Download New Updated (Spring 2015) Cisco 650-472 Actual Tests 11-20

By | April 28, 2015

Ensurepass

 

QUESTION 11

Which two Cisco Catalyst switch command fragments enable WebAuth support on an interface? (Choose two.)

 

A.

3k-access(config-if)# authentication fallback

B.

3k-access(config-if)# authentication dotlx webauth

C.

3k-access(config-if)S authentication webauth

D.

3k-access(config-if)# dotlx priority webauth

E.

3k-access(config-if)- ip admission

F.

3k-access(config-if)ff dotlx fallback

G.

3k-access(config-if)# authentication order dotlx webauth

 

Correct Answer: AE

 

 

QUESTION 12

Which two statements are true with regard to the inner and outer phases of an EAP method? (Choose two.)

 

A.

PEAP can include an optional phase 0 for PAC provisioning.

B.

All EAP methods include an inner and outer phase.

C.

The outer phase is used for authentication.

D.

The inner phase is used for authentication.

E.

The outer phase is used for securing the communication channel.

F.

The inner phase is used for securing the communication channel.

 

Correct Answer: DE

 

 

QUESTION 13

Which Cisco ISE persona must run on dedicated hardware?

 

A.

Inline Posture

B.

Administrative

C.

Centralized

D.

Monitoring

E.

Distributed Policy

F.

Policy Services

G.

Standalone

 

Correct Answer: A

 

 

QUESTION 14

Which statement accurately describes why it is a best practice to
pre-populate the MAC addresses of non-802.1X-capable Cisco IP phones into an endpoint database?

 

A.

If the MAC address is not found in an endpoint database, any PC tethered to the Cisco IP phone will be allowed to access the network unauthenticated.

B.

If the MAC address is not found in an endpoint database, it will take 3 MAB timeouts (90 seconds) before the MAC address of the Cisco IP phone is automatically entered in the database. No calls can be made in the interim.

C.

If the MAC address is not found in an endpoint database, authentication will fail for the Cisco IP phone and the tethered PC port on the phone will be set to err-disable. The PC will not be able to communicate on the network.

D.

If the MAC address is not found in an endpoint database, authentication will fail for the Cisco IP phone and the Catalyst switch port will be set to err-disable. Neither the PC host nor the phone will be able to communicate on the network.

 

Correct Answer: B

 

 

QUESTION 15

Which two Cisco secu
rity products act as 802.1X authenticate servers? (Choose two)

 

A.

Cisco Security Agent

B.

CiscoWorks LAN Management System

C.

Cisco Information Security Engine

D.

Cisco Security Manager

E.

Cisco Secure Access Control System for Windows

F.

CiscoWorks LAN Management Solution

G.

CiscoWorks Open RADIUS Server

H.

Cisco Identity Services Engine

 

Correct Answer: EH

 

QUESTION 16

Which two EAP methods require server-side digital certificates? (Choose two)

 

A.

EAP-FAST

B.

PEAP

C.

LEAP

D.

< /td>

EAP-MD5

E.

EAP-TLS

 

Correct Answer: BE

 

 

QUESTION 17

Which two statements are true regarding load balancing Cisco ISE Policy Services nodes with a Cisco Application Control Engine? (Choose two.)

 

A.

Each Cisco ISE Policy Services node must be configured with an identical unicast IP address that is used to receive policy requests from the load balancer.

B.

Each Cisco ISE Policy Services node must be configured with a unique (and non-reserved) multicast IP address that is used as a heartbeat channel.

C.

Each Cisco ISE Policy Services node must be configured with an identical (and non-reserved) multicast IP address that is used as a heartbeat channel.

D.

The virtual IP address of the ACE must be on the same IP subnet as the unicast subnet of the Cisco ISE Policy Services node.

E.

The virtual IP address of the ACE must not be on the same IP subnet as the unicast subnet of the Cisco ISE Policy Services node.

F.

Each Cisco ISE Policy Services node must be configured with a unique unicast IP address that is used to receive policy requests from the load balancer.

 

Correct Answer: DF

 

 

QUESTION 18

Which statement is true for certificate auto-enrollment on a Cisco IP phone?

 

A.

Cisco Unified Communications Manager CA Proxy Function (CAPF) is capable of auto- enrolling certificates.

B.

Cisco Unified Communications Manager Certificate Auto-Enroll Function (CAEF) is capable of auto-enrolling certificates.

C.

Cisco IP phones are capable of using digital certificates, but manual enrollment is required.

D.

Cisco IP phones are not capable of using digital certificates.

E.

Microsoft Windows 2003 Certificate Server Telephony plug-in can be used for auto- enrolling certificates.

F.

Microsoft Windows 2008 Enterprise Certificate Server Telephony plug-in can be used for auto-enrolling certificates.

 

Correct Answer: A

 

 

QUESTION 19

What is the purpose of the guest VLAN on a Cisco Catalyst switch?

< p class="MsoNormal" style="cursor: auto; margin: 0cm 0cm 0pt; line-height: normal; text-autospace: ; mso-layout-grid-align: none" align="left"> 

A.

It provides configurable guest access to devices that have a supplicant but lack local credentials.

B.

It provides configurable guest access to non-supplicant devices that lack local credentials.

C.

It provides configurable guest access to devices that have a supplicant when the authenticator is down or unreachable.

D.

It provides configurable guest access to non-supplicant devices that have local credentials.

E.

It provides configurable guest access to devices that have a supplicant when the authentication server is down or unreachable.

 

Correct Answer: B

 

 

QUESTION 20

Which two PEAP requirements must be met to authenticate the TLS session? (Choose two.)

 

A.

The supplicant requires only an identity certificate.

B.

Cisco ISE requires an identity certificate and a CA certificate.

C.

The authenticator requires only an identity certificate.

D.

The supplicant requires an identity certificate and a CA certificate.

E.

The authenticator requires an identity certificate and a CA certificate.

F.

The supplicant requires only a CA certificate.

G.

Cisco ISE requires only an identity certificate.

 

Correct Answer: BD

 

Free VCE & PDF File for Cisco 650-472 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …