Jump to content
justkiddin

Cisco 500-490

Recommended Posts

QUESTION 1

 

Which component of the SD-Access fabric is responsible for communicating with networks that are external to the fabric?

  • edge nodes
  • control plane nodes
  • intermediate nodes
  • border nodes

 

Correct Answer: D

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 2

 

Which protocol runs between the vSmart controllers and the vEdge routers, and unifies all control plane functions under a single protocol umbrella?

  • BGP
  • OSPF
  • IKE
  • OMP
  • VRRP

 

Correct Answer: D

 

 

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

 

QUESTION 3

 

Which two statements regarding Cisco SD-WAN vEdge routers can mitigate DDoS attacks against the infrastructure? (Choose two.)

  • Open Certificate Authority and automated enrolment feature.
  • By default, all incoming traffic is denied at the transport (WAN) side interfaces.
  • Only authorized controllers are allowed to communicate back to the vEdge router after the vEdge router establishes connections with the controllers.
  • In case of direct Internet access, the only traffic allowed back is the traffic matching the state table entries on the vEdge router.
  • The vEdge routers run on hardened Linux operating systems.

 

Correct Answer: CE

 

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 4

 

Which two activities should occur during an SE’s discovery process? (Choose two.)

  • Establishing credibility with the customer
  • Working with the customer to develop a reference architecture
  • Referencing the PPDIOO model to effectively facilitate the discussion
  • Gathering information about the current state of the customer’s network environment
  • Mapping Cisco innovation to customer’s needs

 

Correct Answer: AD

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 5

 

Which three ways are SD-Access and ACI Fabric similar? (Choose three.)

  • use of overlays
  • use of Virtual Network IDs
  • focus on user endpoints
  • use of group policy
  • use of Endpoint Groups
  • use of Scalable Group Tags

 

Correct Answer: ABC ABD

 

 

Reference: SD-Access focusses on user endpoints and ACI focusses on Application endpoints.

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 6

 

Which Cisco vEdge router offers 20 Gb of encrypted throughput?

  • Cisco vEdge 5000
  • Cisco vEdge 1000
  • Cisco vEdge 2000
  • Cisco vEdge 100

 

Correct Answer: A

 

 

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 7

 

Which feature is supported on the Cisco vEdge platform?

  • single sign-on
  • IPv6 transport (WAN)
  • 2-factor authentication
  • license enforcement
  • reporting
  • non-Ethernet interfaces

 

Correct Answer: B

 

 

 

 

 

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

 

QUESTION 8

 

Which are two Cisco recommendations that demonstrates SDA? (Choose two.)

  • Use the CLI to perform as much of the configuration as possible.
  • Show the customer how to integrate ISE into DNA Center at the end of the demo.
  • Focus on business benefits.
  • Keep the demo at a high level.
  • Be sure you explain the major technologies such as VXLAN and LISP in depth.

 

Correct Answer: CD

 

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 9

 

Which element of the Cisco SD-WAN architecture facilitates the functions of controller discovery and NAT traversal?

  • vBond orchestrator
  • vManage
  • vSmart controller
  • vEdge

 

Correct Answer: A

 

 

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 10

 

Which Cisco product supports SD-Access and specifically built to address new challenges faced by enterprises?

  • Nexus 7700 w/ Sup2E and M3 line cards
  • ISR 4221
  • Catalyst 9500
  • ASR 1000-HX
  • CSRv virtual router
  • Catalyst 6807-XL w/Sup6T and C6800 10G line cards

 

Correct Answer: B C

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 11

 

Which two statements describes Cisco SD-Access? (Choose two.)

  • programmable overlays enabling network virtualization across the campus
  • an automated encryption/decryption engine for highly secured transport requirements
  • software-defined segmentation and policy enforcement based on user identity and group membership
  • a collection of tools and applications that are a combination of loose and tight coupling
  • an overlay for the wired infrastructure in which traffic is tunneled via a GRE tunnel to a mobility controller for policy and application visibility

 

Correct Answer: AC

 

 

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 12

 

Which two primary categories are displayed on the overall health page of the assurance component in the Cisco DNA Center? (Choose two.)

