Cisco 500-490 Exam Questions

Question 6 of 49

Which two statements are true regarding Cisco ISE? (Choose two.)

A.

It distributed deployments, failover from primary to secondary Policy Administration Nodes happens automatically.

B.

The number of logs that ISE can retain is determined by your disk space.

C.

ISE supports IPv6 downloadable ACLs.

D.

ISE can detected endpoints whose addresses have been translated via NAT.

E.

ISE supports up to 100 Policy Services Nodes.

F.

In two-nodes standalone ISE deployments, failover must be done manually.

Suggested Answer: B, C

Cisco ISE's log retention is determined by the available disk space. Additionally, Cisco ISE supports IPv6 downloadable ACLs, making these two statements true.

Community votes

No votes yet

Question 7 of 49

Which Cisco product were incorporated into Cisco ISE between ISE releases 2.0 and 2.3?

A.

Cisco ASA

B.

Cisco ESA

C.

Cisco ACS

D.

Cisco WSA

Suggested Answer: C

Cisco ACS was integrated into Cisco ISE between the releases 2.0 and 2.3. This integration aimed to consolidate network security functions, incorporating ACS's functionality into ISE to offer a unified solution for network access control.

Community votes

No votes yet

Question 8 of 49

Which two Cisco ISE use cases typically involve the highest level of implementation complexity? (Choose two.)

A.

Guest and wireless access

B.

Software-defined access

C.

Device management

D.

Asset visibility

E.

Software-defined segmentation

Suggested Answer: B, E

The use cases involving the highest level of implementation complexity in Cisco ISE are typically Software-defined access and Software-defined segmentation. These solutions require comprehensive planning, configurations, and often involve the integration of various technologies and policies within an organization's infrastructure.

Community votes

No votes yet

Question 9 of 49

How would Cisco ISE handle authentication for your printer that does not have a supplicant?

A.

ISE would not authenticate the printer as printers are not subject to ISE authentication.

B.

ISE would authenticate the printer using 802.1X authentication.

C.

ISE would authenticate the printer using MAB.

D.

ISE would authenticate the printer using web authentication.

E.

ISE would authenticate the printer using MAC RADIUS authentication.

Suggested Answer: C

For network devices like printers that do not support a supplicant, Cisco ISE handles authentication using MAC Authentication Bypass (MAB). MAB allows devices to be authenticated based on their MAC address rather than requiring 802.1X credentials or web-based logins, which are not feasible for such devices.

Community votes

No votes yet

Question 10 of 49

Which three ways are SD-Access and ACI Fabric similar? (Choose three.)

A.

use of overlays

B.

use of Virtual Network IDs

C.

focus on user endpoints

D.

use of group policy

E.

use of Endpoint Groups

F.

use of Scalable Group Tags

Suggested Answer: A, B, D

SD-Access and ACI Fabric share similarities in that they both use overlays to abstract the physical network, which simplifies network design and operation. They also both utilize Virtual Network IDs (VNIDs) to segment the network logically, allowing for isolation and multi-tenancy within the network. Finally, they both use group policies to manage and apply policies to groups of users or devices dynamically based on their attributes, enhancing security and manageability.

Community votes

No votes yet