Issuu on Google+

Cisco •650-473 ISE - Implementing Cisco Identity Services Engine Secure Solutions

Click the link below to buy full version as Low as $39

http://www.examcertify.com/650-473.html

Questions & Answers: 10


Question: 1 Which of these is not an Inline Posture node operating mode? A. router mode B. transparent mode C. bridged mode D. maintenance mode

Answer: B

Question: 2 Which one of the following statements is not a correct statement about posture? A. CoA is required for WebAuth. B. Cisco ISE Administrator can create multiple agent profiles. C. Both simple and compound conditions can be used to construct posture requirements. D. Wireless posture supports multiple authentication methods.

Answer: C

Question: 3 What are the three default behaviors of Cisco ISE with respect to authentication, when a user connects to a switch that is configured for 802.1X, MAB, and WebAuth? (Choose three) A. MAB traffic uses internal endpoints for retrieving identity. B. Dot1X traffic uses a user-defined identity store for retrieving identity. C. Unmatched traffic is allowed on the network. D. Unmatched traffic is dropped because of the Reject/Reject/Drop action that is configured under Options. E. Dot1 traffic uses internal users for retrieving identity.

Answer: ADE

http://www.examcertify.com/650-473.html

Page 2


Question: 4 The profiling data from network access devices is sent to which Cisco ISE node? A. Monitoring node B. Administration node C. Inline Posture node D. Policy Service node

Answer: D

Question: 5 Which statement is not true about client provisioning (CP)? A. Cisco ISE manages client provisioning resources for your clients. B. Client provisioning resources are only provisioned from the ISE Administration node. C. The remediation timer is a means for clients to remediate themselves. D. Client provisioning can only provision the NAC Agent

Answer: D

Question: 6 Which default action or action should you take when endpoint usage count exceeds license endpoint value? A. Bock all traffic, and generate alarms. B. Bock all traffic C. Do not take any action. D. Do not bock traffic and generate an INFO/WARNING/CRITICAL alarm.

Answer: C

http://www.examcertify.com/650-473.html

Page 3


Question: 7 The authorization policy in the exhibit is using "Multiple Matched Rule Applies" for rule matching. ProfileA = VLAN attribute 10, DACL= EmptoyeeSanJose ProfileB = VLAN attribute 20, DACL= Employee. Voice DomainPermission = TRUE Which statement is correct with regards to the Multiple Matched rule? A. If both Rule 1 and Rule 2 are matched based on the conditions, the switch will get “VLAN attribute 20, DACL= Employee, Voice DomoinPermission = TRUE”. B. If both Rule 1 and Rule 2 are matched based on the conditions, the switch will get only “VLAN attribute 10, DACL = EmployceSonJose, Voice DomainPermission = TRUE”. C. If both Rule 1 and Rule 2 are matched based on the conditions, the switch will get only "VLAN attribute 10, DACL= EmployeeSanJose". D. The Multiple Matched rule is not supported in Cisco ISE.

Answer: B

Question: 8 What is the process for Cisco ISE to obtain a signed certificate from a CA? A. Generate a CSR; export the CSR to the local file system and send to the CA; download the certificate from the CA. and bind the CA-signed certificate with its private key. B. Submit a CSR to the CA; download the certificate from the CA" bind the CA-signed certificate with its private key, and import the CA-signed certificate into ISE. C. Request a certificate from the CA, and import the CA-signed certificate into ISE. D. Generate a CSR; download the certificate from the CA; bind the CA-signed certificate with its private key, and import the CA-signed certificate into ISE.

Answer: A

http://www.examcertify.com/650-473.html

Page 4


Question: 9 Which two statements are true about the exhibit that is shown? (Choose two.) Select exactly 2 answer(s) from the following: A. If Continue/Continue/Continue is configured, the endpoint is allowed on the network. B. The Options setting is by default different for internal endpoints. C. The default behavior should be Continue/Continue/Continue. D. All traffic is subject to an authorization policy check. E. The default behavior is what is shown in the exhibit

Answer: E

Question: 10 What is the Cisco ISE default admin login name and password? A. ISEAdmin/admin B. admin/cisco C. admin/no default password—the admin password is configured at setup D. admin/admin

Answer: C

http://www.examcertify.com/650-473.html

Page 5


Cisco •650-473 ISE - Implementing Cisco Identity Services Engine Secure Solutions

Click the link below to buy full version as Low as $39

http://www.examcertify.com/650-473.html

Cisco latest tests 650-669 646-206 650-665 642-995 650-256 642-991 650-303 642-992 650-473 642-993

642-732 640-722 650-663 650-179 642-994 640-893 650-149 650-304 650-159 650-302

http://www.examcertify.com/650-473.html

Page 6


ISE - Implementing Cisco Identity Services Engine Secure Solutions