  • Wired
  • Client
  • Access-Distribution
  • Server
  • Core
  • Network

 

Correct Answer: BF

 

 

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 13

 

Which three options focus of the current digital business era? (Choose three.)

  • IoT scale
  • Connectivity
  • virtualized services
  • automation
  • centralized enterprise and web applications
  • Human scale

Correct Answer: ACD

 

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

 

QUESTION 14

 

Which option will help build your customers platform during the discovery phase?

  • business case
  • detailed design
  • POV report
  • high-level design
  • PO

 

Correct Answer: A

 

 

 

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 15

 

Which are the three focus areas for reinventing the WAN? (Choose three.)

  • Centralized device authentication
  • Secure Elastic Connectivity
  • Application Quality of Experience
  • Operations
  • Cloud First
  • Execution

 

Correct Answer: BCE

 

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 16

 

Which three key differentiators that DNA Assurance provides that our competitors are unable match? (Choose three.)

  • Support for Overlay Virtual Transport
  • On-premise and cloud-base analytics
  • Apple Insights
  • VXLAN support
  • Proactive approach to guided remediation
  • Network time travel

 

Correct Answer: BEF

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 17

 

Which two activities should occur during an SE’s demo process? (Choose two.)

  • Determining whether the customer would like to dive deeper during a follow up.
  • Asking the customer to provide network drawings or white board the environment for you.
  • identifying which capabilities require demonstration
  • Leveraging a company such as Complete Communications to build a financial case.
  • Highlighting opportunities that although not currently within scope would result in lower operational costs and complexity.

 

Correct Answer: CE AE

 

 

 

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

 

 

QUESTION 18

 

What is the easiest way to enable SD-Access for all your remote sites after you have your campus SD-Access fabric up and running?

  • Treat all sites as one fabric domain and use the traditional physical network as the underlay.
  • Use a separate fabric domain for each site and use SD-WAN as the underlay.
  • Use a separate fabric domain for each site and use the traditional physical network as the underlay.
  • Treat all the sites as one fabric domain and use SD-WAN as the underlay.

 

Correct Answer: D

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 19

 

Which are two advantages of a “one switch at a time” approach to integrating SD-Access into an existing brownfield environment? (Choose two.)

  • appropriate for campus and remote site environment
  • allows simplified testing prior to cutover
  • ideal for protecting recent investments while upgrading legacy hardware
  • involves the least risk of all approaches
  • opens up many new design and deployment opportunities
  • allows simplified roll back

 

Correct Answer: AC

 

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 20

 

Which is a benefit of a cloud-based SD-WAN deployment?

  • might be required for compliance with industry standards
  • controller availability never an issue
  • security never an issue
  • agility of change dependent only on your own internal IT processes
  • instant scale

 

Correct Answer: E

 

 

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 21

 

Which is a function of the Proactive Insights feature of Cisco DNA Center Assurance?

  • pointing out where the most serious issues are happening in the network
  • generating synthetic traffic to perform tests that raise awareness of potential network issues
  • enabling you to quickly view all of the contextual information related to a single user
  • enabling you to see the complete path of packets from the client to the end application

Correct Answer: B

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 22

 

Which two statements are true regarding SD-WAN demonstrations? (Choose two.)

  • As a Cisco SD-WAN SE, you should spend your time learning about the technology rather than contributing to demo innovation.
  • Use demonstrations primarily for large opportunities and competitive situations.
  • During a demo, you should demonstrate and discuss what the team considers important details.
  • There is a big difference between demos that use a top down approach and demos that use a bottom up approach.
  • During a demo, you should consider the target audience and the desired outcome.

 

Correct Answer: DE

 

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 23

 

Which Cisco product were incorporated into Cisco ISE between ISE releases 2.0 and 2.3?

