Latest Certified Success Dumps Download

CISCO, MICROSOFT, COMPTIA, HP, IBM, ORACLE, VMWARE
650-472 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader Cisco 650-472 Dumps with VCE and PDF 41-50

September 6, 2017

EnsurePass
2017 Sep Cisco Official New Released 650-472
100% Free Download! 100% Pass Guaranteed!
http://www.EnsurePass.com/650-472.html

Introduction to 802.1X Operations for Cisco Security Professionals Exam

Question No: 41

What is the purpose of local WebAuth on a Cisco Catalyst switch?

  1. It provides configurable guest access to nonsupplicant devices that lack local credentials.

  2. It provides configurable guest access to devices that have a supplicant when the authenticator is down or unreachable.

  3. It provides configurable guest access to devices that have a supplicant when the authentication server is down or unreachable.

  4. It provides configurable guest access to nonsupplicant devices that have local credentials.

  5. It provides configurable guest access to devices that have a supplicant but lack local credentials.

Answer: D

Question No: 42

Which three implementation modes are valid for phased implementation of Cisco TrustSec? (Choose three.)

  1. low-impact

  2. administrative trace

  3. monitor

  4. low-security

  5. high-impact

  6. high-security

Answer: A,C,F

Question No: 43

In which OSI layer does EAP operate?

  1. Layer 2 (data Link)

  2. Layer 4 (transport)

  3. Layer 7 (application)

  4. Layer 1 (physical)

  5. Layer 3 (network)

Answer: A

Question No: 44

Which Cisco TrustSec device performs user authenticated?

  1. RADIUS

  2. EAP

  3. supplicant

  4. authenticator

  5. authentication server

Answer: E

Question No: 45

Which three authentication c interface commands are valid for MACsec? (Choose three.)

  1. 3k-access(config-if)# authentication host-mode multi-domain

  2. 3k-access(config-if)# authentication host-mode multi-auth

  3. 3k-access(config)# authentication host-mode single-host

  4. 3k-access(config)# authentication host-mode multi-auth

  5. 3k-access(config)# authentication host-mode multi-host

  6. 3k-access(config-if)# authentication host-mode multi-host

  7. 3k-access(config)# authentication host-mode multi-domain

  8. 3k-access(config-if)# authentication host-mode single-host

Answer: A,F,H

Question No: 46

The information security policy of your organization requires that ports should remain administratively Up. Which selection represents the best practice for an 802.1X-enabled

port that is configured to allow only one host to authenticate on the port?

  1. The 3k-access(config-if)# authentication violation shutdown command can be used to prevent a second MAC address from authenticating on the port.

  2. The 3k-access(config-if)# authentication violation restrict command can be used to prevent any MAC address from authenticating on the port.

  3. The 3k-access(config-if)# authentication violation ignore command can be used to prevent any MAC address from authenticating on the port.

  4. The 3k-access(config-if)# authentication violation shutdown command can be used to prevent a second MAC address from authenticating on the port.

Answer: B

Question No: 47

Which three statements about hosts moving from port to port on the same switch that is configured for 802.1X are true? (Choose three.)

  1. Cisco IP phones send a RADIUS packet with Cisco-av-pair UCPort= Disco to signal to the Cisco Catalyst switch that the tethered PC has disconnected.

  2. The 3k-access(config-if)# authentication violation replace command can be used to allow a new host to authenticate to an IP phone that is not manufactured by Cisco.

  3. The 3k-access(config-if)# authentication violation replace command can be used to allow a host to disconnect from an IP phone that is not manufactured by Cisco and authenticate on a different port on the same switch.

  4. The 3k-access(config)# authentication mac-move permit command can be used to allow a new host to authenticate to an IP phone that is not manufactured by Cisco Cisco IP phones use Cisco Discovery Protocol to signal to the Cisco Catalyst switch that the tethered PC has disconnected.

  5. The 3k-access(config)# authentication mac-move permit command can be used to allow a host to disconnect from an IP phone that is not manufactured by Cisco and authenticate on a different port on the same switch.

Answer: A,B,E

Question No: 48

What must be configured on a Microsoft Windows 7 host to enable the Microsoft 802.1X supplicant for wired networks?

  1. Wired 802.1X support requires installation of Windows 7 Service Pack JL

  2. The 802.1X supplicant in the Authentication tab of interface Properties must be enabled.

  3. The host must acquire its IP address from DHCP.

  4. The Microsoft Wired AutoConfig service must be started.

  5. 802.1X must be enabled in BIOS.

  6. On systems running Intel 82566 Ethernet controllers, Intel driver vl6.1 or higher is required to enable 802.1X support

Answer: D

Question No: 49

Which three selections are valid model numbers for Cisco ISE hardware appliances? (Choose three)

  1. Cisco ISE 3355

  2. Cisco ISE 3315

  3. Cisco ISE 3390

  4. Cisco ISE 3350

  5. Cisco ISE 3395

  6. Cisco ISE 3310

Answer: A,B,E

Question No: 50

What is the purpose of the ip device-tracking command on a Cisco Catalyst switch?

  1. enables DHCP snooping, which creates a trusted binding table of MAC and IP addresses required by WebAuth

  2. enables the local DCHP proxy service required by WebAuth

  3. enables Dynamic ARP Inspection on an interface required by WebAuth

  4. enables ICMP probes to discover new hosts and add them to the tracking table required by WebAuth

  5. globally enables Dynamic ARP Inspection required by WebAuth

  6. enables ARP probes to discover new hosts and add them to the tracking table required by WebAuth

  7. enables port security required by WebAuth

Answer: D

100% Free Download!
Download Free Demo:650-472 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass 650-472 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE