and a CA certificate.

  6. The supplicant requires only a CA certificate.

  7. Cisco ISE requires only an identity certificate.

Answer: B,D

100% Free Download!
Download Free Demo:650-472 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 650-472 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE