Ensurepass.com : Ensure you pass the IT Exams
2018 Aug Cisco Official New Released 500-254
100% Free Download! 100% Pass Guaranteed!
Implementing and Configuring Cisco Identity Services Engine (SISE)
Question No: 21
Which two dictionary groups does Cisco ISE provide? (Choose two.)
-
system-defined
-
RADIUS vendor
-
RADIUS IETF
-
user-defined
-
LDAP
-
Active Directory
Answer: A,D
Question No: 22
What is the limit of groups that Cisco ISE can retrieve from an Active Directory?
-
10
-
50 C. 100 D. 150 E. 200
Answer: C
Question No: 23
Which global command is used to activate 802.1X on a switch?
-
dot1x enable
-
dot1x system-auth-control
-
dot1x service start
-
dot1x switchport enable
Answer: B
Question No: 24
Which two commands are needed to configure 802.1X open mode? (Choose two.)
-
authentication event
-
authentication host-mode multi-auth
-
authentication host-mode single domain
-
authentication open
Answer: B,D
Question No: 25
Which statement is true about 802.1X closed mode?
-
It is the default configuration of an 802.1X-enabled switch port.
-
Only EAPOL traffic is allowed until the authentication process is finished.
-
DNS and DHCP are allowed before authentication.
-
Cisco Discovery Protocol is allowed before authentication.
-
Only EAPOL and Cisco Discovery Protocol are allowed until the authentication process completes.
Answer: D
Question No: 26
The 802.1X protocol supports which two port types? (Choose two.)
-
Layer 2 access port
-
trunk port
-
dynamic port
-
Layer 3 access port
-
EtherChannel port
Answer: A,D
Question No: 27
What is the default period for Cisco ISE to automatically purge expired guest accounts?
-
immediately after expiration
-
1 day
-
7 days
-
15 days
-
30 days
Answer: D
Question No: 28
What is the recommended time zone for Cisco ISE installations?
-
customer local time zone
-
customer headquarters time zone
-
Pacific time
-
Coordinated Universal Time
Answer: D
Question No: 29
Which two EAP authentication methods require only a server certificate? (Choose two.)
-
EAP-TLS
-
EAP-FAST
-
EAP-GTC
-
EAP-MD5
-
PEAP-MS-CHAPv2
Answer: C,E
Question No: 30
Which three encryption policies does MACsec support? (Choose three.)
-
always-secure
-
must-secure
-
should-secure
-
never-secure
-
must-not-secure
Answer: B,C,E