650-472 Exam Questions
69 real 650-472 exam questions with expert-verified answers and explanations. Page 1 of 2.
- Question #1
Consider the example of an end user plugging an unmanaged third-party switch into a port in a conference room. If the wiring closet switch port requires 802.1X authentication (and...
- Question #2
Which two Cisco Catalyst switch command fragments enable WebAuth support on an interface? (Choose two.)
- Question #3
Which two statements are true with regard to the inner and outer phases of an EAP method? (Choose two.)
- Question #4
Which Cisco ISE persona must run on dedicated hardware?
- Question #5
Which statement accurately describes why it is a best practice to pre-populate the MAC addresses of non-802.1X-capable Cisco IP phones into an endpoint database?
- Question #6
Which two Cisco security products act as 802.1X authenticate servers? (Choose two)
- Question #7
Which two EAP methods require server-side digital certificates? (Choose two)
- Question #8
Which two statements are true regarding load balancing Cisco ISE Policy Services nodes with a Cisco Application Control Engine? (Choose two.)
- Question #9
Which statement is true for certificate auto-enrollment on a Cisco IP phone?
- Question #10
What is the purpose of the guest VLAN on a Cisco Catalyst switch?
- Question #11
Cisco 650-472 Exam Which two PEAP requirements must be met to authenticate the TLS session? (Choose two.)
- Question #12
Which two sets of ports does Cisco ISE listen on for RADIUS authentication and accounting messages? (Choose two.)
- Question #13
Which three elements are required fields when adding a Cisco Wireless IAN Controller as a network device in Cisco ISE? (Choose three)
- Question #14
During initial ISE setup, foe which three of the following required and optional elements does the setup script prompt the administrator to enter a value? (Choose three)
- Question #15
What action must be performed immediately after initial login to the Cisco ISE GUI?
- Question #16
Which method provides authenticated guest access to nonsupplicant hosts?
- Question #17
Which hardware component of a Cisco TrustSec solution for 802.1X is optional but widely adopted in most networks?
- Question #18
Consider a design where a Cisco Catalyst switch that supports Network Edge Access Topology (NEAT) is connected to an upstream switch that requires 802.1X authentication on the swit...
- Question #19
Which two of these Cisco products can act as 802.1X authenticates? (Choose two.)
- Question #20
What is the purpose of the fallback profile command?
- Question #21
What is the purpose of the restricted VLAN (authentication failed VLAN) on a Cisco Catalyst switch?
- Question #22
Which three services run on a Cisco ISE node? Cisco 650-472 Exam
- Question #23
Whit is the default username and password for Cisco ISE?
- Question #24
On which two non-ISE appliances can Cisco ISE also be loaded? (Choose two)
- Question #25
Which three types of NAD support RADIUS Change of Authorization requests? (Choose three)
- Question #26
Which four of these operating systems include a native 802.IX? (Choose four.)
- Question #27
Which standards body maintains the 802.1X standard?
- Question #28
Which two choices are valid Cisco TrustSec topologies? (Choose two)
- Question #29
What is the default authentication mode after initial configuration of Cisco ISE?
- Question #30
Which three of these options can be configured as external identity servers for Cisco ISE? (Choose three)
- Question #31
Which two of these partial Cisco Catalyst switch commands are used to configure FlexAuth? (Choose two)
- Question #32
What is the purpose of local WebAuth on a Cisco Catalyst switch?
- Question #33
Which three implementation modes are valid for phased implementation of Cisco TrustSec? (Choose three.)
- Question #34
In which OSI layer does EAP operate?
- Question #35
Which Cisco TrustSec device performs user authenticated?
- Question #36
Which three authentication c interface commands are valid for MACsec? (Choose three.)
- Question #37
The information security policy of your organization requires that ports should remain administratively Up. Which selection represents the best practice for an 802.1X-enabled port...
- Question #38
Which three statements about hosts moving from port to port on the same switch that is configured for 802.1X are true? (Choose three.)
- Question #39
What must be configured on a Microsoft Windows 7 host to enable the Microsoft 802.1X supplicant for wired networks?
- Question #40
Which three selections are valid model numbers for Cisco ISE hardware appliances? (Choose three)
- Question #41
What is the purpose of the ip device-tracking command on a Cisco Catalyst switch?
- Question #42
Which two choices are valid components of a Cisco TrustSec wireless infrastructure solution? (Choose two.)
- Question #43
Which section of the 802.1X standard cites other 802 standards needed to Wry understand the scope of 802.1X?
- Question #44
Which section of the 802.1X standard includes use cases? Cisco 650-472 Exam
- Question #45
Which two statements are true regarding communication from the authenticator to the authentication server (Cisco ISE)? (Choose two.)
- Question #46
Which four selections below describe valid Cisco ISE Personas? (Choose four.)
- Question #47
Which statement is true regarding the initiation of an 802.1X authentication exchange?
- Question #48
Which protocol used to communicate between the authenticator and authentication server? Cisco 650-472 Exam
- Question #49
Which two choices are drivers of IEEE 802.1X adoption? (Choose two.)
- Question #50
Which EAP method requires a digital certificate on the client?