  • Cisco ASA
  • Cisco ESA
  • Cisco ACS
  • Cisco WSA

 

Correct Answer: C

 

ACS has been announced end of sale, and migration tools are provided to migrate to ISE. Therefor suitable answer is C (Cisco ACS)

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 24

 

Which two Cisco ISE use cases typically involve the highest level of implementation complexity? (Choose two.)

  • Guest and wireless access
  • Software-defined access
  • Device management
  • Asset visibility
  • Software-defined segmentation

 

Correct Answer: BE

 

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 25

 

How would Cisco ISE handle authentication for your printer that does not have a supplicant?

  • ISE would not authenticate the printer as printers are not subject to ISE authentication.
  • ISE would authenticate the printer using 802.1X authentication.
  • ISE would authenticate the printer using MAB.
  • ISE would authenticate the printer using web authentication.
  • ISE would authenticate the printer using MAC RADIUS authentication.

 

Correct Answer: C

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 26

 

Which two statements are true regarding Cisco ISE? (Choose two.)

  • The major business outcomes of ISE are enhanced user experience and secure VLAN segmentation.
  • ISE plays a critical role in SD-Access.
  • Without integration with any other product, ISE can track the actual physical location of a wireless endpoint as it moves.
  • ISE can provide data about when a specific device connected to the network.
  • An ISE deployment requires only a Cisco ISE network access control appliance.

 

Answer: BD

 

 

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 27

 

What are three ways in which Cisco ISE learns information about devices? (Choose three.)

  • user authentication to the ISE
  • SMTP agents
  • RPC mechanism via HTTPS
  • traffic generated by the device
  • network servers the device has accessed
  • RADIUS attributes

 

Correct Answer: DEF ADF

 

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 28

 

What should you do if you are looking at a strategic win with a customer and the customer wants to examine Cisco ISE for longer than a few weeks?

  • Give them some of our flash files that can be played on any browser.
  • Set them up with an account on a Cisco UCS server that hosts ISE.
  • Set them up with a dCloud account.
  • Give them our ISE YouTube videos.
  • Provide them with a downloadable POV Kit.
  • Point them to our dCloud demo library.

 

Correct Answer: C / E

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 29

 

Which node enables Cisco ISE to share contextual information on a device with Cisco Stealthwatch?

  • Monitoring and Troubleshooting Node
  • pXGrid Controller
  • Policy Administration Node
  • Inline Posture Node

 

Correct Answer: B

 

 

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 30

 

What statement is true regarding the current time in Enterprise Networking history?

  • advent of cloud computing
  • pace of change
  • pervasive use of mobile devices
  • advent of IoT

 

Correct Answer: B

 

 

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 31

 

Which two options are primary functions of Cisco ISE? (Choose two.)

  • providing VPN access for any type of device
  • providing information about every device that touches the network
  • enabling WAN deployment over any type of connection
  • automatically enabling, disabling, or reducing allocated power to certain devices
  • enforcing endpoint compliance with network security policies
  • allocating resources

 

Correct Answer: BE

 

 

 

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 32

 

Which are two Cisco ISE that benefits our customers? (Choose two.)

  • provides network access control
  • helps them stop and contain real-time threats
  • enables them to set traffic priorities across the network
  • helps them accelerate application deployment and delivery

 

Correct Answer: AB

 

Explanation/Reference:

 

QUESTION 33

 

Which two statements are true regarding Cisco ISE? (Choose two.)

  • In distributed deployments, failover from primary to secondary Policy Administration Nodes happens automatically.
  • The number of logs that ISE can retain is determined by your disk space.
  • ISE supports IPv6 downloadable ACLs.
  • ISE can detected endpoints whose addresses have been translated via NAT.
  • ISE supports up to 100 Policy Services Nodes.
  • In two-nodes standalone ISE deployments, failover must be done manually.

 

Correct Answer: AB / BC / AC

 

 

 

 

 

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 34

 

Which two options help you sell Cisco ISE? (Choose two.)

  • Downplaying the value of pxGrid as compared to RESTful APIs
  • Explaining ISE support for 3rd party network devices
  • Showcasing the entire ISE feature set
  • Referring to TrustSec as being only supported on Cisco networks
  • Discussing the importance of custom profiling

 

Correct Answer: BC / BE

 

 

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 35

 

What are the three foundational elements required for the new operational paradigm? (Choose three.)

