Cisco 650-472 S802dot1X - Introduction to 802.1X(R) Operations for Cisco Security Professionals http://killexams.com/exam-detail/650-472
QUESTION: 60 Which two elements must you configure on a Cisco Wireless LAN Controller to allow Cisco ISE to authenticate wireless users? (Choose two.) A. Configure each WLAN to use the configured Cisco ISE node. B. Configure all attached LWAPs to use the configured Cisco ISE node. C. Configure the WLC to join a Microsoft Active Directory domain. D. Configure Cisco ISE as a RADIUS accounting server and shared secret. E. Configure Cisco ISE as a RADIUS authentication server and shared secret. F. Configure RADIUS attributes for each SSID. Answer: A, E QUESTION: 61 Which two NADs does NOT support RADIUS Change of Authorization requests?(choose two.) A. Cisco Catalyst 3750 switches B. Cisco Adaptive Security Appliances C. Unmanaged switches and hubs D. Cisco Wireless LAN Controllers Answer: B, C QUESTION: 62 Which two choices are drivers of IEEE 802.1X adoption? (Choose two.) A. Guest networks B. Heterogeneous Networks C. Pervasive Wireless Deployments D. Unprotected switch ports E. Limited 802.1X standard functionality Answer: A, C QUESTION: 63 Which module is NOT a valid component of Cisco AnyConnect Secure Mobility Client for Windows?
A. VPN Module B. Profiling Module C. Network Access Manager D. Telemetry Module Answer: B Explanation: These are the VPN modules in Cisco Anyconnect client: Network Access Manager Posture Module Telemetry Module WebSecurity Module QUESTION: 64 EAP was original created for which network type? A. Point-to-Point Protocol B. Local Area Network C. Wide Area Network D. Wireless Local Area Network Answer: A http://www.cisco.com/en/us/docs/wireless/wlan_adapter/cb21ag/user/vista/1.0/ configuration/guide/eap_types.html QUESTION: 65 What is the Cisco Catalyst Switch default port used for CoA? A. UDP 3799 B. UDP 1812 C. UDP 1645 D. UDP 1700 Answer: A http://www.cisco.com/en/us/docs/security/ise/1.0/user_guide/ise10_sw_cnfg.ht ml Note: If using ISE then the port will be 1700 and if using ACS then it will be 3799 (according to RFC 3799 is the default port for CoA). QUESTION: 66
Which of the following RADIUS attribute is vendor specific and enables vendors to easily extend the protocol functionality? A. 1 B. 2 C. 5 D. 26 E. 64 Answer: D http://www.cisco.com/en/us/docs/ios/12_2/security/configuration/guide/scfrdat1. html QUESTION: 67 Which of the following is true about PEAP? A. PEAP was created as an alternative to EAP-FAST B. PEAP is limited to MS-CHAP to authenticate the supplicant C. PEAP authentication operates in two phases D. PEAP only requires a client-side certificate Answer: C http://www.cisco.com/en/us/prod/collateral/wireless/ps5678/ps430/prod_qas09 00aecd801764fa.html QUESTION: 68 Which Cisco Catalyst Switch command enables 802.1X authentication globally? A. authentication priority dot1x mab B. authentication order dot1x mab C. dot1x pae authenticator D. dot1x system-auth-control E. aaa new-model Answer: D http://www.cisco.com/en/us/docs/switches/lan/catalyst2950/software/releas
e/12.1_19_ea1/configuration/guide/sw8021x.html QUESTION: 69 Which two Cisco Catalyst switch commands are required for URL-redirection? (Choose two.) A. 3k-access(config-if)# authentication webauth B. 3k-access(config-if)# authentication dot1x webauth C. 3k-access(config-if)# ip http secure-server D. 3k-access(config-if)# authentication order dot1x webauth E. 3k-access(config-if)# ip http server F. 3k-access(config-if)# dot1x priority webauth Answer: C, E
For More exams visit https://killexams.com/vendors-exam-list Kill your exam at First Attempt...Guaranteed!