Your worries about Cisco 500-254 exam complexity no more exist because Flydumps is here to serves as a guide to help you to pass the Cisco 500-254 exam. All the exam questions and answers is the latest and covering each and every aspect of Cisco 500-254 exam.It 100% ensure you pass the exam without any doubt.
QUESTION 30
Which three encryption policies does MACsec support? (Choose three.)
A. always-secure
B. must-secure
C. should-secure
D. never-secure
E. must-not-secure
Correct Answer: BCE
QUESTION 31
Which URL should you enter into the SCEP Certificate Authority profile to enable Native Supplicant Provisioning?
A. http:/[ise-server-name/IP]/mscep/mscep.dll
B. http:/[ise-server-name/IP]/mscep/scep.dll
C. http:/[ise-server-name/IP]/certsrv/scep/scep.dll
D. http:/[ise-server-name/IP]/certsrv/mscep/mscep.dll
Correct Answer: D
QUESTION 32
Which network information device sensor is sending in the RADIUS accounting packet?
A. DHCP
B. HTTP
C. LLDP
D. CDP
Correct Answer: A
QUESTION 33
Which of these is not a default behavior of Cisco ISE 1.1, with respect to authentication, when a user connects to a switch port that is configured for 802.1X, MAB, and web authentication?
A. MAB uses internal endpoints for retrieving identity.
B. 802.1X uses internal users for retrieving identity.
C. Central WebAuth relies on MAB for initial port authentication.
D. Authentication fails if there is no matching policy.
Correct Answer: D
QUESTION 34
Refer to the exhibit.
Which two statements about the exhibit are true? (Choose two.)
A. The default behavior is shown in the exhibit.
B. The default behavior should be Continue/Continue/Continue.
C. If Continue/Continue/Continue is configured, the endpoint is allowed on the network.
D. The default Identity Source is shown in the exhibit.
Correct Answer: AD QUESTION 35
Refer to the exhibit.
Which two statements are true about identity groups and their use in an authorization policy? (Choose two.)
A. Only user identity groups can be created in Cisco ISE.
B. User identity groups can reference internal and external stores.
C. The Whitelist identity group that is shown in the exhibit can be used to contain MAC addresses that are statically entered into Cisco ISE.
D. The Whitelist identity group is one of the predefined identity groups in Cisco ISE.
E. Identity groups can only reference internal endpoints and users in the local database.
Correct Answer: BC
QUESTION 36
Refer to the exhibit.
The authorization policy is using “Multiple Matched Rule Applies” for rule matching.
ProfileA = VLAN attribute 10
ProfileB = DACL= Employee, Voice DomainPermission = TRUE
Which statement is correct with regards to the Multiple Matched rule?
A. The Multiple Matched rule is not supported in Cisco ISE.
B. If both Rule 1 and Rule 2 are matched based on the conditions, the switch port will only receive VLAN attribute 10.
C. If both Rule 1 and Rule 2 are matched based on the conditions, the switch port will receive VLAN attribute 0, DACL= Employee, Voice DomainPermission = TRUE.
D. If both Rule 1 and Rule 2 are matched based on the conditions, the switch port will only receive DACL= Employee, Voice DomainPermission = TRUE.
Correct Answer: C
QUESTION 37
How are access control lists implemented on a Cisco WLC in a Cisco ISE authorization policy?
A. Dynamic access lists are configured in Cisco ISE.
B. Named access lists are configured in Cisco ISE.
C. Named access lists are pushed down to the WLC.
D. Named access lists are configured on the WLC.
Correct Answer: D
QUESTION 38
Which two statements are correct about Change of Authorization? (Choose two.)
A. Different Change of Authorization types of action can be set based on authorization policy.
B. Change of Authorization exception actions are configured globally in Cisco ISE.
C. Port bounce, reauth, and port shun are supported Change of Authorization types in Cisco ISE.
D. No CoA, port bounce, and reauth are supported Change of Authorization types in Cisco ISE.
Correct Answer: BD
QUESTION 39
Which two statements are correct regarding Cisco ISE Guest Services? (Choose two.)
A. Guest portals must be located on the same secondary node where Cisco ISE network access is configured to handle RADIUS requests in the NAD.
B. A guest administration user interface action can be made from the primary and secondary administration interfaces.
C. The configuration mode for guest services can be different for each node in the deployment.
D. Multiportal uploads to the primary node are replicated to the secondary node and installed as part of the standard data replication system.
Correct Answer: AD
QUESTION 40
What are the Cisco ISE posture building blocks?
A. posture check, posture rules, posture requirement, role requirements
B. posture condition, compound posture condition, posture requirements, posture policy
C. network access devices, Policy Service node, Administration node
D. posture condition, posture rules, role requirements
Correct Answer: B
QUESTION 41
Which three of these are viable endpoint posture compliance statuses? (Choose three.)
A. unknown
B. infected
C. clean
D. compliant
E. noncompliant
F. quarantine
Correct Answer: ADE QUESTION 42
Which three conditions can be used for posture checking? (Choose three.)
A. application
B. operating system
C. file
D. certificate
E. service
Correct Answer: ACE
QUESTION 43
Client provisioning resources can be added into the Cisco ISE Administration node from which three of these? (Choose three.)
A. www.cisco.com
B. local disk
C. Posture Agent Profile
D. FTP
E. TFTP
Correct Answer: ABC
QUESTION 44
Which element is not included in the redirect URL?
A. hostname
B. port
C. ACL
D. session ID
E. action
Correct Answer: C
QUESTION 45
Which Cisco ISE component intercepts HTTP and HTTPS requests and redirects them to the Guest User Portal?
A. Policy Service node
B. Administration node
C. Monitoring node
D. network access device
Correct Answer: D
QUESTION 46
Which of these is not a method that is used to obtain Cisco ISE profiling data?
A. NetFlow
B. DNS
C. RADIUS
D. QoS
E. active scans
F. SNMP query
Correct Answer: D QUESTION 47
Which three client provisioning policies can an administrator create to provision different resources? (Choose three.)
A. endpoint operating system
B. user identity group
C. dictionary-based conditions
D. certificates
Correct Answer: ABC
QUESTION 48
Which of these is NOT a Cisco ISE deployment recommendation?
A. Create a secondary Administration node before adding a Policy Service node.
B. Ensure that node groups are L2-adjacent.
C. Profiling requires maintenance of L3 information.
D. Avoid installing Policy Service and Monitoring personas on the same node.
Correct Answer: C
QUESTION 49
Which option represents the default action or actions that ISE 1.x 1.0 takes when the endpoint usage count exceeds licensed endpoint values?
A. block all traffic
B. block all traffic, and generate alarms
C. do not block traffic, and generate an INFO, WARNING, or CRITICAL alarm
D. do not take any action
Correct Answer: C
In addition to ensuring that you are presented with only the best and the most updated Cisco 500-254 study materials, we also want you to be able to access them simply, whenever you need. Flydumps.com offers all our Cisco 500-254 exam training material in Engine and PDF formats, which is a very common format found in all computers. Regardless of whichever computer you have.