  • Centralization
  • Assurance
  • application QoS
  • multiple technologies at multiple OSI layers
  • policy-based automated provisioning of network
  • fabric

Correct Answer: BEF

 

Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

  • Like 14
  • Thanks 2

Share this post


Link to post
Share on other sites

hi Gmexam

 

have u used the answers mentioned by you in previous post to pass the exam?

hi

i used the answers which i posted. but still 3 questions i have doubts. rest all are correct

Share this post


Link to post
Share on other sites

Still valid. Passed with a little over 900. Same Questions. Here's what I had (minor tweaks from Gmexam's work)

 

 

QUESTION 1 -- SDA Design

 

Which are two advantages of a "one switch at a time' approach to integrating SD-Access into an existing brownfield environment? (Choose two.)

 

A. appropriate for campus and remote site environments

B. allows simplified testing prior to cutover

C. Ideal for protecting recent investments while upgrading legacy hardware

D. involves the least risk of all approaches

E. opens up many new design and deployment opportunities

F. allows simplified roll back

 

Answer: AC

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 2

What statement is true regarding the current time in Enterprise Networking history?

A. advent of cloud computing

B. pace of change

C. pervasive use of mobile devices

D. advent of loT

 

Answer: D (not B )

 

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 3 --- SDA-- Defend

Which three key differentiators that DNA Assurance provides that our competitors are unable match? (Choose three)

 

A. Support for Overlay Virtual Transport

B. On-premise and cloud-base analytics

C. Apple Insights

D. VXLAN support

E. Proactive approach to guided remediation

F. Network time travel

 

Answer: BEF

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

QUESTION 4

Which are the three focus areas for reinventing the WAN? (Choose three.)

 

A. Centralized device

authentication

B. Secure Elastic Connectivity

C. Application Quality of Experience

D. Operations

E. Cloud First

F. Execution

 

Answer: BCE

Explanation/Reference: CiscoLive LTRCRS-2005.pdf

page 13

 

QUESTION 5 -- SD-WAN Demo

Which feature is supported on the Cisco vEdge platform?

 

A. single sign on

B. IPv6 transport (WAN)

C. 2-factor authentication

D. license enforcement

E. reporting

F. non-Ethernet interfaces

 

Answer: F (not B )

 

CiscoLive BRKRST-3404.pdf page 67 , IPv6 support Transport is Roadmap only.

Hidden Content

    Give reaction to this post to see the hidden content.

vEdge-100m and 100wm platform support 4G LTE integrated port

 

 

 

QUESTION 6

Which two statements are true regarding Cisco ISE? (Choose two.)

A. The major business outcomes of ISE are enhanced user experience and secure VLAN segmentation

B. ISE plays critical role in SD Access

C. Without integration with any other product, ISE can track the actual physical location of a wireless endpoint as it

moves

D. ISE can provide data about when a specific device connected to the network

E. An ISE deployment requires only a Cisco ISE network access control appliance

 

Answer: BD

Explanation/Reference:

 

QUESTION 7 -- SD-WAN Demo

Which two statements are true regarding SD-WAN demonstrations? (Choose two.)

 

A. As a Cisco SD-WAN SF, you should you should spend your time learning about the technology rather than contributing to demo innovation

B. Use demonstrations primarily for large opportunities and competitive situations

C. During a demo, you should demonstrate and discuss what the team considers important details

D. There is a big difference between demos that use a top down approach and demos that use a bottom up approach

E. During a demo you should consider the target audience and the desired outcome

 

Answer: DE

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

 

QUESTION 8 -- SD-WAN Demo

Which Cisco vEdge router offers 20 Gb of encrypted throughput?

 

A. Cisco vEdge 5000

B. Cisco vEdge 1000

C. Cisco vEdge 2000

D Cisco vEdge 100

 

Answer: A

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 9 SDA-Demo

Which are two Cisco recommendations that demonstrates SDA? (Choose two.)

 

A. Use the CLI to perform as much of the configuration as possible

B. Show lite customer how to integrate ISL into DMA Center at the end of the demo

C. Focus on business benefits

D. Keep the demo at a high level

E. Be sure you explain the major technologies such as VXLAN and LISP in depth

 

Answer: CD

Explanation/Reference:

 

QUESTION 10

Which two primary categories are displayed on the overall health page of the assurance component in the Cisco DNA Center? (Choose two.)

 

A. Wired

B. Client

C. Access-Distribution

D. Server

E. Core

F. Network

 

Answer: BF

Explanation/Reference: I saw demo in dCloud.cisco.com Overall health windows have: Network devices, Wired Clients and Wireless Clients

 

QUESTION 11

Which two options help you sell Cisco ISE? (Choose two.)

 

A. Downplaying the value of px Grid as compared to RESTful APIs

B. Explaining ISE support for 3rd party network devices

C. Show casing the entire ISE feature set

D. Referring to Trust Sec as being only supported on Cisco networks

E. Discussing the importance of custom profiling

 

Answer: BE (not BC)

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

 

 

 

QUESTION 12 - ISE Design

Which node enables Cisco ISE to share contextual information on a device with Cisco Stealth watch?

 

A. Monitoring and Troubleshooting

B. pXGrid Controller

C. Policy Administration Node

D. Inline Posture Node

 

Answer: B (not C)

Explanation/Reference:

Reference: ISE Admin-Guide 2.1 Page 46-48

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 13

Which Cisco products were incorporated into Cisco ISE between ISE releases 20 and 2.3?

A. Cisco ASA

B. Cisco ESA

C. Cisco ACS

D. Cisco WSA

 

Answer: C (not D)

Explanation/Reference: ACS has been announced end of sale, and migration tools are provided to migrate to ISE. Therefor suitable answer is C (Cisco ACS)

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 14

Which three ways are SD-Access and ACI Fabric similar? (Choose three.)

 

A. use of overlays

B. use of Virtual Network IDs

C. focus on user endpoints

D. use of group policy

E. use of Endpoint Groups

F. use of Scalable Group Tags

 

Answer: ABD (not ABC)

Explanation/Reference: SD-Access focusses on user endpoints and ACI focusses on Application endpoints.

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 15

Which two activities should occur during an SE's discovery process? (Choose two.)

 

A. Establishing credibility with the customer

B. Working with the customer to develop a reference architecture

C. Referencing the PPDIOO model to effectively facilitate the discussion

D. Gathering information about the current state of the customer's network environment

E. Mapping Cisco innovation to customer's needs

 

Answer: AD

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 16

Which two activities should occur during an SE's demo process? (Choose two.)

 

A. determining whether the customer would like to drive deeper during a follow up

B. asking the customer to provide network drawings or white board the environment for you

C. identifying which capabilities require demonstration

D. leveraging a company such as Complete Communications to build a financial case.

E. highlighting opportunities that although not currently within scope would result in lower operational costs and complexity

 

Answer: AE (not CD)

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 17 SD-WAN Design

Which protocol runs between the vSmart controllers and between the vSmart controllers and the vEdge routers, and unifies all control plane functions under a single: protocol umbrella?

 

A. BGP

B. OSPF

C. IKE

D. OMP

E. VRRP

 

Answer: D

Explanation/Reference: CVD-SD-WAN-Design-2018OCT.pdf - The OMP routing protocol, which is similar to BGP, manages the SD-WAN overlay network. The protocol runs between the vSmart controllers and vEdge routers where control plane information, such as route prefixes, nexthop routes, crypto keys, and policy information, is exchanged over a secure DTLS or TLS connection. The vSmart controller acts a lot like a route reflector; it receives routes from vEdge routers, processes and applies any policy to them, and then advertises the routes to other vEdge routers in the overlay network. If there is no policy defined, the default behavior is a full mesh topology, where each vEdge can connect directly to a vEdge at another site and receive full routing information from each site.

 

QUESTION 18

Which option will help build your customers platform during the discovery phase?

 

A. business case

B. detailed design

C. POV report

D. high-level design

E. PO

 

Answer: A

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 19 - SD-WAN Design

Which element of the Cisco SD-WAN architecture facilitates the functions of controller discovery and NAT traversal?

 

A. vBond orchestrator

B. vManage

C. vSmart controller

D. vEdge

 

Answer: A

Explanation/Reference: Cisco SD-WAN Cloud OnRamp for Colocation Solution Guide, Release 19.1 : vBond —The vBond orchestrator provides vManage information to the network

elements that may be running behind Network Address Translation (NAT). It performs initial authentication and authorizes the network elements to provide the Session Traversal Utilities for NAT

(STUN) server functionality.

 

 

QUESTION 20 - ISE Design

How would cisco ISE handle authentication for your printer that does not have a supplicant?

 

A. ISE would not authenticate the printer as printers are not subject to ISE authentication.

B. ISE would authenticate the printer using 8.2.1X authentication

C. ISE would authenticate the printer using MAB.

D. ISE would authenticate the printer using web authentication.

E. ISE would authenticate the printer using MAC RADIUS authentication

 

Answer: C

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 21

Which three options focus of the current digital business era'? (Choose three.)

 

A. loT scale

B. connectivity

C. virtualized services

D. automation

E. centralized enterprise and web applications

F. Human scale

 

Answer: ACD (not BCD)

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 22

Which Cisco product supports SD-Access and specifically built to address new challenges faced by enterprises?

A. Nexus 7700 w/ Sup2E and M3 line cards

B. ISR 4221 - not supported SDA

C. Catalyst 9500

D. ASR 1000 MX - not supported SDA

E. CSRv virtual router

F. Catalyst 6807-XL W/ Sup6T and C6800 10G line cards

 

Answer: C (not B )

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 23 -- ISE Design

What are three ways in Which Cisco ISE learns information about devices? (Choose three,)

A. user authentication to the ISE

B. SMIP agents

C. RPC mechanism via HTTPS

D. traffic generated by the device

E. network servers the device has accessed

F. RADIUS attributes

 

Answer: ADF (not DEF or ADE)

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

 

 

QUESTION 24

What should you do if you are looking at a strategic win with a customer and the customer wants to examine Cisco ISE for longer than a few weeks?

A. Give then, some of our flash files mat can be played on any browser

B. Set them up with an account on a Cisco UCS server that hosts ISE

C. Set them up with a d Cloud account

D. Give them our ISE YouTube videos

E. Provide them with a downloadable POV kit

F. Provide them to our d Cloud demo library

 

Answer: E (not C or F)

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 25

Which are two Cisco ISE that benefits our customers ? (Choose two.)

A. provides network access control

B. helps them stop and contain real time threats

C. enables them to set traffic priorities across the network

D. helps them accelerate application deployment and delivery

 

Answer: AB

Explanation/Reference:

 

QUESTION 26

Which two Cisco ISE use cases typically involve the highest level of implementation complexity? (Choose two.)

A. Guest and wireless access

B. Software defined access

C. Device management

D. Asset visibility

E. Software defined segmentation

 

Answer: BE

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

 

 

QUESTION 27

Which two options are primary functions of Cisco ISE? (Choose two.)

A. providing VPN access for any type of device

B. providing information about every device that touches the network

C. enabling WAN deployment over any type of connection

D. automatically enabling, disabling, or reducing allocated power to certain devices

E. enforcing endpoint compliance with network security policies Q allocating resources

 

Answer: BE

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 28

Which is a function of the Proactive Insights feature of Cisco DNA Center Assurance'?

A. pointing out where the most serious issues are happening in the network

B. generating synthetic traffic to perform tests that raise awareness of potential network issues

C. enabling you to quickly view all of the contextual information related to the end application

D. enabling you to see the complete path of packets from the client to the end application

 

Answer: B

Explanation/Reference: Cisco Live BRKNMS-2542 page 32

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 29

Which two statements regarding Cisco SD WAN vEdge routers can mitigate DoS attacks against the infrastructure?

(Choose two)

A. Open Certificate Authority and automated enrollment feature

B. By default, all incoming traffic is denied art the transport (WAN) side interfaces,

C. Only authorized controllers are allowed to communicate back to the vEdge router after the vEdge router establishes connections with the controllers

D. In case of direct Internet access, the only traffic allowed back is the traffic matching the state table entries on the vEdge router.

E. The vEdge routers run on hardened Linux operating systems

 

Answer: CE

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

 

 

QUESTION 30

What is the easiest way to enable SD-Access for all your remote site after you have your campus SD-Access fabric up and running?

A. Treat all the sites as one fabric domain and use the traditional physical network as the underlay

B. Use a separate fabric domain for each site and use SD-WAN as the underlay

C. Use a separate fabric domain for each site and use the traditional physical network as the underlay

D. Treat all the sites as one fabric domain and use SD-WAN as the underlay

 

Answer: D

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 31

Which two statements describes Cisco SD-Access? (Choose Two.)

A. programmable overlays enabling network virtualization across the campus

B. an automated encryption/decryption engine for highly secured transport requirements

C. software-defined segmentation and policy enforcement based on user identity and group membership

D. a collection of tools and applications that are a combination of loose and tight coupling

E. an overlay for the wired infrastructure in which traffic is tunneled via a GRF tunnel lo a mobility controller for policy

and application visibility.

 

Answer: AC

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 32

Which component of the SD Access fabric is responsible for communicating with networks that are external to the fabric?

A. edge nodes

B. control plane nodes

C. intermediate nodes

D. border-nodes

 

Answer: D

Explanation/Reference:

Explanation

Hidden Content

    Give reaction to this post to see the hidden content.

 

 

QUESTION 33

What are the three foundational elements required for the new operational paradigm'? (Choose three.)

A. centralization

B. assurance

C. application QoS

D. multiple technologies at multiple OSI layers

E. policy based automated provisioning of network of

F. fabric

 

Answer: BEF

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 34

Which is a benefit of a cloud-based SD-WAN deployment?

A. might be required for compliance with industry standards

B. Controller availability never an issue

C. security never an issue

D. agility of change dependent only on your own internal IT processes

E. Instant scale

 

Answer: E

Explanation/Reference:

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

 

QUESTION 35

Which two statements are true regarding Cisco ISE? (Choose two.)

A. In distributed deployments, failover from primary to secondary Policy Administration Nodes happens automatically.

B. The number of logs that ISE can retain is determined by your disk space - NOT! remote logging supported

C. ISE supports IPv6 downloadable ACLs

D. ISE can detected endpoints whose addresses have been translated via NAT.

E. ISE supports up to 100 Policy Services Nodes - NOT! ISE1.2 = 40 PSN, ISE 2.4 = 50 PSN

F. In two-node standalone ISE deployments failover must be done manually

 

Answer: AC (not AB)

Explanation/Reference: dACL IPv6 supported on platform 2960, 3650,3850, 9000 series. ISE v2.6 supported it too. See release notes doc v2.6

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

Hidden Content

    Give reaction to this post to see the hidden content.

Edited by delraydave
  • Like 12
  • Thanks 1

Share this post


Link to post
Share on other sites

Hi Guys, 35 question are still valid, passed yesterday with Gmexam's work.

Got 900 score , so some answers might still be wrong..

Thank you all.

Share this post


Link to post
Share on other sites

Passed with 900++

passing score 790

Total Question 35

 

You can whistle and take the exam

finished within 20 mins ...

Hidden Content

    Give reaction to this post to see the hidden content.
/uploads/emoticons/default_yo.gif">

 

VCE file

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

You can thanks to all above who shared it.

Edited by kokwar
  • Like 12
  • Thanks 1
  • Haha 1

Share this post


Link to post
Share on other sites

guys, what is the feedback about the exam? who taken this exam recently? please update info.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...